How to delete records from the Kiwi Syslog Web Access?
Thanks.
↧
How to delete old records from Kiwi Syslog Web Access?
↧
Syslog configure to pull Exchange server message tracaking log
looking for a guide to configure syslog server with Exchange server to pull exchange message tracking logs into syslog server.
↧
↧
Does Kiwi Syslog Server Support Receiving Syslog over TCP via RFC3195
We are currently trying to migrate all UDP senders of syslog to TCP. Our fortigate security appliances only support the RFC 3195 standard for syslog over TCP. syslog-ng does not support this and rsyslog says that they support RFC 3195, but it is not working. Please, any assistance with this request would be appreciated. Running syslog with UDP is no longer an option.
Thanks in advance.
↧
Kiwi Syslog not receiving any message
Hello,
I just installed Syslog on a Windows 8 VM (ESXi 5.5).
However... I don't received any message from the router (Cisco RV042G) I want to log.
I tried the generic troubleshhoting :
• Check network connectivity by pinging from the sending device to the Syslog Server machine => OK
• Check only one instance of Kiwi Syslog Server is running (Ctrl-Shift-Esc to get the task-list) => OK, only one
• Disable any personal firewall software such as ZoneAlarm or BlackIce => Disabled
• Use a sniffer to check if messages from the routing are reaching the PC => Yes, I can see them
• Check DNS resolution is working as expected by pinging a hostname from the Command Prompt => OK
• Check that there is a "Display" action setup for the facility and level you are expecting to receive messages on. => OK
• Send a test message to yourself by pressing Ctrl+T => Displayed
• Download a copy of the Free Syslog Server Message Generator (SyslogGen) from: www.kiwisyslog.com/downloads => Done
• Install SyslogGen and set it to send a message every second to the address 127.0.0.1 (local host). => Not displayed, and I don't see them in a local packet capture.
• Try sending messages with SyslogGen from another machine to the host running the Syslog Server => Not displayed, but see them on a packet capture (on Syslog PC)
Do you have any idea about the cause of this issue ?
Thanks in advance for your help.
↧
Perl script to parse SNMP trap and set VarCustom01
I was trying the following script but I get no variable when trying to parse this way:
sub Main{
$source = $Fields->{VarRawMessageText};
my ($IP) = $source =~ /^\S+/;
$Fields->{VarCustom01} = $IP;
return "OK";
}
The VarRawMessageText should be the following: 127.0.0.1 1.2.131.24.14.1 etc etc
If I remove tags the agent_ip= is not that and the above regex should be correct but the script is not parsing it. I am using 8.3 of Kiwi (I do intend to upgrade but it's a production box)
I created a rule to run this script in the action and then I am calling %VarCustom01 to forward as the originator IP. The reason is I am forwarding SNMP traps from Cisco Prime to Kiwi and then to NCM. (there's some crazy logic as to why)
↧
↧
Parsing logs from Windows Event logs
Good day,
How can we get windows event logs to be stored in the database with there specific fields
- Event ID
- DATE and TIME
- EVENT DESCRIPTION
- AUDIT TYPE
- SERVER NAME
- ACCOUNT NAME
- DOMAIN NAME
- FAILURE CODE
- FAILURE REASON
- LOGON TYPE
Currently the information is stored in one (1) field. Is there a parse script or way to split the information as seen above and store in the database.
My project team is urgently awaiting a response to complete an overdue task. Can someone kindly provide some assistance, guidance or information.
Thanks in advance.
George
↧
Ayuda con kiwi syslog server en un correo electronico
Hola tengo un inconveniente con Kiwi Syslog Server al tratar de hacer algunos test con mi correo electronico me sale este error:
Unable to send test message.
Reason: Mail error: SMTP protocol error. 535 5.7.8
http//:support.google.com/mail/bin/answer.py?answer=14257
p13sm9533348qax.8 - gsmtp
Desearia saber si alguien me podria ayudar, a resolverlo.
Tambien tengo una duda como configuro a las alarmas de kiwi al momento de tener una alerta que se me envie un correo?
Espero su gentil ayuda
↧
Administrator Password Missed; Other way to login
Hi,
I have recently been handed over Kiwi Syslog server to manage which has both Fat Client and Web Server. Fat Client is directly logged in however Web console could not be logged in. When I checked regarding the password of "Administrator", I have been informed that resource handling it has left long ago and there is no one to tell.
Is there a way we can reset the password of Administrator or create a new user from Syslog Fat Client. I cant raise the request with Support as we do not have active maintanence.
Thanks,
Syed
↧
Kiwi Syslog "Check for update..." error
We are new to Kiwi Syslog and are just getting things configured. We are on version 9.6.1.6. One thing I immediately noticed is that running the "Check for update..." results in the following error: "An error occurred while checking for available software updates. Check internet connectivity or proxy server settings.".
We have no proxy server enabled. From the server with Kiwi Syslog, I have Internet connectivity via a browser with no problems.
From Kiwi's error log, I see the following line associated with the failed update: "Info: An error occurred while checking for available software updates. Moved Temporarily [20152] - Resource: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml". If I paste that URL into a browser, it returns the following:
<?xml version="1.0"?>
-<KiwiSyslogServerVersionManifest Version="1">
<CurrentVersion Version="9.6.1" Link="http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip" DateReleased="2017-05-01"> New in 9.6.1 update ------------------------------ * Kiwi Syslog Server no longer creates large SolarWinds.SyslogServer.Engine.log fileswhich consume significant disk space. * Kiwi Syslog Server diagnostic information shows the correct buffer usage for all types of messages * If you do not see a "Download Update" button below, copy and paste the following link into your browser to download: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip</CurrentVersion>
</KiwiSyslogServerVersionManifest>
I can then paste the .zip link it references into a browser and get the zip file to download (although it appears to be the same version we already have).
Has anyone experienced the same issue or know how to fix it?
Thanks!
↧
↧
Event Log Forwarder - Where is the Audit Failure Type?
Hi There,
I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?
Thanks,
↧
Kiwi Syslog not capturing syslogs
Installed Kiwi Syslog Free version 9.3.4 on Windows Server 2008 R2. Trying to capture syslog from a Cisco ASA 5510. I have confirmed that the syslog events are hitting the server with Wireshark. Nothing is coming through to Kiwi Syslog. Current settings are all default. No filters in place. Not sure what is wrong as I can see the syslog messages coming through Wireshark. Any ideas as to why the syslog messages are not being seen by Kiwi?
↧
Kiwi Syslog server - Archive task does not run on a schedule
I am running Kiwi Syslog server 9.4.1 and I have created an archive task to copy all messages to a file share every 5 minutes. When I click the Run Now button it works but when I leave it to run, it does not run. I have confirmed that the archive task is enabled. Anyone have any ideas?
Thanks,
Andy
↧
Can't setup syslog with a Cisco ASA 5505
I have never used Syslogs before but was asked to setup one.
I am having trouble setting it up with my Cisco ASA 5505 security Device.
I can ping FROM the server to the Cisco ASA
I can ping FROM the ASA to the Server.
Things I have done.
- I have downloaded the Solarwind Kiwi Sylog server.
- I installed it as a service.
- I tested the Kiwi Syslog server using it's built in testing tool and I received messages. They came in on 127.0.0.1.
- In Kiwi Sys Log server I added the IP address of the Cisco ASA.
- File - Setup - Input - 192.168.200.1 (Server address)
- Inputs - UDP
- Made sure Port was set to 514
- Logged into the Cisco ADSM management.
- Went to:
- Configuration - Device Management - Logging
- Under Logging setup I selected "Enable"
- Logging filters
- I enabled Sys Log and selected "Severity:Warnings" for all event classes.
- Clicked on "Sys Log Server" from the menu. I added:
- Interface: Data (inside which the Sys Log is connected to)
- IP Address ( IP address of the Syslog server)
- UDP Port 514
- EMBLEM and Secure is set to "NO"
- Click on "Syslog Setup" on the ASA in the menu structure
- Include Timestamp in syslogs
- I applied the settings to the ASA and then committed the changes to flash.
Any ideas on why the syslog server isn't displaying the info?
Thanks so much in advance!
↧
↧
Question about initial setup of Event Log Forwarder and Kiwi
So, I want to try using the Event Log Forwarder on my desktops to send Logon/Logoff events over to Kiwi.
In Event Log Forwarder, I created a new Subscription, Selected Security, Event types of Error, Warning, and Info for included events 4624, 4634, and 4672
My default syslog facility is Local7
On the Kiwi side, I made a new rule, with message text filter "logon" and action to display to 02.
I also made a rule with message text file "logged off" and action to send to display 03.
In Kiwi, if I setup the Test message for text logon or logged off , I get the event, but I don't seem to be getting it from my desktop logon.
Can anyone point me in the right direction?
thanx,
↧
Forward Event Viewer subscriptions with Event Log Forwarder for Windows
Has anyone been able to forward subscribed events (from other machines) to Kiwi Syslog server using Event Log Forwarder for Windows? I am trying to setup a single point to collect events to be forwarded to our syslog server.
I setup a test and subscribed to events from another machine to be placed in the Windows Logs -> Application. I see the forwarded events in Windows Event Viewer, but when viewing the "preview of matching event records" (Event Log Forwarder for Windows) I only see the events sources from the computer running the event log forwarder. (see the attached screenshot)
Thanks!
Jeremy
↧
no log shows on Kiwi Syslog Web Access
I am having kiwi syslog 9.5 installed.
I choose to install as service and also installed the web access.
The syslog console opened fine and I see logs on displayed and also to file.
However, with the web access, it shows nothing (what so ever). I checked the Setup on Console Manager and see that under Rules i have 2 exact same option for "Log to Syslog Web Access". Everything under that options checked.
But I still see no log on web access.
1) I tried to uncheck all the "Log to Syslog Web Access".
2) Closed the Console Manager and reopened it
3) Checked mark one of the 2 optioins "Log to Syslog Web Access" and everything below it.
4) Opened and log in to web access -> Still see nothing.
any idea?
↧
How to uninstall Kiwi Syslog Web Access and the related components
What programs should I uninstall when I would like to remove Kiwi Syslog Web Access and the related components?
Our customer had installed Kiwi Syslog Web Access, but they would like to remove it because they do not use.
Should we uninstall the following programs from Add/Remove programs?
- Kiwi Syslog Web Access
- UltiDev Cassini Web Server Explorer
- UltiDev Cassini Web Server for ASP.NET 2.0
- Microsoft SQL Server Compact 3.5
Could you please advice me?
↧
↧
Collect DHCP events from Windows DHCP server
Hello,
Could you please tell me how to transfer all DHCP events (from a standard Windows 2012 DHCP server) to syslog ?
Thanks in advance for your help
↧
Not receiving Secure (TLS) Syslog messages
Hi community,
I'm having a problem with the Kiwi Syslog Server. I want to establish a connection over Secure (TLS) Sylog over TCP between a Cisco ASA 5550 and the Syslog Server 9.3.2 running on a Windows Server 2008 R2. But I can't recieve any messages. It works only with UDP.
The Server is configured as in this tutorial described: http://www.kiwisyslog.com/help/syslog/index.html?inputs___secure_tls_syslog.htm
I've created my certificate with makecert.bat from Xampp and it's selected in the Kiwi certificate browser. This certificate is also imported in the Cisco ASA.
I hope somebody can help me.
Thanks
Martin
↧
Forward syslog events to QRadar
I'm trying to forward events from Kiwi Syslog to QRadar SIEM.
In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected "Retain the original source address of the message"; clicked the Test button to verify the configuration and got a gree checkmark.
The test event was the only event received by the QRadar. None of the events I'm forwarding have been received as incoming logs on QRadar.
I've tried this with and without adding the Kiwi Syslog servers as log sources in QRadar.
Do I need to install a universal DSM on the Kiwi Syslog servers?
↧