I was just wondering if there is a way to set filters for last 24-hours, 48-hours, or 7 days etc in the syslog web access?
↧
Kiwi Syslog Web Access - set filters for last 24-hours, 48-hours, or 7 days
↧
Syslog 9.1 log to sql database error
Hello all,
I keep getting the below errors when trying to send info to our SQL database.
2010-10-10 16:49:39 DBLogger.ClearQueue aborted with error: Incorrect syntax near '2222:43:netmgtd:10-Oct-2010 16:49:37.018014:rca_ocp.c:295:INFO:25.2.4:GUI: Account admin from 10.X.X.XX logged in to 10.X.X.X'. - SQL statement has been removed from the database cache. [Syslogd_TaskEngine.exe 2.5.151] (801) INSERT INTO Syslogd (MsgDate,MsgTime,MsgPriority,MsgHostname,MsgText) VALUES ('2010-10-10','16:49:38','User.Info','10.X.X.XXX','2222:43:netmgtd:10-Oct-2010 16:49:37.018014:rca_ocp.c:295:INFO:25.2.4:GUI: Account admin from 10.X.X.XX logged in to 10.X.X.XXX. ') : C:\Program Files\Syslogd\DBCache\ca7ad33fa4e635d00d4106908427f600 [Line:0]
I have setup the the log to database using the built in sql file format as well as creating one from scratch. What I don't get is that every time I use the debug command, the table gets updated properly without any errors. But when I apply my settings the log file gets filled with errors. I know it is complaining about quotes someplace, but in the view none of the statements have any quotes in them.
Any help would be greatly appreciated.
Thank you,
Giuseppe
↧
↧
.NET 3.5 install required, why?
During the install for Syslog 9.3.4, I am prompted to install .NET 3.5. However, we do not install the Kiwi Syslog Web interface, so why must we install .NET? This install forces IIS to be installed, which we do not want running and do not need!
↧
Kiwi Syslog Web Access Database Location
Hello,
We are looking to find the Windows file/folder location for where the Kiwi Syslog Web Access is pulling its records from?
We currently save events to the syslogd/logs location, as well as a SQL database. But when we setup in the Kiwi Syslog Console Service Manager to send forwarded events to the 'Log to Kiwi Syslog Web Access', we cannot find where it stores those records?
Thanks,
Mark
↧
Kiwi Syslog Server limitations
Hi everyone,
I wonder if Kiwi Syslog Server has any limitation on how many servers that it can collect the logs from or how many servers can send the logs to the syslog server?
I know the Web Access has 4GB db limitation. What is the best practice for this limitation when you have more than 10 servers sending the logs to syslog server? I don't want to see only 1 or 2 day logs every day from Web Access. I hope at least 4GB db limitation can store like a month logs of all 10+ servers. I am trying first with the windows event logs (using the free tool Solwarwinds Event Log Forwarder)
Is there any limitation that i should be aware with Kiwi Syslog Server and Event Forwarder tool?
Another question:
Does Solarwinds Event Log Forwarder can work with other vendor syslog server? If so, which vendor and which syslog server product is that?
Thanks in advance!
↧
↧
Kiwi Syslog "Check for update..." error
We are new to Kiwi Syslog and are just getting things configured. We are on version 9.6.1.6. One thing I immediately noticed is that running the "Check for update..." results in the following error: "An error occurred while checking for available software updates. Check internet connectivity or proxy server settings.".
We have no proxy server enabled. From the server with Kiwi Syslog, I have Internet connectivity via a browser with no problems.
From Kiwi's error log, I see the following line associated with the failed update: "Info: An error occurred while checking for available software updates. Moved Temporarily [20152] - Resource: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml". If I paste that URL into a browser, it returns the following:
<?xml version="1.0"?>
-<KiwiSyslogServerVersionManifest Version="1">
<CurrentVersion Version="9.6.1" Link="http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip" DateReleased="2017-05-01"> New in 9.6.1 update ------------------------------ * Kiwi Syslog Server no longer creates large SolarWinds.SyslogServer.Engine.log fileswhich consume significant disk space. * Kiwi Syslog Server diagnostic information shows the correct buffer usage for all types of messages * If you do not see a "Download Update" button below, copy and paste the following link into your browser to download: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip</CurrentVersion>
</KiwiSyslogServerVersionManifest>
I can then paste the .zip link it references into a browser and get the zip file to download (although it appears to be the same version we already have).
Has anyone experienced the same issue or know how to fix it?
Thanks!
↧
Forward syslog events to QRadar
I'm trying to forward events from Kiwi Syslog to QRadar SIEM.
In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected "Retain the original source address of the message"; clicked the Test button to verify the configuration and got a gree checkmark.
The test event was the only event received by the QRadar. None of the events I'm forwarding have been received as incoming logs on QRadar.
I've tried this with and without adding the Kiwi Syslog servers as log sources in QRadar.
Do I need to install a universal DSM on the Kiwi Syslog servers?
↧
Multi-core multithread support in the future?
We having been using Kiwi Syslog for years because of its flexibility and ease of use. It works well for alerting on syslog and traps, but we having been running into scalability issues the last year or so. We have tried everyone suggestions to get above the 15 million messages per hour mark. Syslog-ng appears to be the only viable option, but lacks the simplicity of managing advanced rules. Are there any plans for Kiwi to be able to take advantage of multi-cpu/multi-core hardware, or run multiple instances on the same box?
↧
How to export Kiwi syslogs
Is there any way for me to export Kiwi Syslogs. I want to be able to export the syslogs from a licensed Kiwi server into another database for viewing. Specifically the NPM database. I would think that there would have been something to do this already since both are SolarWinds products, but I am unable to find it.
I want to be able to take the logs off the Kiwi server and view them elsewhere, without viewing through Kiwi. I want to view them through NPM, but I guess I can get by viewing them through something like Access. Is there a way (even if it isn't easy) to do this?
↧
↧
Kiwi Syslog - Read text file/csv
Hi all,
Is there a way that I am able to have Kiwi Syslog read from or import from a text file or CSV file that may be generated by a program that does not support Syslog?
Thanks.
↧
Event log forwarder not forwarding log messsages when login to a domain account.
Hi,
First I am new here.
Currently, I am having an issue where I login as a domain user from my windows PC no logs were forwarded to my syslog server. I did a test log and it works correctly, but only when I login as a local user from my computer.
Overall, when i login as a local user it forwards log messages according to the subscription and preview functionality. When i tried login as a domain user, it do not work?
I would be appreciated if you would assist me with this issue.
↧
Kiwi Syslog not displaying Cisco ASA 5505 syslogs
I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.
I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.
I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.
I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.
Any ideas?
↧
Syslogd_Service.exe crash - out of stack space
I am evaluating Kiwi Syslogd to front-end and filter syslog traffic since we are having performance problems and service crashes using the NPM Syslog Service. Here is the hardware platform:
HP DL385G7
2x AMD Opteron 6174 2.2GHz 12-core processors
32GB memory
RAID-1 for OS/Syslog
Windows Server 2008 R2 x64 Enterprise SP1
I installed Kiwi Syslogd and it ran for about an hour before it crashed with this failure:
Log Name: Application
Source: Application Error
Date: 3/15/2012 10:42:42 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: *********
Description:
Faulting application name: Syslogd_Service.exe, version: 9.2.0.1, time stamp: 0x4d069c0f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000a
Faulting process id: 0x91d0
Faulting application start time: 0x01cd02c944ab6d53
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Service.exe
Faulting module path: unknown
Report Id: 43e40d87-6ec6-11e1-a52f-3cd92b024752
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-03-15T17:42:42.000000000Z" />
<EventRecordID>2945</EventRecordID>
<Channel>Application</Channel>
<Computer>************</Computer>
<Security />
</System>
<EventData>
<Data>Syslogd_Service.exe</Data>
<Data>9.2.0.1</Data>
<Data>4d069c0f</Data>
<Data>unknown</Data>
<Data>0.0.0.0</Data>
<Data>00000000</Data>
<Data>c0000005</Data>
<Data>0000000a</Data>
<Data>91d0</Data>
<Data>01cd02c944ab6d53</Data>
<Data>C:\Program Files (x86)\Syslogd\Syslogd_Service.exe</Data>
<Data>unknown</Data>
<Data>43e40d87-6ec6-11e1-a52f-3cd92b024752</Data>
</EventData>
</Event>
---------------------------
The following was in the Syslogd Errorlog.txt:
2012-03-15 09:32:52 Command line license key accepted.
2012-03-15 10:42:41 *** INTERNAL PROGRAM ERROR - Please contact http://www.kiwisyslog.com/support/ ***
2012-03-15 10:42:41 Service Version 9.2.1 | Error Number: 28 | Description: Out of stack space | Module Name: Syslogdsvc.frm | Procedure Name: SyslogSocket_DataArrival | Line Number: 260 | Date and time: 3/15/2012 10:42:41 AM
---------------------------
I have opened SolarWinds case #323438 regarding this.
↧
↧
How to encrypt syslog from cisco switch or router into Kiwi syslog?
I want to encrypt syslog from Cisco swirtch or router into Kiwi Syslog.
I read somewhere I can use syslog tls or snmp trap v3
Is that possible using Kiwi Syslog
thanks
↧
Administrator Password Missed; Other way to login
Hi,
I have recently been handed over Kiwi Syslog server to manage which has both Fat Client and Web Server. Fat Client is directly logged in however Web console could not be logged in. When I checked regarding the password of "Administrator", I have been informed that resource handling it has left long ago and there is no one to tell.
Is there a way we can reset the password of Administrator or create a new user from Syslog Fat Client. I cant raise the request with Support as we do not have active maintanence.
Thanks,
Syed
↧
Purging old logs
One of those things we never look at until we get notified of disk space running out!!...
We have daily logs for each device (approx 400), each within their own folder based on device hostname. Ive looked at log file rotation, but I dont think it will work for simply deleting any files older than a month or so, as the help file implies that it is per log, which is created daily.
Other than doing this manually, can syslog not delete old files beyond a specified time?
Shame you cant get the app to compress and archive old logs.
↧
Multi-core multithread support in the future?
We having been using Kiwi Syslog for years because of its flexibility and ease of use. It works well for alerting on syslog and traps, but we having been running into scalability issues the last year or so. We have tried everyone suggestions to get above the 15 million messages per hour mark. Syslog-ng appears to be the only viable option, but lacks the simplicity of managing advanced rules. Are there any plans for Kiwi to be able to take advantage of multi-cpu/multi-core hardware, or run multiple instances on the same box?
↧
↧
How to load-balance Kiwi Syslog servers
I've got a set of 3 Kiwi servers sitting behind an F5, which I *thought* would effectively load balance the incoming syslog volume (I'm seeing around 5-8million messages per hour, and we haven't really turned everything on yet).
The problem, I just discovered, is that F5 load balances based on connections, not messages/packets. So round robin isn't round robin since most of my sending systems are passing new messages (and therefore creating a connection) more than even the lowest "disconnect after" option on the F5 (which is 1 second).
So my first server is maxing out at about 5million MPH and 0% buffer, while server 02 gets 2million messages and 80% buffer, and server 03 gets barely anything at all.
Has anyone else tried this, and have you found a work around (it doesn't have to be an F5. I just need the ability to create a pool of Kiwi servers and have all the systems in my enterprise sending to ONE ip address.
Thanks!
- Leon
↧
How to forward glassfish log to Kiwi syslog server
Hi Guys,
I am new at this and I need some assistance on how to configure glassfish 3.1.2 to forward its log to my Kiwi syslog server in windows. Does anyone have any experience on this?
↧
Maximum Rules in Kiwi Syslog Server
Hello,
i need to create more than the 100 possible rules.I found the documentation regarding the registry entry "MaxRuleCount" (http://www.kiwisyslog.com/help/syslog/index.html?rules_maximumrulecount.htm) However, i don't have the mentioned registry entry and also creating it did not help. Any ideas?
Thx, Robert
↧