Can't setup syslog with a Cisco ASA 5505

July 13, 2016, 10:01 am

≫ Next: Kiwi Syslog "Check for update..." error

≪ Previous: Maximum Rules in Kiwi Syslog Server

$

0

0

I have never used Syslogs before but was asked to setup one.

I am having trouble setting it up with my Cisco ASA 5505 security Device.

I can ping FROM the server to the Cisco ASA

I can ping FROM the ASA to the Server.

 

 

 

Things I have done.

 

1. I have downloaded the Solarwind Kiwi Sylog server.
2. I installed it as a service.
3. I tested the Kiwi Syslog server using it's built in testing tool and I received messages. They came in on 127.0.0.1.
4. In Kiwi Sys Log server I added the IP address of the Cisco ASA.
   1. File - Setup - Input - 192.168.200.1 (Server address)
5. Inputs - UDP
   1. Made sure Port was set to 514
6. Logged into the Cisco ADSM management.
7. Went to:
   1. Configuration - Device Management - Logging
8. Under Logging setup I selected "Enable"
9. Logging filters
   1. I enabled Sys Log and selected "Severity:Warnings" for all event classes.
10. Clicked on "Sys Log Server" from the menu. I added:
    1. Interface: Data (inside which the Sys Log is connected to)
    2. IP Address ( IP address of the Syslog server)
    3. UDP Port 514
    4. EMBLEM and Secure is set to "NO"
11. Click on "Syslog Setup" on the ASA in the menu structure
    1. Include Timestamp in syslogs
12. I applied the settings to the ASA and then committed the changes to flash.

 

Any ideas on why the syslog server isn't displaying the info?

 

Thanks so much in advance!

---

Kiwi Syslog "Check for update..." error

August 29, 2017, 12:29 pm

≫ Next: LOG FORWARDER 2012 server DOES NOT FORWARD EVENTS

≪ Previous: Can't setup syslog with a Cisco ASA 5505

$

0

0

We are new to Kiwi Syslog and are just getting things configured.  We are on version 9.6.1.6.  One thing I immediately noticed is that running the "Check for update..." results in the following error: "An error occurred while checking for available software updates.  Check internet connectivity or proxy server settings.". 

 

We have no proxy server enabled.  From the server with Kiwi Syslog, I have Internet connectivity via a browser with no problems. 

 

From Kiwi's error log, I see the following line associated with the failed update: "Info: An error occurred while checking for available software updates.  Moved Temporarily [20152] - Resource: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml".  If I paste that URL into a browser, it returns the following:

 

<?xml version="1.0"?>

-<KiwiSyslogServerVersionManifest Version="1">

<CurrentVersion Version="9.6.1" Link="http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip" DateReleased="2017-05-01"> New in 9.6.1 update ------------------------------ * Kiwi Syslog Server no longer creates large SolarWinds.SyslogServer.Engine.log fileswhich consume significant disk space. * Kiwi Syslog Server diagnostic information shows the correct buffer usage for all types of messages * If you do not see a "Download Update" button below, copy and paste the following link into your browser to download: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip</CurrentVersion>

</KiwiSyslogServerVersionManifest>

 

I can then paste the .zip link it references into a browser and get the zip file to download (although it appears to be the same version we already have). 

 

Has anyone experienced the same issue or know how to fix it?

 

Thanks!

LOG FORWARDER 2012 server DOES NOT FORWARD EVENTS

June 29, 2017, 4:06 am

≫ Next: Solarwinds event log forwarder for windows - tracking failed logins in AD failing

≪ Previous: Kiwi Syslog "Check for update..." error

$

0

0

We are using windows Server 2012 Standard version for Windows log forwarder but logs are not coming on Kiwi Syslog Server 9.6

Solarwinds event log forwarder for windows - tracking failed logins in AD failing

January 31, 2018, 6:24 am

≫ Next: Kiwi Syslog Server free ed. not receiving SNMP Traps version 2c

≪ Previous: LOG FORWARDER 2012 server DOES NOT FORWARD EVENTS

$

0

0

Trying to send failed login attempts to the syslog and getting error as follows XXXXXXX.domain.gov.uk MSWinEventLog 2 Security 128 Tue Jan 30 16:32:42 2018 4771 Microsoft-Windows-Security-Auditing N/A Audit Failure XXXXXX.domain.gov.uk 14339 The description for Event ID 4771 from source Microsoft-Windows-Security-Auditing cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.If the event originated on another computer, the display information had to be saved with the event.The following information was included with the event: 4258. FormatMessage failed with error 1815, The specified resource language ID cannot be found in the image file. Using Version 1.2.0.114 on server Windows 2012 R2 Datacenter

 

completed the hack to actually get the failed logins  <string>0x10000000000000</string>

 

Can anyone solve this - using SolarWinds-LogForwarder-FreeTool-v1.2.0

Kiwi Syslog Server free ed. not receiving SNMP Traps version 2c

April 13, 2015, 12:24 am

≫ Next: SolarWinds LogForwarder 1.2 NOT WORKING

≪ Previous: Solarwinds event log forwarder for windows - tracking failed logins in AD failing

$

0

0

Hello Everybody.

 

I'm having troubles receiving SNMP Traps v 2c on Kiwi Syslog Server Free edition.

Although it is described in the feature list that this is supported (also in the documentation), i can receive version 1 but not 2c.

 

Using Wireshark to listen to the traffic i can clearly see SNMP traps version 2 incoming, but nothing appears on syslog server.

 

Can anyone help?

I asked support@ and sent many mails, but didn't get any answer to the problem, they just said to post my question here because this is a free product.

 

Thank you very much.

SolarWinds LogForwarder 1.2 NOT WORKING

February 20, 2017, 6:19 pm

≫ Next: Kiwi licensing

≪ Previous: Kiwi Syslog Server free ed. not receiving SNMP Traps version 2c

$

0

0

I have installed the kiwi syslog server 9.5 and I am using the SolarWinds LogForwarder 1.2 on all the other servers and endpoints to send the logs to the kiwi syslog server.

 

 

I noticed that I am not receiving any logs from the servers only network devices (switches, routers, etc.) I checked to see if the Log Forwarder for Windows is running, and I noticed that it was not. I manually started the service, and then sometime after that the service stopped. I checked the event viewer application log and saw the following each in a separate entry

 

 

1. Service started successfully.
2. Server Initialization Failed.  See previous event messages for reason.
3. SolarWinds Event Log Forwarder for Windows; Service Stopped.

 

I have the SolarWinds LogForwarder 1.2 installed on w2k8r2 and w2k12r2 servers.  I opened the log forwarder service log and I saw this

 

1/26/2017 4:57:57 PM - SolarWinds Event Log Forwarder for Windows; Service Started.

1/26/2017 4:58:58 PM - Configuration File Reloaded at 1/26/2017 4:58:58 PM

1/26/2017 5:30:10 PM - Unable to setup Windows Event Log subscribers.  Subscribe failed with error 15001, The specified query is invalid.

1/26/2017 5:30:10 PM - Configuration File Reloaded Failed at 1/26/2017 5:30:10 PM

1/26/2017 9:24:23 PM - Unable to setup Windows Event Log subscribers.  Subscribe failed with error 15001, The specified query is invalid.

1/26/2017 9:24:23 PM - Configuration File Reloaded Failed at 1/26/2017 9:24:23 PM

1/26/2017 9:27:29 PM - Unable to setup Windows Event Log subscribers.  Subscribe failed with error 15001, The specified query is invalid.

1/26/2017 9:27:29 PM - Configuration File Reloaded Failed at 1/26/2017 9:27:29 PM

1/26/2017 9:27:33 PM - Unable to setup Windows Event Log subscribers.  Subscribe failed with error 15001, The specified query is invalid.

1/26/2017 9:27:33 PM - Configuration File Reloaded Failed at 1/26/2017 9:27:33 PM

1/26/2017 9:27:41 PM - Unable to setup Windows Event Log subscribers.  Subscribe failed with error 15001, The specified query is invalid.

1/26/2017 9:27:41 PM - Configuration File Reloaded Failed at 1/26/2017 9:27:41 PM

 

 

 

 

 

 

 

Can anyone help?

Kiwi licensing

September 28, 2009, 5:39 am

≫ Next: Is there any limitation of usage for the Free Version

≪ Previous: SolarWinds LogForwarder 1.2 NOT WORKING

$

0

0

       

What is the difference between the various licensing levels of the Kiwi Syslog server (server, site, country, global)?

Is there any limitation of usage for the Free Version

January 21, 2018, 9:07 pm

≫ Next: Kiwi Log Viewer Registration not saving

≪ Previous: Kiwi licensing

$

0

0

Currently we're using the free version only to get logs from one device (firewall). Since we're a company, is it ok to just use the Free Version for as long as we need it for that one device, or do we actually have to buy the commercial license? Is there any term of usage that describes this?

---

Kiwi Log Viewer Registration not saving

March 10, 2017, 10:54 am

≫ Next: Filter rules, IP range or subnet

≪ Previous: Is there any limitation of usage for the Free Version

$

0

0

I have a license for the Kiwi Log Viewer that when copied and applied shows in the "About...." screen that it's saved and I have 293 more days.....

 

The next time I open the program it's back to "Freeware".

 

Is this a "feature" or am I missing something?

Filter rules, IP range or subnet

February 13, 2016, 3:49 pm

≫ Next: Kiwi syslog monitor for messages

≪ Previous: Kiwi Log Viewer Registration not saving

$

0

0

This may seem obvious but I would just like confirmation that filters on IP address ranges or subnet masks are compared to the Source IP from the UDP/TCP packet header.  The documentation does not state this specifically.

Kiwi syslog monitor for messages

November 11, 2016, 12:56 am

≫ Next: How do I get rid of the Solar Winds pop up?

≪ Previous: Filter rules, IP range or subnet

$

0

0

Hello,

 

We have Kiwi syslog server, and we want to monitor if some event is logging for more than 15 minutes for example.

 

I have created rule to filter by some words in the Message, to log it into different file and to display on different display, but I want also to be notified by email if the message is keep being logged for more than 15 minutes.

 

In the alarms options there is no way to monitor the events by time being logged but only to monitor the message count.

How do I get rid of the Solar Winds pop up?

April 19, 2017, 7:06 am

≫ Next: Kiwi Syslog "Check for update..." error

≪ Previous: Kiwi syslog monitor for messages

$

0

0

This is more of an annoying thing than an actual problem but every time I log off and back into one of the computers I use the log forwarder on, I have to dismiss the 'SolarWinds Event Log Forwarder for Windows' dashboard.  EVERY.SINGLE.TIME.

 

Please tell me there is a way to get rid of this. 

Kiwi Syslog "Check for update..." error

August 29, 2017, 12:29 pm

≫ Next: When is Kiwi Syslog v10 coming out?

≪ Previous: How do I get rid of the Solar Winds pop up?

$

0

0

We are new to Kiwi Syslog and are just getting things configured.  We are on version 9.6.1.6.  One thing I immediately noticed is that running the "Check for update..." results in the following error: "An error occurred while checking for available software updates.  Check internet connectivity or proxy server settings.". 

 

We have no proxy server enabled.  From the server with Kiwi Syslog, I have Internet connectivity via a browser with no problems. 

 

From Kiwi's error log, I see the following line associated with the failed update: "Info: An error occurred while checking for available software updates.  Moved Temporarily [20152] - Resource: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml".  If I paste that URL into a browser, it returns the following:

 

<?xml version="1.0"?>

-<KiwiSyslogServerVersionManifest Version="1">

<CurrentVersion Version="9.6.1" Link="http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip" DateReleased="2017-05-01"> New in 9.6.1 update ------------------------------ * Kiwi Syslog Server no longer creates large SolarWinds.SyslogServer.Engine.log fileswhich consume significant disk space. * Kiwi Syslog Server diagnostic information shows the correct buffer usage for all types of messages * If you do not see a "Download Update" button below, copy and paste the following link into your browser to download: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip</CurrentVersion>

</KiwiSyslogServerVersionManifest>

 

I can then paste the .zip link it references into a browser and get the zip file to download (although it appears to be the same version we already have). 

 

Has anyone experienced the same issue or know how to fix it?

 

Thanks!

When is Kiwi Syslog v10 coming out?

March 11, 2016, 6:15 am

≫ Next: log forwarder error

≪ Previous: Kiwi Syslog "Check for update..." error

$

0

0

As you all may recall, it's been 7 months since Kiwi Syslog v9.5 was posted (see Kiwi Syslog 9.5 is now Available! ).  I am very much looking forward to a major release (i.e. v10).  What would this new version contain?  I have a few things in my wish-list...

 

• Increased the of number of syslog messages and snmp traps that can Kiwi can handle. According to a posting on Geek Speak (How many messages can Kiwi Syslog manage?), Kiwi can handle between 400 and 600 messages per second.  I'd like to see that go all the way up to 2,000 messages (or more).
• Rules Wizard (for the novice and those of us with diminished brain-cells due to age. 
• Full web-based management option.  I don't know about other Thwackers, but I prefer not to use Win32 (via RDP) whenever possible.
• Additional Polling Engine option for Kiwi.  This, so we can have multiple servers handle syslog messages and snmp traps.

 

I am sure that other Thwackers have many other items in their respective wish-list for Kiwi.  I'd like to hear from you.  And, of course, I'd like to hear from the Kiwi PM, to tell us what's in the Roadmap for the next Kiwi release.  Have a great day, everyone!!! 

log forwarder error

February 23, 2018, 6:15 am

≫ Next: Syslog filter by device type but no filter by group?

≪ Previous: When is Kiwi Syslog v10 coming out?

$

0

0

i installed log forwarder 2.1.0 on my windows server 2008. i set my kiwi syslog server, i configured subscription for sending system logs from my server. when i click to test button, the test is ok, but in event viewer i receive in log solariwinds.net i receive message

 

Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.

 

also, my kiwisyslogserver does not receives messages. where is problem

---

Syslog filter by device type but no filter by group?

November 23, 2015, 2:32 am

≫ Next: How many messages per hour can Kiwi Syslog handle without dropping messages?

≪ Previous: log forwarder error

$

0

0

I'm slowly picking up Solarwinds Orion but I've run into a roadblock.  Our shop has our devices now correctly showing up in the Orion syslog on the web.  What I want to do is filter these by their function. 

 

Ex. Firewall, Switches, Routers, etc.

 

What I have instead is a filter for "type of device".  So I can filter Cisco 3750 or ASR1004.  The problem is I have ASR1001 and ASR1004 which are separate because they are different types but I want them listed together as they are both firewalls.

 

Can anyone point me in the right direction?

How many messages per hour can Kiwi Syslog handle without dropping messages?

June 2, 2015, 1:13 pm

≫ Next: Can't setup syslog with a Cisco ASA 5505

≪ Previous: Syslog filter by device type but no filter by group?

$

0

0

How many messages per hour can the syslog server reliably handle per hour or per second before dropping / skipping / missing messages and failing to trigger alerts?

Can't setup syslog with a Cisco ASA 5505

July 13, 2016, 10:01 am

≫ Next: Auto Purge Kiwi Database

≪ Previous: How many messages per hour can Kiwi Syslog handle without dropping messages?

$

0

0

I have never used Syslogs before but was asked to setup one.

I am having trouble setting it up with my Cisco ASA 5505 security Device.

I can ping FROM the server to the Cisco ASA

I can ping FROM the ASA to the Server.

 

 

 

Things I have done.

 

1. I have downloaded the Solarwind Kiwi Sylog server.
2. I installed it as a service.
3. I tested the Kiwi Syslog server using it's built in testing tool and I received messages. They came in on 127.0.0.1.
4. In Kiwi Sys Log server I added the IP address of the Cisco ASA.
   1. File - Setup - Input - 192.168.200.1 (Server address)
5. Inputs - UDP
   1. Made sure Port was set to 514
6. Logged into the Cisco ADSM management.
7. Went to:
   1. Configuration - Device Management - Logging
8. Under Logging setup I selected "Enable"
9. Logging filters
   1. I enabled Sys Log and selected "Severity:Warnings" for all event classes.
10. Clicked on "Sys Log Server" from the menu. I added:
    1. Interface: Data (inside which the Sys Log is connected to)
    2. IP Address ( IP address of the Syslog server)
    3. UDP Port 514
    4. EMBLEM and Secure is set to "NO"
11. Click on "Syslog Setup" on the ASA in the menu structure
    1. Include Timestamp in syslogs
12. I applied the settings to the ASA and then committed the changes to flash.

 

Any ideas on why the syslog server isn't displaying the info?

 

Thanks so much in advance!

Auto Purge Kiwi Database

February 24, 2011, 4:21 pm

≫ Next: Kiwi Syslog not capturing syslogs

≪ Previous: Can't setup syslog with a Cisco ASA 5505

$

0

0

I recently had my Kiwi Syslog server DBCache folder filled with over 20GB of cache files.

This was resolved by purging the cache with the "Purge Database Cache" button on the Kiwi menu, however I would love to do this daily or on a schedule when needed.

Is there an easy way to do this or is there an .exe file in the Syslogd folder that I can call on a schedule to perform this task ?

 

Thanks,

Kiwi Syslog not capturing syslogs

May 14, 2013, 1:40 pm

≫ Next: The list of Windows Update that conflicts with Kiwi Syslog Server

≪ Previous: Auto Purge Kiwi Database

$

0

0

Installed Kiwi Syslog Free version 9.3.4 on Windows Server 2008 R2.  Trying to capture syslog from a Cisco ASA 5510.  I have confirmed that the syslog events are hitting the server with Wireshark.  Nothing is coming through to Kiwi Syslog.  Current settings are all default.  No filters in place.  Not sure what is wrong as I can see the syslog messages coming through Wireshark. Any ideas as to why the syslog messages are not being seen by Kiwi?