Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

Forescout NAC & syslog

March 12, 2015, 12:29 pm
$
0
0

We have a couple of Forescout NAC devices. They are configured to forward to our local Kiwi servers, and then rules on the Kiwi are supposed to be sending warning & above messages to the main Orion server. Unfortunately, I have oodles (technical term) of info messages showing in the main repository. I'm pretty sure the Kiwi rules are correct (they are working for other devices) but our on site security guy isn't a Forescout expert, so he hasn't been able to see anything wrong on the NAC itself. I'm thinking we have it set to forward directly to Orion under a different facility, but that's a pure guess. From what I've seen of the NAC's SYSLOG setup there aren't drop downs to look at different facilities.

 

Does anyone have experience with this? Thanks in advance!

Search

Kiwi syslog web access export all filters

January 2, 2018, 1:10 am
$
0
0

Hello,

 

We got a old Kiwi syslog web access server with allot of different filters that need to be exported.

The problem is that we can only export one at the time... is there a way to export all at ones.

Syslog and Log Forwarder

February 26, 2014, 12:24 pm
$
0
0

Greetings all,

 

Just posted this in the wrong forum, I believe, trying here.

 

We're evaluating Kiwi Syslog Server and the Log Forwarder but can't seem to get LF to work under win 2003 sp2, works flawlessly under 2008 R2.

 

Any ideas? I've checked the firewall(s), re-installed, etc. Test messages get generated and recorded in event manager but never get to the syslog server.

 

Thanks in advance.

Kiwi Syslog Web Access Database Location

May 20, 2016, 4:23 am
$
0
0

Hello,

  We are looking to find the Windows file/folder location for where the Kiwi Syslog Web Access is pulling its records from?

  We currently save events to the syslogd/logs location, as well as a SQL database.  But when we setup in the Kiwi Syslog Console Service Manager to send forwarded events to the 'Log to Kiwi Syslog Web Access', we cannot find where it stores those records?

Thanks,

Mark

How to search all log files

June 10, 2016, 3:02 pm
$
0
0

Hi everyone,

 

Can someone confirm that both the Kiwi Syslog Service Manager console and the Kiwi Syslog Web Access will only display messages for current log files.  Therefore, a find or filter will only bring up hits for the most current log files, correct?

 

Assuming that is the case, I found a thread that mentions WinGREP as a freeware to search all log files on your hard drive.  Wouldn't it be helpful for this capability to be integrated into Kiwi Syslog Server?

 

For example, I am importing all Windows Security events from all domain controllers into Kiwi Syslog Server.  I want to be able to search for a username and the phrase "user account is locked out" for as far back as I have logs.  How do I do this easily?

 

Thanks,

Tony

Forward Event Viewer subscriptions with Event Log Forwarder for Windows

March 8, 2017, 1:45 pm
$
0
0

Has anyone been able to forward subscribed events (from other machines) to Kiwi Syslog server using Event Log Forwarder for Windows? I am trying to setup a single point to collect events to be forwarded to our syslog server.

 

I setup a test and subscribed to events from another machine to be placed in the Windows Logs -> Application. I see the forwarded events in Windows Event Viewer, but when viewing the "preview of matching event records" (Event Log Forwarder for Windows) I only see the events sources from the computer running the event log forwarder. (see the attached screenshot)

 

Thanks!

 

Jeremy

Syslog server not receiving messages in TCP/SSL mode

December 1, 2017, 1:48 pm
$
0
0

Hello,

 

I have installed kiwi syslog server 9.6.3.3 eval version and trying to configure syslog in TCP SSL mode.

 

First, these are the steps I following to configure the server:

     a) created a self signed certificate using java keytool.

     b) imported into windows certificates personal and trusted roots folder.

     c) selected the imported certificate in kiwi setup configuration.

 

After following the above steps , I got below error in Event log file.

 

2017-11-29 16:40:06 Unable to bind secure TCP listener to port 6514 There might be a problem with the certificate provided.

 

After googling for this error, I got below link and used IIS server to create a self-signed certificate

Re: Kiwi Syslog Server does not display secure ASA syslogs

 

After configuring certificate  which is generated from IIS, I started getting below error.

2017-11-30 12:37:30 Source: C:\Windows\SysWow64\mswinsck.ocx Error: Socket is non-blocking and the specified operation will block

 

 

But , I was able to receive messages in SSL mode using java code running in same box where syslog server is installed. If I try to run same java code from any  box other than kiwi server, it is not receiving messages.

 

Observed similar behavior for TCP mode as well. 

 

How to check syslog server is configured correctly or not? Is there any way to do that?.

 

 

Thanks in Advance!!

Can not receive message from Cisco switch 3750

July 28, 2013, 11:37 pm
$
0
0

Hello guys,

 

I setup kiwi syslog server and could receive message from other devices, such cisco switch 2960, 5510, and windows server. But can not get any message from 3750. I enclosed 3750 configuration as below. Please help to take a look and where am I wrong. Thank you.

 

logging trap notifications

logging facility local5

logging 192.168.0.51

Search

Forward syslog events to QRadar

January 13, 2016, 11:55 am
$
0
0

I'm trying to forward events from Kiwi Syslog to QRadar SIEM. 

 

In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected "Retain the original source address of the message"; clicked the Test button to verify the configuration and got a gree checkmark.

 

The test event was the only event received by the QRadar.  None of the events I'm forwarding have been received as incoming logs on QRadar.

 

I've tried this with and without adding the Kiwi Syslog servers as log sources in QRadar.

 

Do I need to install a universal DSM on the Kiwi Syslog servers?

Monitor Cisco Firewall and Router "Bad Password" Attempt Failures

March 11, 2013, 10:48 am
$
0
0

I am setting up Cisco Routers and assorted firewall with Kiwi to listen and alert on Bad Passwords with little success.  I have also allowed SNMP.  Has anyone have success with doing this and have any examples of the Cisco devices.  We are using an assorted number of Cisco Routers, Switches, ASA firewalls, and VPN 3000 series gear.

 

logging trap errors

logging source-interface Ethernet0/0

logging 172.16.7.57

snmp-server community readmib RO

snmp-server enable traps snmp

snmp-server enable traps syslog

snmp-server host 172.16.7.57 traps writemib

!

'How much traffic can Kiwi Syslog Server handle?'

January 3, 2016, 8:13 pm
$
0
0

according to the FAQ.. Our software is built and tested to support more than two million messages an hour without tuning.   (That would support more than 500 machines each sending one message a second.)


This blog says to split out your busiest syslog source...

But what do you do when a single source exceeds 600-1000 messages per second? eg., upstream syslog aggregator or firewalls

Kiwi Syslog Server Log Location won't change.

September 17, 2012, 10:44 am
$
0
0

Hey all,

 

I have recently taken over a sys admin position, and am required to move the location of the Kiwi Syslog Server logs to another file location. I have never used it prior.  However, I can't seem to move the file.

 

Kiwi Syslog Server 9.2.1 (Free version.)

Windows Server 2003 SP2 (WORKGROUP)(VM)

 

Current configuration:

Log to Log File

Path and file name:  C:\Program Files\Syslogd\Logs\SyslogCatchAll.txt

 

If I test the configuration, I can see the test messages in the location noted about.  However, after I apply the settings, the older location (a CIFS share) continues to receive the actual syslogs of the devices we monitor.

 

There are three local users, all of which show the same configuration.

 

I have tried deleting and recreating the Log to Log File rule.  No change.

I have tried starting and stopping the service.  No change.

I have tried exporting the system settings, and then reimporting them.  No change.

I have tried searching the registery for the old location.  Nothing found.

 

I have two theories.

1.  The settings are locked for some reason.

2.  The settings are stored somewhere else.

 

Any help would be great.

 

Thanks,

 

Aaron

Solarwinds Padawan

Windows Events 6005, 6006, 6008, 6009 and 1074 not logging in kiwi syslog server

September 27, 2017, 4:21 am
$
0
0

Hello Everyone,

First time poster here. I am trying to track event log service status and power downs. I cannot get the windows machines to forward event logs  6005, 6006, 6008, 6009 and 1074.

 

I have event log forwarder configured correctly, at least the log preview shows the correct logs being forwarded. I do have a custom filter built just for these event IDs but I also have a catch all file that is not filtered. I am checking in both the web access and the syslog server itself. Neither of them receive these event logs from the windows machines. I haven't noticed any other events not being forwarded. All of my other filters are producing the information correctly.

 

Any tips on how to collect these logs?

 

Windows 2012R2 and Windows 7 Enviorment

Using Kiwi Syslog Server 9.6 and Event log Forwarder

Purging Data from SQL Database

March 22, 2010, 10:09 am
$
0
0

Hi,

We are evaulting Kiwi Syslog Server v9.0.  We are using the software with a CISCO ASA firewall and writing all events to an external SQL 2005 server.

I need a way to purge older data from the SQL 2005 server.

I do not see any options with the Syslog Server to purge records.

Is there a script that can be used?

Thanks

Encoding for Syslog Server Console?

February 18, 2015, 12:50 am
$
0
0

Hello,

I've setup my Kiwi Syslog Server to log to an Oracle Database. That worked, except that german umlauts (like ä, ö, ü) were not written to the DB correctly. (however, they showed up fine in the Server Console).

 

Therefore I changed the encoding for the UDP Input to UTF-8 wich results in fine database logs, but now umlauts in the server console as well as logfiles where displayed incorrect. I could get the logfile problem resolved by setting the LogFileEncodingFormat registry key to UTF-8 (65001). But the problem in the Server Console persists.

 

The weird thing is, changing the UDP input back to "System" encoding doesn't resolve the issue for the console.

Search

How to delete old records from Kiwi Syslog Web Access?

September 4, 2009, 8:18 am
$
0
0

How to delete records from the Kiwi Syslog Web Access?

Thanks.

Event Log Forwarder for Windows for Windows 2016 Server

August 15, 2017, 7:36 am
$
0
0

Hello,

 

When will "Event Log Forwarder for Windows for Windows 2016 Server" releaesd?

We would like to use Event Log Forwarder for Windows on Windows 2016 Server.

Please let me know if you have a schedule.

 

Thanks.

Kiwi Syslog Server Tool - Free to use or just a trial version for 14 days?

December 19, 2017, 5:46 pm
$
0
0

I would like to get a verification for the stated tool, is it a freeware tool that I can use with a limitation features or is just 14 days trial version tool?

Kiwi Syslog Server - Status Code 500

November 1, 2011, 6:01 am
$
0
0

Hi community. I ve searched about my problem but only found topics related about Orin software. I am getting an exception in Kiwi Syslog Web Access. Status Code 500. Any one have experienced this issue ? Thanks a lot.

Exception of type  'System.Web.HttpUnhandledException' was thrown.

Status Code: 500

System.Web.HttpUnhandledException:  Exception of type 'System.Web.HttpUnhandledException' was thrown. --->  System.ArgumentOutOfRangeException: 'capacity' must be  non-negative.
Parameter name: capacity
at  System.Collections.ArrayList..ctor(Int32 capacity)
at  RadGridUserSettings.GetSerializedSettings()
at _Event.Render(HtmlTextWriter  writer)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer,  Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter  writer, ICollection children)
at  System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at  System.Web.UI.Page.Render(HtmlTextWriter writer)
at  _Event.Render(HtmlTextWriter writer)
at  System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer,  Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter  writer, ICollection children)
at  System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at  System.Web.UI.Page.Render(HtmlTextWriter writer)
at  _Event.Render(HtmlTextWriter writer)
at  System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,  Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace  ---
at System.Web.UI.Page.HandleError(Exception e)
at  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,  Boolean includeStagesAfterAsyncPoint)
at  System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean  includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at  System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at  System.Web.UI.Page.ProcessRequest(HttpContext context)
at  ASP.events_aspx.ProcessRequest(HttpContext context)
at  System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&  completedSynchronously)

Resource: http://localhost:8088/Events.aspx
Referrer: http://localhost:8088/Gateway.aspx

Click here to return to the previous  page    Click here to return to the login  page

Kiwi Syslog "Check for update..." error

August 29, 2017, 12:29 pm
$
0
0

We are new to Kiwi Syslog and are just getting things configured.  We are on version 9.6.1.6.  One thing I immediately noticed is that running the "Check for update..." results in the following error: "An error occurred while checking for available software updates.  Check internet connectivity or proxy server settings.". 

 

We have no proxy server enabled.  From the server with Kiwi Syslog, I have Internet connectivity via a browser with no problems. 

 

From Kiwi's error log, I see the following line associated with the failed update: "Info: An error occurred while checking for available software updates.  Moved Temporarily [20152] - Resource: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml".  If I paste that URL into a browser, it returns the following:

 

<?xml version="1.0"?>

-<KiwiSyslogServerVersionManifest Version="1">

<CurrentVersion Version="9.6.1" Link="http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip" DateReleased="2017-05-01"> New in 9.6.1 update ------------------------------ * Kiwi Syslog Server no longer creates large SolarWinds.SyslogServer.Engine.log fileswhich consume significant disk space. * Kiwi Syslog Server diagnostic information shows the correct buffer usage for all types of messages * If you do not see a "Download Update" button below, copy and paste the following link into your browser to download: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip</CurrentVersion>

</KiwiSyslogServerVersionManifest>

 

I can then paste the .zip link it references into a browser and get the zip file to download (although it appears to be the same version we already have). 

 

Has anyone experienced the same issue or know how to fix it?

 

Thanks!

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>