Hi all !
past weekend we were unable to login to to Kiwi Syslog webaccess as a result of the follow error message:
" Session initialization error
An error occurred while initializing this session.
The session has been abandoned.
Event database initialization failure.
The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ] "
I have taken a look at the errorlog of Kiwi and noticed that there are three messages regarding this error:
2010-11-15 11:51:35 SolarWinds.KiwiSyslog.WebAccess.Data error: General exception. System.Runtime.InteropServices.SEHException: External component has thrown an exception. at System.Data.SqlServerCe.NativeMethods.ExecuteQueryPlan(IntPtr pTx, IntPtr pQpServices, IntPtr pQpCommand, IntPtr pQpPlan, IntPtr prgBinding, Int32 cDbBinding, IntPtr pData, Int32& recordsAffected, ResultSetOptions& cursorCapabilities, IntPtr& pSeCursor, Int32& fIsBaseTableCursor, IntPtr pError) at System.Data.SqlServerCe.SqlCeCommand.ExecuteCommandText(IntPtr& pCursor, Boolean& isBaseTableCursor) at System.Data.SqlServerCe.SqlCeCommand.ExecuteCommand(CommandBehavior behavior, String method, ResultSetOptions options) at System.Data.SqlServerCe.SqlCeCommand.ExecuteNonQuery() at SolarWinds.KiwiSyslog.WebAccess.Data.Logger.KiwiSyslogEventUpdate(Object state)
2010-12-04 20:58:48 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ]
2010-12-04 21:22:04 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ]
I start/stopped the webserver service without any success on saturday.
This morning i tried to access the page again and I got correctly redirected to http://10.x.x.x:8088/gateway.aspx.
At the moment the login is possible but I'm concerned that my database file may be corrupted!
Do you have any suggestions for me?
Thanks in advance!
Dan
↧
Unable to login to KiwiSyslog Webaccess
↧
Kiwi Syslog 9.2 on Windows 2008 R2
Installed 9.2 on Windows Server 2008 R2 from and Windows 2003 R2 (8.2.8). Redirect Cisco ASA 5510 logs to new server, but the only time Kiwi logs anything is at about 10:00pm Sunday nights. If I point the ASA back to Windows 2003 server, it logs normally. I have exported and imported the configuration from the 8.2.8 version, as well. Nothing seems to get the new Windows 2008 R2 9.2 version to actually log. This is still in the evaluation mode. The 2008 R2 does not have a firewall running (and we even allowed it through before hand), nor any A/V software with a firewall. It is odd that it works at 10:00pm on two consecutive Sundays, but not at any other time.
↧
↧
Kiwi Syslog not displaying Cisco ASA 5505 syslogs
I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.
I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.
I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.
I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.
Any ideas?
↧
File Rotation Error
I received the following error in Kiwisyslog error log just today:
| 2013-07-09 17:41:36 | LogToFile Action - File Rotation Error: Permission denied |
| 2013-07-09 17:41:36 | LogToFile Action - File Rotation Error: File already exists |
there is no change on the syslog server, permission and etc.
however it looks like the rotation working properly.
any idea where the problem is?!
Best regards
Siavash
↧
Need a Kiwi Syslog Server GUI Log searching utility.
Is there anything out there that will index Kiwi syslog and let me search through the log files like the SPLUNK product will do, without paying $40,000 for splunk. The kiwi log viewer is not an option either, thay only opens log files up to 700 MB. My log files are 1.5 gig plus. Kiwi is startin to get slow and message times are off.
↧
↧
Kiwi syslog service 9.2 -- Log to database action--PostgreSQL - Windows 2008 server
Syslog service is unable to write to database but, the Test action or Debug SQL command is able to write into the database.
According to this article http://www.kiwisyslog.com/kb/error:-problems-getting-kiwi-syslog-server-to-log-to-a-database/ I have changed the service to an local administrator, there was no change.
I can see some files in creating in DBcache folder for a while and then it stops.
Did anyone tried in this setup, with the above environment ?? Please suggest any debugging with this issue.
↧
Kiwi Syslog Complex Text Parsing
I am trying to quiet down my kiwi syslog server a bit. I have reporting working well for several functions.
I have it alerting on any service "entered the stopped state" but this is making my server noisy.
I want to exclude "The Application Experience service" from sending an alert, but can't seem to get the text to parse properly to do this.
I have made my rule like so, but it's not working properly.
Am I doing this right, or should I be doing this another way?
Does anyone else notify on services stopping?
Thanks.og_setup
↧
Kiwi Syslog Web Access filter keeps timing out
Hello all,
We've been running Kiwi syslog server for a couple years, and have ~10 devices sending log files to kiwi. From the web access I'm trying to pull a report for 1 device from 2013/03/19 to 2013/03/20. I've set the filter up, tested it, and it passes, but when I try to run the report and navigate to the last page, so I can see how many pages there are for my export, the request keeps timing out.
I need to save this data out to send out the person who manages our firewall for review, but can't. How can I get this data saved/exported to a file without the web access timing out?
--nixIT
↧
How to send windows sever log to kiwi syslog sever
I already install kiwi syslog server windows sever 2008 its running good.
Now I want capture windows log from another windows server to kiwi syslog server?
(SNMP TRAP) My site already enable SNMP trap send to kiwi syslog server but I cant see any progress on that????
↧
↧
Beta for the Kiwi Syslog 9.4 is Available!
We have completed the bulk of the development effort and are now focused on testing the latest release of Kiwi Syslog Server (KSS). KSS v9.4 has reached Beta status. This is your chance to install the latest version and provide feedback on the new features and fixes. Providing feedback during the beta is the best way to ensure that your feedback will be incorporated in to the release. To participate, simply fill out this survey and you will be sent the download links for the Beta. Remember, Betas cannot be installed in production and you cannot upgrade the Beta to any other future versions.
The following enhancement have been added to KSS:
- Moving to a new web server
This change brings a lot of new functionality "for free". Examples:- SSL (https) support for Web Access
- Process health monitoring
- TCP port sharing
- And much more! (See UltiDev Web Server Pro pages for details.)
- Active Directory authentication for web access
- Alerting for Message Queue Monitor
Be notified when the number of messages in the message queue crosses certain threshold. This indicates there might be performance problems and gives you chance to take an action before messages get dropped.
↧
Kiwi Syslog - Microsoft IIS 7 Integration Documentation
Hi Everyone,
I was wondering whether or not detailed documentation exists covering the integration of Kiwi Syslog and Microsoft IIS 7. I have noted the following how to: "TIPS HOW TO - Kiwi Syslog Web Server with SSL and IIS 7", however it doesn't cover the complete installation process with both components from start to finish. For reasons outside of the scope of this topic, we are unable to leverage the Ultidev Cassini web server and any assistance or direction to documentation would be greatly appreciated.
↧
Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)
PROBLEM - pfSense syslogs for firewall event is split into two lines when it is sent to Kiwi syslog app.
Is there a way to edit configuration or parsing script to parse the pfSense event as one similar to what the Splunk app can do see link http://www.basementpctech.com/content/pfsense-log-analysis-splunk
I understand that this is a PFsense tcpdump/issue, but I have already tried changing link http://redmine.pfsense.org/issues/1938 without any luck, it just don't work, tried all combinations of changes without any luck.
Pfsense version = 2.0.1-RELEASE, (amd64) , built on Mon Dec 12 18:16:13 EST 2011 ,FreeBSD 8.1-RELEASE-p6
I would really appreciate any help with this, as I have already exhasted searching for a working soloution using Kiwi Syslog, and the only thing holding me back from purchasing this application.
Appreciate any help on this..........
Example from Kiwi Syslog
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:50:56:9d:53:fc [|bootp]
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 10.x.x.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:56:9d:53:fc, length 313, xid 0xf7d8ecbb, secs 3328, Flags[bcast]
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 00:00:08.003040 rule 1/0(match): block in on em0: (tos 0x0, ttl 128, id 12646, offset 0, flags [none], proto UDP (17), length 341)
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:xx:56:9d:53:fc [|bootp]
↧
Doc, KB and Getting Started
↧
↧
I can't install Kiwi Syslog Web Access
Hi all,
I can't install Kiwi Syslog Web Access. Syslog server is installing fine but Web Access is just says that there is an error and rolls back. I had evaluated version installed before and now trying to install licensed.
↧
How to deactivate kiwi syslog server licence without the licence manager
Hello,
I have an issue with the migration of my kiwi syslog product.
I have got a new server and I want to migrate my kiwi syslog version on this new server (after deactivating it on the old one).
When I read the documentation it is said to install the licence manager tool.
But when I use it, the tool says "No licensed solarwinds products on your machine".
But my two products are well registered and I can see the licenses on my online account.
Is it possible to deactivate them manually ?
Thanks for your helpsyslog
↧
How to detect clients that stop sending Syslog messages to the server
How do you detect specific clients that have not sent syslog messages to the server in a specified amount of time?
↧
Kiwi - Palo Alto User ID agent
I have written a perl script to take data from Kiwi, parse out some information and pass it into our Palo Alto UserID agent. It runs fine when I pass the message in on the command line but when I have kiwi run it (so to pull the data from kiwi) it fails with an error:
Error Info: invalid charater on line 1
My script looks like this:
sub Main() {
use PAN::API;
$string = Fields.VarCleanMessageText;
$SERVER = '127.0.0.1';
#Extract user and IP from string
if ($string =~ /(\w+)([.+]|(\s))(\w+)(\s|\+|.)(\d+\.\d+\.\d+\.\d+)/) {
$delim = ($3 eq "+") ? " " : $3;
$username = "$1\\$2$delim$5";
$ip_address = $7;
}
print "$username : $ip_address \n";
# Create User ID API connection
$uid=PAN::API::UID->new($SERVER);
#Post data to agent
$uid->add('login',$name,$address);
$uid->submit();
return "OK"; #return value for Kiwi
}
Thanks for any guidance.
Kevin
↧
↧
Sending events from Cisco 3750 switch
Hello,
I am trying to send events from a Cisco 3750 switch to our Kiwi syslog server but am unsure of the config for the switch.
Should the following work:
Switch (config) # logging on
Switch (config) # logging Syslog Server IP
Switch (config) # logging trap error
This command will send (Error 3) events (0-3) to the Kiwi server via UDP514. Is this the supported method of transfer?
Should this work or is there a "Supported" switch configuration that I should be using.
Thank you,
Chris
↧
RFC 5424 support?
Currently Kiwi Syslog Server 9.x release supports syslog based on RFC 3164. Are there any plans to add support for RFC 5424 in a future release?
Thank you,
David
↧
Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)
PROBLEM - pfSense syslogs for firewall event is split into two lines when it is sent to Kiwi syslog app.
Is there a way to edit configuration or parsing script to parse the pfSense event as one similar to what the Splunk app can do see link http://www.basementpctech.com/content/pfsense-log-analysis-splunk
I understand that this is a PFsense tcpdump/issue, but I have already tried changing link http://redmine.pfsense.org/issues/1938 without any luck, it just don't work, tried all combinations of changes without any luck.
Pfsense version = 2.0.1-RELEASE, (amd64) , built on Mon Dec 12 18:16:13 EST 2011 ,FreeBSD 8.1-RELEASE-p6
I would really appreciate any help with this, as I have already exhasted searching for a working soloution using Kiwi Syslog, and the only thing holding me back from purchasing this application.
Appreciate any help on this..........
Example from Kiwi Syslog
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:50:56:9d:53:fc [|bootp]
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 10.x.x.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:56:9d:53:fc, length 313, xid 0xf7d8ecbb, secs 3328, Flags[bcast]
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 00:00:08.003040 rule 1/0(match): block in on em0: (tos 0x0, ttl 128, id 12646, offset 0, flags [none], proto UDP (17), length 341)
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:xx:56:9d:53:fc [|bootp]
↧