The Syslog Server Trial 9.2 is set on Windows 2003 R2 Server. Works fine except the events in cyrrilic. It displays unreadable rubbish instead of symbols. Surprisingly Russianis correct in the log file SyslogCatchAll.txt. I suspect the rubbish has to do with MS SQL CE English version. I tried to replace it with Russian one but in vain.
Can anybody help me with the issue?
Installed Kiwi Syslog Free version 9.3.4 on Windows Server 2008 R2. Trying to capture syslog from a Cisco ASA 5510. I have confirmed that the syslog events are hitting the server with Wireshark. Nothing is coming through to Kiwi Syslog. Current settings are all default. No filters in place. Not sure what is wrong as I can see the syslog messages coming through Wireshark. Any ideas as to why the syslog messages are not being seen by Kiwi?
Dear all,
As far as I know, the Kiwi Syslog Server won't support the SDEE packets generated by Cisco IPS before the version 9.1.0
However, until launching this version, does anyone have any idea how to collect the SDEE packets from the Cisco IPS and convert them to syslog packets in order to be saved under the Kiwi Syslog Server?
Thank you
How to delete records from the Kiwi Syslog Web Access?
Thanks.
Hi community. I ve searched about my problem but only found topics related about Orin software. I am getting an exception in Kiwi Syslog Web Access. Status Code 500. Any one have experienced this issue ? Thanks a lot.
Exception of type 'System.Web.HttpUnhandledException' was thrown.
Status Code: 500
System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.ArgumentOutOfRangeException: 'capacity' must be non-negative.
Parameter name: capacity
at System.Collections.ArrayList..ctor(Int32 capacity)
at RadGridUserSettings.GetSerializedSettings()
at _Event.Render(HtmlTextWriter writer)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer, Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at System.Web.UI.Page.Render(HtmlTextWriter writer)
at _Event.Render(HtmlTextWriter writer)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer, Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at System.Web.UI.Page.Render(HtmlTextWriter writer)
at _Event.Render(HtmlTextWriter writer)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace ---
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.events_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Resource: http://localhost:8088/Events.aspx
Referrer: http://localhost:8088/Gateway.aspx
Click here to return to the previous page Click here to return to the login page
Hey all,
I have recently taken over a sys admin position, and am required to move the location of the Kiwi Syslog Server logs to another file location. I have never used it prior. However, I can't seem to move the file.
Kiwi Syslog Server 9.2.1 (Free version.)
Windows Server 2003 SP2 (WORKGROUP)(VM)
Current configuration:
Log to Log File
Path and file name: C:\Program Files\Syslogd\Logs\SyslogCatchAll.txt
If I test the configuration, I can see the test messages in the location noted about. However, after I apply the settings, the older location (a CIFS share) continues to receive the actual syslogs of the devices we monitor.
There are three local users, all of which show the same configuration.
I have tried deleting and recreating the Log to Log File rule. No change.
I have tried starting and stopping the service. No change.
I have tried exporting the system settings, and then reimporting them. No change.
I have tried searching the registery for the old location. Nothing found.
I have two theories.
1. The settings are locked for some reason.
2. The settings are stored somewhere else.
Any help would be great.
Thanks,
Aaron
Solarwinds Padawan
looking for a guide to configure syslog server with Exchange server to pull exchange message tracking logs into syslog server.
I just downloaded the free 14 day trial of the syslog server yesterday. I am having one small problem in viewing this software. When I try to log on to the web access service, I am denied, and I know I am not typing in the wrong username or password. I have an approx. 8-12 length character password, and after entering it, the password line writes in its own characters. What I mean is that instead of the 8-12 length character password being entered, the screen freezes, makes the password some 30 characters long, and then denies me. Any help with this issue would be greatly appreciated.
Hello,
I am trying to send events from a Cisco 3750 switch to our Kiwi syslog server but am unsure of the config for the switch.
Should the following work:
Switch (config) # logging on
Switch (config) # logging Syslog Server IP
Switch (config) # logging trap error
This command will send (Error 3) events (0-3) to the Kiwi server via UDP514. Is this the supported method of transfer?
Should this work or is there a "Supported" switch configuration that I should be using.
Thank you,
Chris
HI all,
My first post, i wish to share you some tips i found.
My main goal was to have access to the kiwi web site working with SSL...
But looking at Cassinni Web Server, it wasn't possible.
After searching more on this forum I found a post about a Rewriting Module with Apache ; so why dont we do it with IIS ?
Here we go !
- Win 2008 R2 , IIS 7 (with auth modules etc ...) , at least a working SSL certificate for the HTTPS listener (this post will not cover how PKI works, certs installation etc .... sorry).
- We will use the ARR 2.0 module x64 for IIS... See References at bottom for DL link, install it.
- A running Kiwi Syslog Server and the Web Access working on port 8088. Access via a browser works on this port.
- Enable the rewrite/proxy module in IIS
- Create a new IIS Web Site with HTTPS Listener on TCP Port 8090
- Create a rule to rewrite requests from 8090 to 8088
- When connecting on https://server:8090 , we would see Kiwi Web page.
"C:\Windows\System32\inetsrv\appcmd.exe" set config -section:system.webServer/proxy /enabled:"True" /commit:apphost
set syslogwebdir=c:\inetpub\syslog
set syslogsitename=SYSLOG
"C:\Windows\System32\inetsrv\appcmd.exe" add site /name:"%syslogsitename%" /id:15 /bindings:https/*:8090: /physicalPath:"%syslogwebdir%"
3.1 With batch/cmd line(copy/past to a BAT file)
set CERTHASH=EnterYourHashHere
netsh http add sslcert ipport=0.0.0.0:8090 certhash=%CERTHASH% appid={00000000-0000-0000-0000-000000000000}
3.2 With IIS Manager (if you don't know where to read Hash Certificate).
-Right Click on SYSLOG site, modify Bindings.
-Select https 8090 * Listener > Modify.
-On the "box" SSL Certificate, choose your certificate for the server.
-"OK"
set syslogsitename=SYSLOG
set syslogrulename="Rewrite to Kiwi localhost 8088"
:: Rewrite Rule creation
"C:\Windows\System32\inetsrv\appcmd.exe" set config "%syslogsitename%" -section:system.webServer/rewrite/rules /+[name='%syslogrulename%']
:: Rule Parameters (one line)
"C:\Windows\System32\inetsrv\appcmd.exe" set config "%syslogsitename%" -section:system.webServer/rewrite/rules /[name='%syslogrulename%'].action.type:"Rewrite" /[name='%syslogrulename%'].match.url:"(.*)" /[name='%syslogrulename%'].action.url:"http://localhost:8088/{R:1}"
Test with your browser https://localhost:8090/
Now you can access from an "admin desktop" to this new SSL web site ...
Configure your firewalls to forbid access on port 8088 to this server (or/and configure the internal Windows Firewall of this server to allow only Localhost connection on 8088).
6. Refs Used
http://learn.iis.net/page.aspx/489/using-the-application-request-routing-module/
---
At the beginning i was thinking to use http://mysite/syslog/ as a virtual directory, but I got some troubles with events.aspx and the rewrite module.
Inbound Rules was OK ; But Outbound Rules to rewrite URLS were not working as expected ; and filters in Kiwi were not working anymore.
That's why i decided to create a new site on another binding, with a root site ; so don't need to create Outbound Rules ...
---
Sorry for my English ... i'm french :)
Hi
I was wondering if any one has come across this error before, I am unable to find the cause
Errorlog.txt
2013-02-14 12:27:04 Mail error: Type mismatch
2013-02-14 12:27:04 Requeuing 2 e-mail messages. Will retry in 1 minute.
SendMailLog.txt
02-14-2013 12:27:04 PI SMTP Server: smtp.X.X.X.X
02-14-2013 12:27:04 PI SMTP Port:
02-14-2013 12:27:04 PI SMTP Timeout: 30
02-14-2013 12:27:04 PI Message to: X@email.com
02-14-2013 12:27:04 PI Message from: y@email.com
02-14-2013 12:27:04 PI Subject: Syslog message from HOST
02-14-2013 12:27:04 PI Date: Thu, 14 Feb 2013 12:27:04 +1000
02-14-2013 12:27:04 PI Mail error: Type mismatch
I think it is resulting in delay in receiving emails and retransmissions
Kiwi syslog stopped collecting information. The view error log button is red and blinking. When i click to view the log
is see the below message repeating itself:
2011-03-18 10:54:01 Licensed action was found in settings and disabled.
2011-03-18 10:54:01 Licensed action was found in settings and disabled.
2011-03-18 13:37:56 Licensed action was found in settings and disabled.
2011-03-18 13:37:57 Licensed action was found in settings and disabled.
2011-03-18 13:37:57 Licensed action was found in settings and disabled.
I am needing to forward all of our DHCP audits to the syslog, however I cannot figure out how to do that with the Log Forwarder. Which source do I use in the Event Viewer? The audit is logged to a file. Is there any way to forward changes to files?
Under Kiwi Rule Actions I would like to send email from:
Kiwisyslog <account@domain>
For example Kiwisyslog <debbi@xcompany.org>
If I put anything other than the debbi@xcompany.org in the E-Mail From field under Actions, Kiwi questions if it is a valid E-mail From address. How can I formulate the field so it will say it is from Kiwisyslog and not just the email account, and Kiwi will not complain?
Thanks.
Debbi
We having been using Kiwi Syslog for years because of its flexibility and ease of use. It works well for alerting on syslog and traps, but we having been running into scalability issues the last year or so. We have tried everyone suggestions to get above the 15 million messages per hour mark. Syslog-ng appears to be the only viable option, but lacks the simplicity of managing advanced rules. Are there any plans for Kiwi to be able to take advantage of multi-cpu/multi-core hardware, or run multiple instances on the same box?
PROBLEM - pfSense syslogs for firewall event is split into two lines when it is sent to Kiwi syslog app.
Is there a way to edit configuration or parsing script to parse the pfSense event as one similar to what the Splunk app can do see link http://www.basementpctech.com/content/pfsense-log-analysis-splunk
I understand that this is a PFsense tcpdump/issue, but I have already tried changing link http://redmine.pfsense.org/issues/1938 without any luck, it just don't work, tried all combinations of changes without any luck.
Pfsense version = 2.0.1-RELEASE, (amd64) , built on Mon Dec 12 18:16:13 EST 2011 ,FreeBSD 8.1-RELEASE-p6
I would really appreciate any help with this, as I have already exhasted searching for a working soloution using Kiwi Syslog, and the only thing holding me back from purchasing this application.
Appreciate any help on this..........
Example from Kiwi Syslog
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:50:56:9d:53:fc [|bootp]
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 10.x.x.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:56:9d:53:fc, length 313, xid 0xf7d8ecbb, secs 3328, Flags[bcast]
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 00:00:08.003040 rule 1/0(match): block in on em0: (tos 0x0, ttl 128, id 12646, offset 0, flags [none], proto UDP (17), length 341)
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:xx:56:9d:53:fc [|bootp]
I am setting up Cisco Routers and assorted firewall with Kiwi to listen and alert on Bad Passwords with little success. I have also allowed SNMP. Has anyone have success with doing this and have any examples of the Cisco devices. We are using an assorted number of Cisco Routers, Switches, ASA firewalls, and VPN 3000 series gear.
logging trap errors
logging source-interface Ethernet0/0
logging 172.16.7.57
snmp-server community readmib RO
snmp-server enable traps snmp
snmp-server enable traps syslog
snmp-server host 172.16.7.57 traps writemib
!
Hi,
I am in the process of moving kiwi syslog server v9 from one system to other system. want to check if there is a simple process to migrate all settings instead of reconfiguring.
Thanks,
Sridhar
I just downloaded the free 14 day trial of the syslog server yesterday. I am having one small problem in viewing this software. When I try to log on to the web access service, I am denied, and I know I am not typing in the wrong username or password. I have an approx. 8-12 length character password, and after entering it, the password line writes in its own characters. What I mean is that instead of the 8-12 length character password being entered, the screen freezes, makes the password some 30 characters long, and then denies me. Any help with this issue would be greatly appreciated.
Using Kiwi Syslog (ver. 9.3) with log forwarder for windows (ver 1.1). Have one 2003 server that will not forward events of any type to the syslog server. All other servers in environment, both 2003 and 2008, will forward to syslog server. Have made exceptions in firewall rules, opened up port 514 and turned off firewall all together. Still no go. Test messages can be created, but not sent and actual events show up in security log (unsuccessful log in, event id 529) but are not forwarded. Any ideas on what to check next or is this just an unhappy old server that will not cooperate?