Kiwi Syslog Server High CPU Utilization - Messages Seem to be behind

September 8, 2010, 11:51 am

≫ Next: Windows event log forwarder for Windows NT

≪ Previous: Kiwi Syslog not displaying Cisco ASA 5505 syslogs

The CPU on my Kiwi Syslog Server is Pegged. Here is the Diagnostic info file from the server.

Kiwi Syslog Server [Registered] Version 9.0.3

/// Kiwi Syslog Server Statistics ///
---------------------------------------------------
24 hour period ending on: Wed, 08 Sep 2010 14:44:34
Syslog Server started on: Wed, 08 Sep 2010 13:37:39
Syslog Server uptime: 1 hour, 7 minutes
---------------------------------------------------

+ Messages received - Total:          1098753
+ Messages received - Last 24 hours: 1098753
+ Messages received - Since Midnight: 1098753
+ Messages received - Last hour:      996804
+ Message queue overflow - Last hour: 416654
+ Messages received - This hour:      101949
+ Message queue overflow - This hour: 12336
+ Messages per hour - Average:        996804

+ Messages forwarded: 769810
+ Messages logged to disk: 1194581

+ Errors - Logging to disk:           0
+ Errors - Invalid priority tag:      0
+ Errors - No priority tag:           2
+ Errors - Oversize message:          309

+ Disk space remaining on drive E:    41554 MB

    Breakdown of Syslog messages by severity
+--------------------+------------+------------+
| Message Level      | Messages | Percentage |
+--------------------+------------+------------+
| 0 - Emerg          |         0 |      0.00% |
| 1 - Alert          |      2753 |      0.25% |
| 2 - Critical       |       496 |      0.05% |
| 3 - Error          |      5745 |      0.52% |
| 4 - Warning        |    103603 |      9.43% |
| 5 - Notice         |     42938 |      3.91% |
| 6 - Info           |    775902 |     70.62% |
| 7 - Debug          |    167316 |     15.23% |
+--------------------+------------+------------+

Custom statistics
-----------------
CustomStats01: 0
CustomStats02: 0
CustomStats03: 0
CustomStats04: 0
CustomStats05: 0
CustomStats06: 0
CustomStats07: 0
CustomStats08: 0
CustomStats09: 0
CustomStats10: 0
CustomStats11: 0
CustomStats12: 0
CustomStats13: 0
CustomStats14: 0
CustomStats15: 0
CustomStats16: 0

End of Report.

DNS Cache size  20000
DNS Cache entries 2
Entries in queue 0
DNS Cache hits  0
DNS Cache misses 0
DNS Cache TTL  1440 minutes
Total DNS Lookups 0
Successful cache hits 0%

IP Address Hostname TTL (minutes)
127.0.0.1 localhost Static
::1 localhost Static

Message Buffer Information
==========================
Message Queue Max Size: 20000
Message Queue overflow: 428990
Message Count:          19932
Message Count Max:      20000
Percentage free:        1

E-mail Buffer Information
==========================
Message Queue Max Size: 1000
Message Queue overflow: 0
Message Count:          0
Message Count Max:      13
Percentage free:        100

↧

Windows event log forwarder for Windows NT

October 25, 2012, 3:11 am

≫ Next: KIWI SYSLOG 9.4 RELEASE CANDIDATE IS COMING!

≪ Previous: Kiwi Syslog Server High CPU Utilization - Messages Seem to be behind

arHi

I have been looking for user manual for windows event log forwarder, but no success so far, basically I just want to find out if windows event log forwarded is compatible with Windows NT Server/Workstation

Thanks

↧

KIWI SYSLOG 9.4 RELEASE CANDIDATE IS COMING!

August 7, 2013, 6:16 am

≫ Next: Log Forwarder for Windows (available to all Kiwi customers on maint)

≪ Previous: Windows event log forwarder for Windows NT

The engineering effort on Kiwi Syslog Server (KSS) v9.4 Release Candidate has been completed. The RC will be available on your soon. (I wil update this blog as soon as that happens.) RC is the last step before general availability and is a chance for existing customers to get the newest functionality before it is available to everyone else.

Here is the content of this RC version:

Moving to a new web server
This change brings a lot of new functionality "for free". Examples:
- SSL (https) support for Web Access
- Process health monitoring
- TCP port sharing
- And much more! (See UltiDev Web Server Pro pages for details.)
Active Directory authentication for web access
Alerting for Message Queue Monitor
Be notified when the number of messages in the message queue crosses certain threshold. This indicates there might be performance problems and gives you chance to take an action before messages get dropped.
Bug Fixes / resolved cases:

408596	AD support for Kiwi web access
416692	3 questions regarding Kiwi Syslog Web Access
396596	AD support for Kiwi web access
327093	Kiwi Syslog accounts - AD tie in?
312151	active directory authentication
299645	AD/LDAP Support for Web Console
491536	Kiwi Syslog Web User authentication via AD/LDAP
439899	Broken Support link
450187	Utra Dev Cassini Web Server Service
376801	After web access installation, Cassini Web service stops
380290	Feature Request - Support Newer UltiDev Cassini Server
317512	WebAdmin: HTTPS for Web Front End
159947	SSL for Web Access
491537	https for Kiwi web interface
435117	Alerting for Message Que Monitor
451568	Availability of Buffer statistics for alerting and reporting
447733	Milliseconds in Syslog in Descending Order!
459792	Feature Request - Email Summarization
465803	Database maintenance settings in Kiwi Syslog Webaccess doesn´t work
412290	Reducing number of syslogs on web access
412867	Question
416258	Radio button missing text on Archive Schedule Destination tab
416169	Wrong version displayed when cancelling licensing
334330	sounds not playing on alert
272984	"play a sound once" does not work
342995	Service crash after ORACLE ODBC configuration
427158	Status on 9.3.4
373025	Problem Creating Table for Oracle 11g Release 11.2.0.3.0
493671	Ability to see full list of devices

RC builds are made available to existing customers prior to the formal release. These are used to get customer feedback in production environments and are fully supported.

↧

Log Forwarder for Windows (available to all Kiwi customers on maint)

October 19, 2009, 10:39 am

≫ Next: Cisco ASA Stats

≪ Previous: KIWI SYSLOG 9.4 RELEASE CANDIDATE IS COMING!

What it does:

Log Forwarder for Windows allows you to forward Windows events as Syslog to your Kiwi Syslog Server

Works on Windows XP, 2003, Vista, and 2008 (32-bit or 64-bit)
Provides .MSI version for silent installs, allowing use with remote software distribution systems (e.g., Microsoft SMS)
Enables definition of filters that describe which events are forwarded

How to get it:

If you download the Kiwi Syslog Server 9.0 from your customer portal, you will see there is an additional Log Forwarder executable included with your download. The Log Forwarder for Windows was developed by the Kiwi Syslog team. It is available at no cost to Kiwi Syslog customers current on maintenance.

Try it out and let us know what you think!

↧

Cisco ASA Stats

August 6, 2013, 4:02 pm

≫ Next: Kiwi Syslog Internal Program abort

≪ Previous: Log Forwarder for Windows (available to all Kiwi customers on maint)

Hello,

I am looking to get statistics from our Cisco ASA's. I am not sure how to get this information out of Kiwi Syslog.

Basically I am looking for the number of users that connected to our Cisco ASA's via IPSec Remote Access and SSL VPN.

Is this even possible?

Any help is appreciated.

Thanks,

Daniele

↧

Kiwi Syslog Internal Program abort

August 24, 2012, 1:42 am

≫ Next: Promo Download

≪ Previous: Cisco ASA Stats

Dear al,

I faced a problem of Kiwi syslog server failed to start, due to the following error.

2012-08-23 13:55:58 *** INTERNAL PROGRAM ERROR - Please contact support@kiwisyslog.com ***

2012-08-23 13:55:58 Service Version 8.3.7 | Error Number: -2147024770 | Description: Automation error

The specified module could not be found. | Module Name: Syslogdsvc.frm | Procedure Name: Startup | Line Number: 2800 | Date and time: 8/23/2012 1:55:58 PM

Is there any ideas how to resolve this problem?

Best Regards,

Begad Ahmed

↧

Promo Download

August 7, 2013, 7:21 am

≫ Next: Web Access not working on new install

≪ Previous: Kiwi Syslog Internal Program abort

I just downloaded the free 14 day trial of the syslog server yesterday. I am having one small problem in viewing this software. When I try to log on to the web access service, I am denied, and I know I am not typing in the wrong username or password. I have an approx. 8-12 length character password, and after entering it, the password line writes in its own characters. What I mean is that instead of the 8-12 length character password being entered, the screen freezes, makes the password some 30 characters long, and then denies me. Any help with this issue would be greatly appreciated.

↧

Web Access not working on new install

July 5, 2011, 2:13 pm

≫ Next: Problem with filtering in Kiwi Syslog

≪ Previous: Promo Download

Hello all,

I have just downloaded and installed the 30 day trail version of Kiwi and when I try to access the web access view the page is just blank. I have read that recreating the "log to webaccess" rule seems to work, but I have fixed that to no avail. I have also uninstalled and reinstalled Kiwi which also did not work. I have also tried stopping and restarting the proper services and that also did not work. Any ideas?

↧

Problem with filtering in Kiwi Syslog

December 12, 2011, 1:15 pm

≫ Next: Log Forwarder for Windows

≪ Previous: Web Access not working on new install

I am setting up a kiwi syslog server. Running into a problem with the filtering not working the way I would expect. I have used Kiwi but that was several years ago. I have setup a display for a specific switch and have tried several different filter possibilities but still getting syslog messages on the display that dont belong to the switch I am trying to watch.

I have tried a ip address - simple filter with the ip address of the switch "10.1.1.2". On the cisco switch, I have used the command logging source-interface vlan 254 which should send out the syslog messages using the ip address in the simple filter I setup. I have also tried the hostname option with the hostname of the switch "Switch1" but same problem.

It has got to be something simple but so far I havent found the problem. Since this is the free version, I know I cant call Solar Winds support.

Any suggestions are appreciated.

Ron

↧

Log Forwarder for Windows

August 8, 2013, 9:24 am

≫ Next: Kiwi Syslog Server Web Interface Very Slow

≪ Previous: Problem with filtering in Kiwi Syslog

Using Kiwi Syslog (ver. 9.3) with log forwarder for windows (ver 1.1). Have one 2003 server that will not forward events of any type to the syslog server. All other servers in environment, both 2003 and 2008, will forward to syslog server. Have made exceptions in firewall rules, opened up port 514 and turned off firewall all together. Still no go. Test messages can be created, but not sent and actual events show up in security log (unsuccessful log in, event id 529) but are not forwarded. Any ideas on what to check next or is this just an unhappy old server that will not cooperate?

↧

Kiwi Syslog Server Web Interface Very Slow

November 10, 2011, 3:23 pm

≫ Next: Doc, KB and Getting Started

≪ Previous: Log Forwarder for Windows

I just setup an evaluation installation of the Kiwi Syslog Server and it's Web Access component. I have one relatively high volume system logging to it.

When I search for specific logs using filters in the Web Access, it takes a very long time fetching the events. If this is the case with only one system logging to it I am concerned about performance if I have a bunch more systems log to it.

Is this typical behavior for Kiwi Web Access?

↧

Doc, KB and Getting Started

June 19, 2013, 3:01 am

≫ Next: problem to send syslog from log forwarder to syslog server

≪ Previous: Kiwi Syslog Server Web Interface Very Slow

Kiwi Syslog

↧

problem to send syslog from log forwarder to syslog server

June 19, 2010, 9:07 am

≫ Next: How to send windows sever log to kiwi syslog sever

≪ Previous: Doc, KB and Getting Started

Hello,

I try to use Syslog server but i have a small problem to configure it.

I have two computers : 192.168.1.93 (where log forwarder installed) and 192.168.1.100 (where syslog server is installed). the port 514 is open.

When I tried with the test button (or klog), the message is not receive on my syslog server the first time... I must ping the computer before and after try again the test and it's ok... do you know why ? like if it's closed the session... that's means when i have event log on my 192.168.1.93 i never receive log in my server...

Example :

Klog from my 192.168.1.93 to syslog server, we can see on wireshark that nothing transit :

Klog from my 192.168.1.93 to syslog server after a ping, we can see on wireshark that my syslog test message works... :

If i setup log forwarder in the same computer as the syslog server (localhost) => it's work.

I tried also with another computer and it's the same problem...

Have you an idea :(

↧

How to send windows sever log to kiwi syslog sever

December 5, 2012, 5:31 pm

≫ Next: Syslog 9.1 log to sql database error

≪ Previous: problem to send syslog from log forwarder to syslog server

I already install kiwi syslog server windows sever 2008 its running good.
Now I want capture windows log from another windows server to kiwi syslog server?
(SNMP TRAP) My site already enable SNMP trap send to kiwi syslog server but I cant see any progress on that????

↧

Syslog 9.1 log to sql database error

October 11, 2010, 2:10 pm

≫ Next: Kiwi Syslog not capturing syslogs

≪ Previous: How to send windows sever log to kiwi syslog sever

Hello all,

I keep getting the below errors when trying to send info to our SQL database.

2010-10-10 16:49:39 DBLogger.ClearQueue aborted with error: Incorrect syntax near '2222:43:netmgtd:10-Oct-2010 16:49:37.018014:rca_ocp.c:295:INFO:25.2.4:GUI: Account admin from 10.X.X.XX logged in to 10.X.X.X'. - SQL statement has been removed from the database cache. [Syslogd_TaskEngine.exe 2.5.151] (801) INSERT INTO Syslogd (MsgDate,MsgTime,MsgPriority,MsgHostname,MsgText) VALUES ('2010-10-10','16:49:38','User.Info','10.X.X.XXX','2222:43:netmgtd:10-Oct-2010 16:49:37.018014:rca_ocp.c:295:INFO:25.2.4:GUI: Account admin from 10.X.X.XX logged in to 10.X.X.XXX. ') : C:\Program Files\Syslogd\DBCache\ca7ad33fa4e635d00d4106908427f600 [Line:0]

I have setup the the log to database using the built in sql file format as well as creating one from scratch. What I don't get is that every time I use the debug command, the table gets updated properly without any errors. But when I apply my settings the log file gets filled with errors. I know it is complaining about quotes someplace, but in the view none of the statements have any quotes in them.

Any help would be greatly appreciated.

Thank you,

Giuseppe

↧

Kiwi Syslog not capturing syslogs

May 14, 2013, 1:40 pm

≫ Next: Difference found in comparing running config for Cisco ASA firewall

≪ Previous: Syslog 9.1 log to sql database error

Installed Kiwi Syslog Free version 9.3.4 on Windows Server 2008 R2. Trying to capture syslog from a Cisco ASA 5510. I have confirmed that the syslog events are hitting the server with Wireshark. Nothing is coming through to Kiwi Syslog. Current settings are all default. No filters in place. Not sure what is wrong as I can see the syslog messages coming through Wireshark. Any ideas as to why the syslog messages are not being seen by Kiwi?

↧

Difference found in comparing running config for Cisco ASA firewall

January 5, 2010, 6:32 pm

≫ Next: How to Migrate Kiwi Syslog server and viewer to Another system

≪ Previous: Kiwi Syslog not capturing syslogs

I am running a comparison report on the startup config and running config on a Cisco ASA firewall.

It keeps reporting that there is a difference. On closer look it actually report the change on the display. Attached is the screenshot.

Please advice

Thanks.

Alex

↧

How to Migrate Kiwi Syslog server and viewer to Another system

April 28, 2010, 12:15 am

≫ Next: Sending events from Cisco 3750 switch

≪ Previous: Difference found in comparing running config for Cisco ASA firewall

Current system on which Kiwi Syslog Server and viewer are installed is not working properly and we need to migrate to another system,
And SolarWinds License Manager does not reset Kiwi, ipMonitor, or LANsurveyor product licenses.

Kindly Solve the issue.

Thanks

Imran

↧

Sending events from Cisco 3750 switch

January 19, 2011, 8:13 am

≫ Next: Kiwi Syslog Server and SNMP Traps on VMWare ESXi 4.0

≪ Previous: How to Migrate Kiwi Syslog server and viewer to Another system

Hello,

I am trying to send events from a Cisco 3750 switch to our Kiwi syslog server but am unsure of the config for the switch.

Should the following work:

Switch (config) # logging on
Switch (config) # logging Syslog Server IP
Switch (config) # logging trap error

This command will send (Error 3) events (0-3) to the Kiwi server via UDP514. Is this the supported method of transfer?

Should this work or is there a "Supported" switch configuration that I should be using.

Thank you,

Chris

↧

Kiwi Syslog Server and SNMP Traps on VMWare ESXi 4.0

February 24, 2010, 6:27 am

≫ Next: KiwiSyslog Evaluation - Log4Net and XML

≪ Previous: Sending events from Cisco 3750 switch

Good Day,

We are have an issue getting SNMP trap inputs to work on Kiwi v9. We have installed Kiwi on both a WinXP (with SNMP trap service) and Win2k3 Virtual Machine. When collecting syslogs it works fine. However when we configure the SNMP inputs under setup, we get a message stating that it "cannot open snmp listener on port 162"

There was no other SNMP software installed as it suggested that the port is already bound to an interface. We then installed the Solarwinds Engineer's toolset on the VM and used the trap receiver. Once alarms were generated this worked well while Kiwi is still unable to receive the traps.

Finally, we used a standalone laptop and loaded Kiwi. Using the same address as the VM we were able to receive the SNMP traps from the device under test. The platform that Kiwi was loaded onto was WinXP with Trap service installed.

Any ideas anyone? Any assistance will be greatly appreciated. I saw in the forum something about UDP Spoofing being unable to work as well and I was wondering if it had any connection.

↧