Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

SYSLOG error with windows server 2012

June 9, 2015, 12:24 am
$
0
0

Hi

 

i am installing syslog in my server room to monitor the log in/log out operations on serers... i installed log forwarder on some windows server 2003 servers and everithig is ok but now i installed it on some windows server 2012 and all the messages that i receive from these servers are like this :''06-08-2015 17:03:47 Kernel.Info 172.19.12.119 giu 08 17.03.47 srv-av.astergenova.it MSWinEventLog   6   Application   127   lun giu 08 17.03.41 2015   1003   Microsoft-Windows-Security-SPP      N/A   Information   srv-av.astergenova.it   0   The description for Event ID 1003 from source Microsoft-Windows-Security-SPP cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.If the event originated on another computer, the display information had to be saved with the event.The following information was included with the event: 55c92734-d682-4d71-983e-d6ec3f16059f. FormatMessage failed with error 15100, The resource loader failed to find MUI file."

do you have idea of how to fix this? syslogger is installed on a xp machine but i also tried to install it on a windows 2012 server machine and nothing changed

Search

Kiwi Syslog Service hanging

May 26, 2017, 11:45 am
$
0
0

1st time starting a discussion.

1st time working with Kiwi Syslog.

Let me know if I'm in the wrong place.

 

I am very new to Syslog Servers.

I'm a Route/Switch type guy.

 

We are using Kiwi Syslog to get Call Manager Call Traces for troubleshooting.

This Instance of Kiwi Syslog was working fine as a Guest VMware Server on a Host Server.

We used the app Veeam to move the Kiwi Syslog VMware Guest Server to another Host.

This issue started after the copy/move of the Kiwi Syslog

 

No IP addresses were changed, it's on the same network as before.

It starts up, logs are being received, and then they stop.

If you try to start the service, it tells you it's already running.

 

At the bottom of the Kiwi Syslog Service Manager, you can see the MPH indicator has stopped.

Looking at the correct folder I can see the logs are no longer being  received.

If I stop the service and start the service it starts.

There is a script that tells it to restart every morning at 4am, and it will do this.

 

Below is the error event seen when it stopped last time.

 

Windows Server 2012 R2

64 -bit OS

 

Has anyone seen this type of issue before?

 

Any help would be greatly appreciated,

 

Mhaley

Kiwi Syslog "Check for update..." error

August 29, 2017, 12:29 pm
$
0
0

We are new to Kiwi Syslog and are just getting things configured.  We are on version 9.6.1.6.  One thing I immediately noticed is that running the "Check for update..." results in the following error: "An error occurred while checking for available software updates.  Check internet connectivity or proxy server settings.". 

 

We have no proxy server enabled.  From the server with Kiwi Syslog, I have Internet connectivity via a browser with no problems. 

 

From Kiwi's error log, I see the following line associated with the failed update: "Info: An error occurred while checking for available software updates.  Moved Temporarily [20152] - Resource: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml".  If I paste that URL into a browser, it returns the following:

 

<?xml version="1.0"?>

-<KiwiSyslogServerVersionManifest Version="1">

<CurrentVersion Version="9.6.1" Link="http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip" DateReleased="2017-05-01"> New in 9.6.1 update ------------------------------ * Kiwi Syslog Server no longer creates large SolarWinds.SyslogServer.Engine.log fileswhich consume significant disk space. * Kiwi Syslog Server diagnostic information shows the correct buffer usage for all types of messages * If you do not see a "Download Update" button below, copy and paste the following link into your browser to download: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip</CurrentVersion>

</KiwiSyslogServerVersionManifest>

 

I can then paste the .zip link it references into a browser and get the zip file to download (although it appears to be the same version we already have). 

 

Has anyone experienced the same issue or know how to fix it?

 

Thanks!

'How much traffic can Kiwi Syslog Server handle?'

January 3, 2016, 8:13 pm
$
0
0

according to the FAQ.. Our software is built and tested to support more than two million messages an hour without tuning.   (That would support more than 500 machines each sending one message a second.)


This blog says to split out your busiest syslog source...

But what do you do when a single source exceeds 600-1000 messages per second? eg., upstream syslog aggregator or firewalls

Can't setup syslog with a Cisco ASA 5505

July 13, 2016, 10:01 am
$
0
0

I have never used Syslogs before but was asked to setup one.

I am having trouble setting it up with my Cisco ASA 5505 security Device.

I can ping FROM the server to the Cisco ASA

I can ping FROM the ASA to the Server.

 

 

 

Things I have done.

 

  1. I have downloaded the Solarwind Kiwi Sylog server.
  2. I installed it as a service.
  3. I tested the Kiwi Syslog server using it's built in testing tool and I received messages. They came in on 127.0.0.1.
  4. In Kiwi Sys Log server I added the IP address of the Cisco ASA.
    1. File - Setup - Input - 192.168.200.1 (Server address)
  5. Inputs - UDP
    1. Made sure Port was set to 514
  6. Logged into the Cisco ADSM management.
  7. Went to:
    1. Configuration - Device Management - Logging
  8. Under Logging setup I selected "Enable"
  9. Logging filters
    1. I enabled Sys Log and selected "Severity:Warnings" for all event classes.
  10. Clicked on "Sys Log Server" from the menu. I added:
    1. Interface: Data (inside which the Sys Log is connected to)
    2. IP Address ( IP address of the Syslog server)
    3. UDP Port 514
    4. EMBLEM and Secure is set to "NO"
  11. Click on "Syslog Setup" on the ASA in the menu structure
    1. Include Timestamp in syslogs
  12. I applied the settings to the ASA and then committed the changes to flash.

 

Any ideas on why the syslog server isn't displaying the info?

 

Thanks so much in advance!

Kiwi Syslog advantages over PRTG syslog

September 15, 2016, 1:10 pm
$
0
0

Hi guys, my boss has asked me to consider moving our syslogging services to PRTG syslog. I am very happy with Kiwi Syslog and don't want to migrate.

I want to come up with a  list of reasons why this is not a good idea i.e. what things KiwiSyslog does better.
Can someone who is familiar with both of these packages assist me.

Thanks kindly for any help.

Windows failed logins tracking

January 6, 2017, 11:19 am
$
0
0

Hi folks,

 

We currently have v9.5 running on a Windows 2012 R2 VM which is the loghost for our environment of approx. 60 systems. We use AD for authentication and I'm attempting to configure the logger to alert on multiple failed logins, however, nothing appears to be getting to the loghost from the DC, other than the previously configured items. I have been able to configure this successfully for our Linux VM's but no luck on the Windows side. My assumption is, the problem is between the keyboard and monitor

I've configured the Event Log Forwarder to send all things Microsoft Security to the loghost but having no luck. Has anyone done this successfully? What have I missed?

 

Thanks in advance.

 

Buddy

Forward Event Viewer subscriptions with Event Log Forwarder for Windows

March 8, 2017, 1:45 pm
$
0
0

Has anyone been able to forward subscribed events (from other machines) to Kiwi Syslog server using Event Log Forwarder for Windows? I am trying to setup a single point to collect events to be forwarded to our syslog server.

 

I setup a test and subscribed to events from another machine to be placed in the Windows Logs -> Application. I see the forwarded events in Windows Event Viewer, but when viewing the "preview of matching event records" (Event Log Forwarder for Windows) I only see the events sources from the computer running the event log forwarder. (see the attached screenshot)

 

Thanks!

 

Jeremy

Search

syslog is not getting captured for few routers

June 22, 2017, 9:05 am
$
0
0

HI All,

 

we have cisco routers where in many of the device loggs are not being captured in syslog server from last one month.

Earlier everything was working fine. Device level configuration is also fine.

 

pls check and suggest.

Administrator Password Missed; Other way to login

April 17, 2015, 2:56 am
$
0
0

Hi,

 

I have recently been handed over Kiwi Syslog server to manage which has both Fat Client and Web Server. Fat Client is directly logged in however Web console could not be logged in. When I checked regarding the password of "Administrator", I have been informed that resource handling it has left long ago and there is no one to tell.

 

Is there a way we can reset the password of Administrator or create a new user from Syslog Fat Client. I cant raise the request with Support as we do not have active maintanence.

 

Thanks,

Syed

Kiwi Syslog Server limitations

July 28, 2017, 9:00 am
$
0
0

Hi everyone,

 

I wonder if Kiwi Syslog Server has any limitation on how many servers that it can collect the logs from or how many servers can send the logs to the syslog server?

 

I know the Web Access has 4GB db limitation.  What is the best practice for this limitation when you have more than 10 servers sending the logs to syslog server? I don't want to see only 1 or 2 day logs every day from Web Access.  I hope at least 4GB db limitation can store like a month logs of all 10+ servers.  I am trying first with the windows event logs (using the free tool Solwarwinds Event Log Forwarder)

 

Is there any limitation that i should be aware with Kiwi Syslog Server and Event Forwarder tool?

 

Another question:

Does Solarwinds Event Log Forwarder can work with other vendor syslog server? If so, which vendor and which syslog server product is that?

 

Thanks in advance!

How to get email notifications

December 26, 2017, 8:54 am
$
0
0

Happy Holidays all!

I'm a longtime user of Kiwi Syslog. In the past, I would set my Max Alert to email me using a garbage AOL account I had setup back in the day. Now, AOL is requiring TLS sign and I can no longer get email notifications from my syslogger. Is there another way around this? How do you get your notifications?

How to backup Kiwi Syslog Server?

March 18, 2016, 2:03 am
$
0
0

Dear all,

 

I would like to know how to backup a Kiwi Syslog Server.  We are installing this in VM, but the environment only has NetBackup.

 

I know that I can export the data out as log file for backup, but how about backup when log are still in the Kiwi Syslog Server database?

 

I am not able to find any reference in the Admin guide.

 

Best Regards,

Rayson Wong

Kiwi Syslog Service hanging

May 26, 2017, 11:45 am
$
0
0

1st time starting a discussion.

1st time working with Kiwi Syslog.

Let me know if I'm in the wrong place.

 

I am very new to Syslog Servers.

I'm a Route/Switch type guy.

 

We are using Kiwi Syslog to get Call Manager Call Traces for troubleshooting.

This Instance of Kiwi Syslog was working fine as a Guest VMware Server on a Host Server.

We used the app Veeam to move the Kiwi Syslog VMware Guest Server to another Host.

This issue started after the copy/move of the Kiwi Syslog

 

No IP addresses were changed, it's on the same network as before.

It starts up, logs are being received, and then they stop.

If you try to start the service, it tells you it's already running.

 

At the bottom of the Kiwi Syslog Service Manager, you can see the MPH indicator has stopped.

Looking at the correct folder I can see the logs are no longer being  received.

If I stop the service and start the service it starts.

There is a script that tells it to restart every morning at 4am, and it will do this.

 

Below is the error event seen when it stopped last time.

 

Windows Server 2012 R2

64 -bit OS

 

Has anyone seen this type of issue before?

 

Any help would be greatly appreciated,

 

Mhaley

Kiwi Syslog not capturing syslogs

May 14, 2013, 1:40 pm
$
0
0

Installed Kiwi Syslog Free version 9.3.4 on Windows Server 2008 R2.  Trying to capture syslog from a Cisco ASA 5510.  I have confirmed that the syslog events are hitting the server with Wireshark.  Nothing is coming through to Kiwi Syslog.  Current settings are all default.  No filters in place.  Not sure what is wrong as I can see the syslog messages coming through Wireshark. Any ideas as to why the syslog messages are not being seen by Kiwi?

Search

Uninstall Syslog service.

October 3, 2015, 4:31 am
$
0
0

Hi,

 

I'm trying to uninstall the 14 day trial of syslog server (9.4.1) eval. installed on Windows Server 2003.

 

There is no uninstall service on the management menu drop down. as per the instructions.

 

"Using the Service Manager, uninstall the service

Use the Manage | Uninstall the Syslogd service menu."

 

Some help required please.

 

Simon.

SolarWinds Event Log Forwarder for Windows

December 12, 2017, 1:19 pm
$
0
0

I do not know if this is the correct place to post this question.

I am using Kiwi Syslog Server, and I have SolarWinds Event Log Forwarder for Windows installed on a computer.The forwarder will send  test messages, but it is not sending the logs to the log server. Any suggestions?

 

Dejacpp...

Kiwi Syslog Server 9.4.1 - Active Directory Settings

June 30, 2014, 1:02 pm
$
0
0

Has anyone configured Active Directory Settings in Kiwi Syslog Server 9.4.1?  Below are the available Active Directory Settings available in the Web Access interface under the Admin Tab.

 

  • Domain URL: <Free Form Box>  My domain prepopulated correctly.
  • Authentication Type: <Free Form Box>.  Is this supposed to be NTLM, Kerberos, etc?
  • User Groups: <Free Form Box>  Does the format need to be LDAP based?

no log shows on Kiwi Syslog Web Access

August 25, 2015, 11:44 am
$
0
0

I am having kiwi syslog 9.5 installed.

I choose to install as service and also installed the web access.

The syslog console opened fine and I see logs on displayed and also to file.

However, with the web access, it shows nothing (what so ever).  I checked the Setup on Console Manager and see that under Rules i have 2 exact same option for "Log to Syslog Web Access".  Everything under that options checked.

But I still see no log on web access.

 

1) I tried to uncheck all the "Log to Syslog Web Access".

2) Closed the Console Manager and reopened it

3) Checked mark one of the 2 optioins "Log to Syslog Web Access" and everything below it.

4) Opened and log in to web access -> Still see nothing.

 

any idea?

how to setup snort-log link to syslog server?

April 24, 2017, 12:31 pm
$
0
0

how to setup snort-log link to syslog server?

 

in snort.conf  (windows 7 32 bits)

output alert_syslog: host=127.0.0.1:8080, LOG_AUTH LOG_ALERT

 

command :

snort -i 1 -c c:\snort\etc\snort.conf -s

 

then get a file in c:\snort\log\snort.log.1493058792.

 

please tell me, how to send log to syslog server?

 

thank you

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>