Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)

February 6, 2013, 5:04 am
$
0
0

PROBLEM - pfSense syslogs for firewall event is split into two lines when it is sent to Kiwi syslog app.

 

Is there a way to edit configuration or parsing script to parse the pfSense event as one similar to what the Splunk app can do see link http://www.basementpctech.com/content/pfsense-log-analysis-splunk

 

I understand that this is a PFsense tcpdump/issue, but I have already tried changing link http://redmine.pfsense.org/issues/1938 without any luck, it just don't work, tried all combinations of changes without any luck.

 

Pfsense version = 2.0.1-RELEASE, (amd64) , built on Mon Dec 12 18:16:13 EST 2011 ,FreeBSD 8.1-RELEASE-p6

 

I would really appreciate any help with this, as I have already exhasted searching for a working soloution using Kiwi Syslog, and the only thing holding me back from purchasing this application.

 

Appreciate any help on this..........

 

 

Example from Kiwi Syslog

 

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb  6 13:01:37 pf: <009>  Client-Ethernet-Address 00:50:56:9d:53:fc [|bootp]

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb  6 13:01:37 pf:     10.x.x.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:56:9d:53:fc, length 313, xid 0xf7d8ecbb, secs 3328, Flags[bcast]

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb  6 13:01:37 pf: 00:00:08.003040 rule 1/0(match): block in on em0: (tos 0x0, ttl 128, id 12646, offset 0, flags [none], proto UDP (17), length 341)

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb  6 13:01:37 pf: <009>  Client-Ethernet-Address 00:xx:56:9d:53:fc [|bootp]

Search

Windows Events 6005, 6006, 6008, 6009 and 1074 not logging in kiwi syslog server

September 27, 2017, 4:21 am
$
0
0

Hello Everyone,

First time poster here. I am trying to track event log service status and power downs. I cannot get the windows machines to forward event logs  6005, 6006, 6008, 6009 and 1074.

 

I have event log forwarder configured correctly, at least the log preview shows the correct logs being forwarded. I do have a custom filter built just for these event IDs but I also have a catch all file that is not filtered. I am checking in both the web access and the syslog server itself. Neither of them receive these event logs from the windows machines. I haven't noticed any other events not being forwarded. All of my other filters are producing the information correctly.

 

Any tips on how to collect these logs?

 

Windows 2012R2 and Windows 7 Enviorment

Using Kiwi Syslog Server 9.6 and Event log Forwarder

LOG FORWARDER 2012 server DOES NOT FORWARD EVENTS

June 29, 2017, 4:06 am
$
0
0

We are using windows Server 2012 Standard version for Windows log forwarder but logs are not coming on Kiwi Syslog Server 9.6

Kiwi Syslog "Check for update..." error

August 29, 2017, 12:29 pm
$
0
0

We are new to Kiwi Syslog and are just getting things configured.  We are on version 9.6.1.6.  One thing I immediately noticed is that running the "Check for update..." results in the following error: "An error occurred while checking for available software updates.  Check internet connectivity or proxy server settings.". 

 

We have no proxy server enabled.  From the server with Kiwi Syslog, I have Internet connectivity via a browser with no problems. 

 

From Kiwi's error log, I see the following line associated with the failed update: "Info: An error occurred while checking for available software updates.  Moved Temporarily [20152] - Resource: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml".  If I paste that URL into a browser, it returns the following:

 

<?xml version="1.0"?>

-<KiwiSyslogServerVersionManifest Version="1">

<CurrentVersion Version="9.6.1" Link="http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip" DateReleased="2017-05-01"> New in 9.6.1 update ------------------------------ * Kiwi Syslog Server no longer creates large SolarWinds.SyslogServer.Engine.log fileswhich consume significant disk space. * Kiwi Syslog Server diagnostic information shows the correct buffer usage for all types of messages * If you do not see a "Download Update" button below, copy and paste the following link into your browser to download: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip</CurrentVersion>

</KiwiSyslogServerVersionManifest>

 

I can then paste the .zip link it references into a browser and get the zip file to download (although it appears to be the same version we already have). 

 

Has anyone experienced the same issue or know how to fix it?

 

Thanks!

Sending events from Cisco 3750 switch

January 19, 2011, 8:13 am
$
0
0

Hello,

I am trying to send events from a Cisco 3750 switch to our Kiwi syslog server but am unsure of the config for the switch.

Should the following work:

Switch (config) # logging on
Switch (config) # logging Syslog Server IP
Switch (config) # logging trap error

This command will send (Error 3) events (0-3) to the Kiwi server via UDP514. Is this the supported method of transfer?

Should this work or is there a "Supported" switch configuration that I should be using.

Thank you,

Chris

Kiwi Syslog Server 9.4.1 - Active Directory Settings

June 30, 2014, 1:02 pm
$
0
0

Has anyone configured Active Directory Settings in Kiwi Syslog Server 9.4.1?  Below are the available Active Directory Settings available in the Web Access interface under the Admin Tab.

 

  • Domain URL: <Free Form Box>  My domain prepopulated correctly.
  • Authentication Type: <Free Form Box>.  Is this supposed to be NTLM, Kerberos, etc?
  • User Groups: <Free Form Box>  Does the format need to be LDAP based?

How to encrypt syslog from cisco switch or router into Kiwi syslog?

June 16, 2014, 4:01 am
$
0
0

I want to encrypt syslog from Cisco swirtch or router into Kiwi Syslog.

I read somewhere I can use syslog tls or snmp trap v3

Is that possible using Kiwi Syslog

 

thanks

Domain Admin login event log forwarding?

October 2, 2017, 11:54 am
$
0
0

Hello,

 

    I'm currently trying to get the logs of where (what IP) and when (date and time) the Domain Administrator account information is used to log into one of three specific machines (2 DC's, and a Finance server). I'm having some trouble defining the subscription in the Kiwi Log Forwarder - Specifically, what boxes do I need to tick off and what event ID number do I need to include? I have the IP's for the three servers that I want AD to send the Admin login logs from. Thanks!

Search

RFC 5424 support?

May 1, 2013, 6:44 am
$
0
0

Currently Kiwi Syslog Server 9.x release supports syslog based on RFC 3164. Are there any plans to add support for RFC 5424 in a future release?

Thank you,

David

Is there any limitation of usage for the Free Version

January 21, 2018, 9:07 pm
$
0
0

Currently we're using the free version only to get logs from one device (firewall). Since we're a company, is it ok to just use the Free Version for as long as we need it for that one device, or do we actually have to buy the commercial license? Is there any term of usage that describes this?

More Displays?

January 22, 2018, 9:13 am
$
0
0

Is it possible using Kiwi Syslog Service Manager for syslog to use more than the defaulted 24/25 display screens?

Forescout NAC & syslog

March 12, 2015, 12:29 pm
$
0
0

We have a couple of Forescout NAC devices. They are configured to forward to our local Kiwi servers, and then rules on the Kiwi are supposed to be sending warning & above messages to the main Orion server. Unfortunately, I have oodles (technical term) of info messages showing in the main repository. I'm pretty sure the Kiwi rules are correct (they are working for other devices) but our on site security guy isn't a Forescout expert, so he hasn't been able to see anything wrong on the NAC itself. I'm thinking we have it set to forward directly to Orion under a different facility, but that's a pure guess. From what I've seen of the NAC's SYSLOG setup there aren't drop downs to look at different facilities.

 

Does anyone have experience with this? Thanks in advance!

Kiwi Syslog Service hanging

May 26, 2017, 11:45 am
$
0
0

1st time starting a discussion.

1st time working with Kiwi Syslog.

Let me know if I'm in the wrong place.

 

I am very new to Syslog Servers.

I'm a Route/Switch type guy.

 

We are using Kiwi Syslog to get Call Manager Call Traces for troubleshooting.

This Instance of Kiwi Syslog was working fine as a Guest VMware Server on a Host Server.

We used the app Veeam to move the Kiwi Syslog VMware Guest Server to another Host.

This issue started after the copy/move of the Kiwi Syslog

 

No IP addresses were changed, it's on the same network as before.

It starts up, logs are being received, and then they stop.

If you try to start the service, it tells you it's already running.

 

At the bottom of the Kiwi Syslog Service Manager, you can see the MPH indicator has stopped.

Looking at the correct folder I can see the logs are no longer being  received.

If I stop the service and start the service it starts.

There is a script that tells it to restart every morning at 4am, and it will do this.

 

Below is the error event seen when it stopped last time.

 

Windows Server 2012 R2

64 -bit OS

 

Has anyone seen this type of issue before?

 

Any help would be greatly appreciated,

 

Mhaley

Windows Events 6005, 6006, 6008, 6009 and 1074 not logging in kiwi syslog server

September 27, 2017, 4:21 am
$
0
0

Hello Everyone,

First time poster here. I am trying to track event log service status and power downs. I cannot get the windows machines to forward event logs  6005, 6006, 6008, 6009 and 1074.

 

I have event log forwarder configured correctly, at least the log preview shows the correct logs being forwarded. I do have a custom filter built just for these event IDs but I also have a catch all file that is not filtered. I am checking in both the web access and the syslog server itself. Neither of them receive these event logs from the windows machines. I haven't noticed any other events not being forwarded. All of my other filters are producing the information correctly.

 

Any tips on how to collect these logs?

 

Windows 2012R2 and Windows 7 Enviorment

Using Kiwi Syslog Server 9.6 and Event log Forwarder

Procurve switches not sending syslog messages in KIWI syslog

July 25, 2013, 6:58 am
$
0
0

Hi all,

 

New here, searched for discussions but found no entry on procurve switch(es).

The Procurve switches will not send any syslog messages (wiresharked the server)

Turned on logging on the switch: logging 'ip-address'

 

show debug

 

Debug Logging

  Source IP Selection: Outgoing Interface
  Destination:
   Logging --
     'ip-address' Kiwi Syslog server

       Protocol = UDP
       Port     = 514
     Facility = user
     Severity = info
     System Module = all-pass
     Priority Desc =

 

tried facility 'syslog' still nothing.

 

Only the Procurve switches will not send any syslog messages.

Other devices such as Cisco ASA's work fine.

 

Anyone ideas to solve this?

 

TIA Jaap

Search

Mail error: SMTP protocol error. 504 5.7.4 Unrecognized authentication type

December 21, 2016, 10:11 am
$
0
0

I'm having trouble configuring email alerts. I'm trying to send alerts to my Office 365 email address. Can someone see if I've input one of these settings incorrectly? I'm using my full Office 365 email for each of the blacked out sections in the screen shot below. For "SMTP Password," I'm using my Office 365 password.

KiwiError1.PNG

log forwarder and dhcp auditing?

October 15, 2011, 10:57 am
$
0
0

I am needing to forward all of our DHCP audits to the syslog, however I cannot figure out how to do that with the Log Forwarder.  Which source do I use in the Event Viewer?  The audit is logged to a file.  Is there any way to forward changes to files?

Custom script to append an ID number to syslog event?

January 18, 2018, 8:13 pm
$
0
0

I am new to Kiwi syslog and don't know much about using Jscript.  I'm reading that I need to create a script if I want a custom field added to my custom file format.  I wanted to do a simple task of appending a specific ID number at the end of each event that is written to the syslog file.  There is a repository that I send my syslog files to but the parser for that system needs the specific ID for my system to be at the end of each event message within the file.  This is not the correct syntax but I want to do something like the following for example:

 

original message would look like = 2018-Jan-4 19:37:17 host IP 10.1.1.1 event message

modified message would look like = 2018-Jan-4 19:37:17 host IP 10.1.1.1 event message SystemID:12345678987654321

 

Function Main()
    'Text to append to raw message
    appendID = "SystemID:12345678987654321"

    'get the raw message
    modifiedRawMessage = Fields.VarRawMessageText
  
    'Append text to message
    modifiedRawMessage = Append(modifiedRawMessage, appendID)

    'Overload message text with modified one.
    Fields.VarRawMessageText = modifiedRawMessage

    'Return success
    Main = "OK"
End Function

 

 

Can someone help me with getting the syntax correct?

 

Thank you in advance.

Kiwi Syslog Server 9.4.1 - Active Directory Settings

June 30, 2014, 1:02 pm
$
0
0

Has anyone configured Active Directory Settings in Kiwi Syslog Server 9.4.1?  Below are the available Active Directory Settings available in the Web Access interface under the Admin Tab.

 

  • Domain URL: <Free Form Box>  My domain prepopulated correctly.
  • Authentication Type: <Free Form Box>.  Is this supposed to be NTLM, Kerberos, etc?
  • User Groups: <Free Form Box>  Does the format need to be LDAP based?

Kiwi Syslog Server does not display secure ASA syslogs

June 9, 2015, 1:32 am
$
0
0

Hello to the community!

I have been confused with this for a while and i would like to get your help!

 

I have a network topology with an ASA 5520 and a Kiwi Syslog server 9.3.4-eval. I also have a CA server.

I have installed the root CA certificate on both the Kiwi Syslog Server and the ASA.

Also i have generated a certificate request for the Kiwi server which was signed by the CA server and also made a trustpoint on the ASA with that certificate (The signed one)

 

When i try to send syslogs it doesn't display anything.

 

I have installed Kiwi SyslogGen and have made some tests.

When i make a test with destination port 1468 (TCP default) it works and displays something on the Kiwi manager.

But when i make a test with destination port 6514 (Default Secure TCP) it fails.

 

On the command prompt i issued the following:

netstat -ano

there were the following entries regarding syslog:

TCP: 0.0.0.0 1468

UDP: 0.0.0.0:514

 

But nothing is listening to 6514

What can be the problem? Thank you very much in advance!!

 

Somethin i saw on the error log:

Unable to bind TCP listener to port 6514 There might be a problem with the certificate provided.

Here are some pictures of the settings:

Secure TCP.png

 

TCP.png

Modifiers.png

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>