I'm having trouble configuring email alerts. I'm trying to send alerts to my Office 365 email address. Can someone see if I've input one of these settings incorrectly? I'm using my full Office 365 email for each of the blacked out sections in the screen shot below. For "SMTP Password," I'm using my Office 365 password.
We have a custom made device that is sending SNMP traps. The vendor has created several MIB files to translate OID values, unfortunately the MIB files cannot be provided to Solarwinds to create a new MIB database file.
Does anyone know if it is possible to add additional MIB files to the MIB database file without Solarwinds assistants?
If the above is not support, can anyone recommend an alternative on how OID values can be translated? Or how OID values and exported from a MIB file?
Many Thanks
Adam
Hello,
I'm currently trying to get the logs of where (what IP) and when (date and time) the Domain Administrator account information is used to log into one of three specific machines (2 DC's, and a Finance server). I'm having some trouble defining the subscription in the Kiwi Log Forwarder - Specifically, what boxes do I need to tick off and what event ID number do I need to include? I have the IP's for the three servers that I want AD to send the Admin login logs from. Thanks!
Happy Holidays all!
I'm a longtime user of Kiwi Syslog. In the past, I would set my Max Alert to email me using a garbage AOL account I had setup back in the day. Now, AOL is requiring TLS sign and I can no longer get email notifications from my syslogger. Is there another way around this? How do you get your notifications?
Has anyone configured Active Directory Settings in Kiwi Syslog Server 9.4.1? Below are the available Active Directory Settings available in the Web Access interface under the Admin Tab.
Dear all,
I would like to know how to backup a Kiwi Syslog Server. We are installing this in VM, but the environment only has NetBackup.
I know that I can export the data out as log file for backup, but how about backup when log are still in the Kiwi Syslog Server database?
I am not able to find any reference in the Admin guide.
Best Regards,
Rayson Wong
Hello,
We are looking to find the Windows file/folder location for where the Kiwi Syslog Web Access is pulling its records from?
We currently save events to the syslogd/logs location, as well as a SQL database. But when we setup in the Kiwi Syslog Console Service Manager to send forwarded events to the 'Log to Kiwi Syslog Web Access', we cannot find where it stores those records?
Thanks,
Mark
I'm having trouble configuring email alerts. I'm trying to send alerts to my Office 365 email address. Can someone see if I've input one of these settings incorrectly? I'm using my full Office 365 email for each of the blacked out sections in the screen shot below. For "SMTP Password," I'm using my Office 365 password.
Hi everyone,
I wonder if Kiwi Syslog Server has any limitation on how many servers that it can collect the logs from or how many servers can send the logs to the syslog server?
I know the Web Access has 4GB db limitation. What is the best practice for this limitation when you have more than 10 servers sending the logs to syslog server? I don't want to see only 1 or 2 day logs every day from Web Access. I hope at least 4GB db limitation can store like a month logs of all 10+ servers. I am trying first with the windows event logs (using the free tool Solwarwinds Event Log Forwarder)
Is there any limitation that i should be aware with Kiwi Syslog Server and Event Forwarder tool?
Another question:
Does Solarwinds Event Log Forwarder can work with other vendor syslog server? If so, which vendor and which syslog server product is that?
Thanks in advance!
Has anyone experienced a problem where their Syslogs messages are delayed and out of order?
Note the time the time it was queued and then the time it was sent. Sent at 8:31, but the message came into the syslog server at 7:28.
2010-08-24 08:31:25 PI Message to: networkadmin@removed.net 2010-08-24 08:31:25 PI Message from: Ospf-Syslog 2010-08-24 08:31:25 PI Subject: 10.5.0.2: 3552813: Aug 24 07:28:31.274: %OSPF-5-ADJCHG: Process 1, Nbr 10.12.1.41 on Vlan600 from F 2010-08-24 08:31:25 PI Date: Tue, 24 Aug 2010 08:31:25 -0400 2010-08-24 08:31:25 PI Message to: networkadmin@removed.net 2010-08-24 08:31:25 PI Message from: Ospf-Syslog 2010-08-24 08:31:25 PI Subject: 10.128.254.230: 49512: 049509: Aug 24 07:28:31: %OSPF-5-ADJCHG: Process 1, Nbr 10.12.1.41 on Vlan60 2010-08-24 08:31:25 PI Date: Tue, 24 Aug 2010 08:31:25 -0400 2010-08-24 08:31:25 PI Message to: networkadmin@removed.net 2010-08-24 08:31:25 PI Message from: HSRP-Syslog 2010-08-24 08:31:25 PI Subject: HSRP message from 10.7.4.2 2010-08-24 08:31:25 PI Date: Tue, 24 Aug 2010 08:31:25 -0400
Hi there,
If I were to install KiwiSyslog Server on an offline server without access to the Internet, How do I download the prerequisites? Where can I find them? Anyone has the exact location it would be great. I am installing it on a Windows Server 2008 64 Bit R2 Server.
Microsoft .NET Framework and C++ 2008 Redistributable package are easy to come by, but for the others, it's a little difficult to get it exactly.
Thanks.
I am setting up Cisco Routers and assorted firewall with Kiwi to listen and alert on Bad Passwords with little success. I have also allowed SNMP. Has anyone have success with doing this and have any examples of the Cisco devices. We are using an assorted number of Cisco Routers, Switches, ASA firewalls, and VPN 3000 series gear.
logging trap errors
logging source-interface Ethernet0/0
logging 172.16.7.57
snmp-server community readmib RO
snmp-server enable traps snmp
snmp-server enable traps syslog
snmp-server host 172.16.7.57 traps writemib
!
We have a couple of Forescout NAC devices. They are configured to forward to our local Kiwi servers, and then rules on the Kiwi are supposed to be sending warning & above messages to the main Orion server. Unfortunately, I have oodles (technical term) of info messages showing in the main repository. I'm pretty sure the Kiwi rules are correct (they are working for other devices) but our on site security guy isn't a Forescout expert, so he hasn't been able to see anything wrong on the NAC itself. I'm thinking we have it set to forward directly to Orion under a different facility, but that's a pure guess. From what I've seen of the NAC's SYSLOG setup there aren't drop downs to look at different facilities.
Does anyone have experience with this? Thanks in advance!
I have installed the kiwi syslog server 9.5 and I am using the SolarWinds LogForwarder 1.2 on all the other servers and endpoints to send the logs to the kiwi syslog server.
I noticed that I am not receiving any logs from the servers only network devices (switches, routers, etc.) I checked to see if the Log Forwarder for Windows is running, and I noticed that it was not. I manually started the service, and then sometime after that the service stopped. I checked the event viewer application log and saw the following each in a separate entry
I have the SolarWinds LogForwarder 1.2 installed on w2k8r2 and w2k12r2 servers. I opened the log forwarder service log and I saw this
1/26/2017 4:57:57 PM - SolarWinds Event Log Forwarder for Windows; Service Started.
1/26/2017 4:58:58 PM - Configuration File Reloaded at 1/26/2017 4:58:58 PM
1/26/2017 5:30:10 PM - Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
1/26/2017 5:30:10 PM - Configuration File Reloaded Failed at 1/26/2017 5:30:10 PM
1/26/2017 9:24:23 PM - Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
1/26/2017 9:24:23 PM - Configuration File Reloaded Failed at 1/26/2017 9:24:23 PM
1/26/2017 9:27:29 PM - Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
1/26/2017 9:27:29 PM - Configuration File Reloaded Failed at 1/26/2017 9:27:29 PM
1/26/2017 9:27:33 PM - Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
1/26/2017 9:27:33 PM - Configuration File Reloaded Failed at 1/26/2017 9:27:33 PM
1/26/2017 9:27:41 PM - Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
1/26/2017 9:27:41 PM - Configuration File Reloaded Failed at 1/26/2017 9:27:41 PM
Can anyone help?
Hi eveyone
I have a problem with my syslog server, it send he following messages:
Service running, but Service/Manager comm link is not connecting.
Unable to connect to Service socket on TCP port 3300
The server is installed on a windows 7 virtual machine on an vmware enviroment, I already verified the TCP port and it belongs to the syslog server, also the windows firewall is down
Do you have any ideas?
Regards
I am new to Kiwi syslog and don't know much about using Jscript. I'm reading that I need to create a script if I want a custom field added to my custom file format. I wanted to do a simple task of appending a specific ID number at the end of each event that is written to the syslog file. There is a repository that I send my syslog files to but the parser for that system needs the specific ID for my system to be at the end of each event message within the file. This is not the correct syntax but I want to do something like the following for example:
original message would look like = 2018-Jan-4 19:37:17 host IP 10.1.1.1 event message
modified message would look like = 2018-Jan-4 19:37:17 host IP 10.1.1.1 event message SystemID:12345678987654321
Function Main()
'Text to append to raw message
appendID = "SystemID:12345678987654321"
'get the raw message
modifiedRawMessage = Fields.VarRawMessageText
'Append text to message
modifiedRawMessage = Append(modifiedRawMessage, appendID)
'Overload message text with modified one.
Fields.VarRawMessageText = modifiedRawMessage
'Return success
Main = "OK"
End Function
Can someone help me with getting the syntax correct?
Thank you in advance.
Both applications have been running on the same server for several years. This is a Windows 2008 R2 64 bit machine, running the Army AGM.
WuG is now working 16.x
One of the things IPSwitch had me try to do, to fix WuG was install SQL Server Express 2008 R2
Kiwi Syslog (KSL) is version 9.3.4, the Kiwi Syslog Server Console "Is" working, only Web Access is down.
I tried to reinstall KSL, it worked, but somehow then WuG web access went down, I had to repair IIS and .NET
WuG uses 443, trying to get KSL to use 8088 (previously used) or 8888
When I try to access (even just Browse Web Site from IIS) I get:
"Error An unknown error occurred requesting resource /
Click here to log in"
When I click the link:
"Error An unknown error occurred requesting resource
/Gateway.aspx
Click here to log in"
At this point it just loops.
In IIS, I deleted the original website and created a new one. Path I used is:
C:\Program Files (x86)\SolarWinds\Kiwi Syslog Web Access\html
Hi all,
Is there away to setup an automated install of SolarWinds Event Log Forwarder? I'm planning on deploying it via SCCM and wanted to know if there's a way to automate the install and configuration of the program?
Any help would be grateful!!!
Thanks in advance.
I tried to install v9.6.1 on Windows Server 2008 R2.
I had already installed ".NET Framework 3.5 SP1" on this system.
When I executed v9.6.1 installer, I got the following message.
----------------------
Kiwi Syslog Server 9.6.1 Installer
Microsoft .Net Framework 4.0 is not installed on this system
[OK]
----------------------
I can not install v9.6.1.
I got the same message, when I tried to install v9.6.0.
SolarWinds discribed the System Requirements as below:
NET Framework: .NET Framework 3.5 SP1
http://www.kiwisyslog.com/kiwi-syslog-server
http://www.solarwinds.com/ja/kiwi-syslog-server#requirements
Question:
Do Kiwi Syslog Server v9.6.0/9.6.1 need ".NET Framework 4.0" or Higher?
Best Regards,
Hello,
I've got a registered version of Kiwi Syslog Server.
I've got the "Log To Syslog Web Access" Filters set up.
But I don't have any log in the web access.
The only little clue I have is when I do a Syslog_Diagnostics I've got this :
SolarWinds.KiwiSyslog.WebAccess.Data
====================================
Component not started.
And this error :
2010-06-01 20:26:46 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file is larger than the configured maximum database size. This setting takes effect on the first concurrent database connection only. [ Required Max Database Size (in MB; 0 if unknown) = 0 ]
Any Ideas ?