Unable to Install KiwiSyslog Server after Uninstallation. "Unlicensed Version is Detected" prompts prevents further installation.

July 3, 2012, 1:35 am

≪ Previous: 'How much traffic can Kiwi Syslog Server handle?'

Hi guys,

I recently installed Kiwi Syslog on a Windows Server 2008 machine, however I had to uninstalled the program as the customer wants to be on the D:\ . But now I am not able to install the program on D:\ or even back

on C:\ as I get the error message "an unlicensed version is detected" hence the installation cannot proceed any longer.

Can anyone help? Where can I delete the old files so i am able to install the software again? I need to install this quite urgently, I have the license with me but I did not activate the license in my previous installation since it was not installed on the right drive.

Please help.

Thanks.

↧

Additional MIB files support

January 18, 2018, 9:47 am

≫ Next: SolarWinds.SyslogServer.Engine.log

≪ Previous: Unable to Install KiwiSyslog Server after Uninstallation. "Unlicensed Version is Detected" prompts prevents further installation.

We have a custom made device that is sending SNMP traps. The vendor has created several MIB files to translate OID values, unfortunately the MIB files cannot be provided to Solarwinds to create a new MIB database file.

Does anyone know if it is possible to add additional MIB files to the MIB database file without Solarwinds assistants?

If the above is not support, can anyone recommend an alternative on how OID values can be translated? Or how OID values and exported from a MIB file?

Many Thanks

Adam

↧

SolarWinds.SyslogServer.Engine.log

April 6, 2017, 11:52 am

≫ Next: [Log to file Action Error] Merging 2 or more hostnames in one file

≪ Previous: Additional MIB files support

Hi, I was hoping someone can explain the log files ('SolarWinds.SyslogServer.Engine.log') created in the Syslogd folder to me. What purpose do they serve? Are they safe to delete? Can I set them to be created in a different directory?

Thank you.

↧

[Log to file Action Error] Merging 2 or more hostnames in one file

February 10, 2015, 8:22 am

≫ Next: Kiwi Syslog Service hanging

≪ Previous: SolarWinds.SyslogServer.Engine.log

Hello folks.

My Kiwi Syslog is merging 2 or more hostnames (devices) in the same file when: "Log to file Action".

For example, i have 3 devices:

10.168.1.20
10.168.1.201
10.168.1.202

In the root folder of files, i had 3 folders, one for each hostname.

The 10.168.1.201 and 10.168.1.202 are logging correctly. But when i should have the 10.168.1.20 logs, i have a merge of 10.168.1.201 and 10.168.202 (without the 10.168.1.20).

I check another scenario (that i consider worse)...

I had a file log from 10.120.1.2. But this device don't exist.

IN this file, are logged 6 devices: 10.120.1.20, 10.120.1.25, 10.120.1.26, 10.120.1.27, 10.120.1.28 and 10.120.1.29.

The logs below, are in same file:

2015-02-10 00:10:19	Local4.Warning	10.120.1.2	Feb 10 2015 02:10:19 HQ-BL1-HW9306-A1 %%01LLDP/4/BAD_PACKET(l)[2159934]:8 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/14.
2015-02-10 00:11:26	Local4.Warning	10.120.1.2	Feb 10 2015 02:11:26 HQ-BL1-HW9306-A3 %%01LLDP/4/BAD_PACKET(l)[3194428]:6 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/19.
2015-02-10 00:11:45	Local4.Warning	10.120.1.2	Feb 10 2015 02:11:45 HQ-BL1-HW9306-A2 %%01LLDP/4/BAD_PACKET(l)[6928978]:7 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/4.
2015-02-10 00:11:46	Local4.Info	10.120.1.2	Feb 10 2015 02:11:46 HQ-BL1-HW9306-A5 %%01MSTP/6/SET_PORT_LEARNING(l)[2711307]:In process 0 instance 0, MSTP set port GigabitEthernet2/0/29 state as learning.

Is a bug, or some misconfigured of my part?

Looking forward for a help,

Regards Fold

↧

Kiwi Syslog Service hanging

May 26, 2017, 11:45 am

≫ Next: How to encrypt syslog from cisco switch or router into Kiwi syslog?

≪ Previous: [Log to file Action Error] Merging 2 or more hostnames in one file

1st time starting a discussion.

1st time working with Kiwi Syslog.

Let me know if I'm in the wrong place.

I am very new to Syslog Servers.

I'm a Route/Switch type guy.

We are using Kiwi Syslog to get Call Manager Call Traces for troubleshooting.

This Instance of Kiwi Syslog was working fine as a Guest VMware Server on a Host Server.

We used the app Veeam to move the Kiwi Syslog VMware Guest Server to another Host.

This issue started after the copy/move of the Kiwi Syslog

No IP addresses were changed, it's on the same network as before.

It starts up, logs are being received, and then they stop.

If you try to start the service, it tells you it's already running.

At the bottom of the Kiwi Syslog Service Manager, you can see the MPH indicator has stopped.

Looking at the correct folder I can see the logs are no longer being received.

If I stop the service and start the service it starts.

There is a script that tells it to restart every morning at 4am, and it will do this.

Below is the error event seen when it stopped last time.

Windows Server 2012 R2

64 -bit OS

Has anyone seen this type of issue before?

Any help would be greatly appreciated,

Mhaley

↧

How to encrypt syslog from cisco switch or router into Kiwi syslog?

June 16, 2014, 4:01 am

≫ Next: Kiwi 9.4.1 "** INTERNAL PROGRAM ERROR | Error Number: 401 | **"

≪ Previous: Kiwi Syslog Service hanging

I want to encrypt syslog from Cisco swirtch or router into Kiwi Syslog.

I read somewhere I can use syslog tls or snmp trap v3

Is that possible using Kiwi Syslog

thanks

↧

Kiwi 9.4.1 " INTERNAL PROGRAM ERROR | Error Number: 401 | "

April 27, 2016, 7:33 am

≫ Next: How to delete old records from Kiwi Syslog Web Access?

≪ Previous: How to encrypt syslog from cisco switch or router into Kiwi syslog?

Hello

I don’t know if this is the proper place where looking for help about Kiwi syslog 9.4.1. Sorry if I wrong.

End customer is using free Kiwi Syslog 9.4. for interconnect a Cisco Call Manager Express with an Accounting Tool which read and processes syslog events sent by the CME

We faced that kiwi stopped processing received events. We found Error Number: 401 after rebooting the server because Kiwi was not processing any event.

And also, some times, and frequently, the same event stacks and is processed hundreds of times… and so the accounting tool shows the same call hundreds of times…

Seems that all is related.

Syslogd_TechSupport.zip attached

Thanks by advance for your help.

End customer is using free Kiwi Syslog 9.4. I don’t know if you can help me in any way.

↧

How to delete old records from Kiwi Syslog Web Access?

September 4, 2009, 8:18 am

≫ Next: How to load-balance Kiwi Syslog servers

≪ Previous: Kiwi 9.4.1 "** INTERNAL PROGRAM ERROR | Error Number: 401 | **"

How to delete records from the Kiwi Syslog Web Access?

Thanks.

↧

How to load-balance Kiwi Syslog servers

December 23, 2013, 12:31 pm

≫ Next: Event Log Forwarder - Where is the Audit Failure Type?

≪ Previous: How to delete old records from Kiwi Syslog Web Access?

I've got a set of 3 Kiwi servers sitting behind an F5, which I *thought* would effectively load balance the incoming syslog volume (I'm seeing around 5-8million messages per hour, and we haven't really turned everything on yet).

The problem, I just discovered, is that F5 load balances based on connections, not messages/packets. So round robin isn't round robin since most of my sending systems are passing new messages (and therefore creating a connection) more than even the lowest "disconnect after" option on the F5 (which is 1 second).

So my first server is maxing out at about 5million MPH and 0% buffer, while server 02 gets 2million messages and 80% buffer, and server 03 gets barely anything at all.

Has anyone else tried this, and have you found a work around (it doesn't have to be an F5. I just need the ability to create a pool of Kiwi servers and have all the systems in my enterprise sending to ONE ip address.

Thanks!

- Leon

↧

Event Log Forwarder - Where is the Audit Failure Type?

March 18, 2015, 5:40 pm

≫ Next: What happens to syslog forwarder when internet down

≪ Previous: How to load-balance Kiwi Syslog servers

Hi There,

I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?

Thanks,

↧

What happens to syslog forwarder when internet down

April 5, 2018, 9:08 pm

≫ Next: Kiwi Syslog Service Keeps crashing

≪ Previous: Event Log Forwarder - Where is the Audit Failure Type?

Hi guys,

I'm just wondering what will happen.Let's say, I forward syslog from my firewall to kiwi syslog server(Syslog Server A), and the syslog server is configured to forward syslog to another syslog server(Syslog Server B) via Internet/Ipsec tunnel. If the internet connection is down for 12 hours, what will happen to the syslogs captured by Syslog Server A during the 12 hours? Will Syslog Server B still get all the 12 hours syslogs when internet connection restored?

Regards,

Muk

↧

Kiwi Syslog Service Keeps crashing

March 19, 2010, 11:05 am

≫ Next: Procurve switches not sending syslog messages in KIWI syslog

≪ Previous: What happens to syslog forwarder when internet down

We have been experiencing an issue with our Kiwi Syslog Service crashing about every other day. We are running version 9 and have a pretty standard setup where we are pushing syslogs from all of our devices in our network. We have quite a bit of stuff logging to our Syslog server and are easily breaching the 200000 maximum message count throughout the day and getting email's. We up'ed that and seem to be doing better however the syslog service continues to fail and will at times restart itself based off of the services recovery failure to restart the service but this is happening way to often.

Has anyone else seen this problem and if so, what kinds of things did you try/do? Is this box just getting pegged so hard that it's causing the service to malfunction and trip up? I'm not a Windows guy but is this issue even Windows related? The only other application we have running on this server is CatTools and it runs clean with no service issues. The systems team has taken a look at the server and believe this to be related only to the Kiwi application itself.

Next Steps: I'm thinking of removing and rebuilding the Kiwi 9 application from scratch to see if this corrects the issue but wanted some direction from the forum if anyone has any good ideas/suggestions.

Thankyou in advance!

↧

Procurve switches not sending syslog messages in KIWI syslog

July 25, 2013, 6:58 am

≫ Next: How to load-balance Kiwi Syslog servers

≪ Previous: Kiwi Syslog Service Keeps crashing

Hi all,

New here, searched for discussions but found no entry on procurve switch(es).

The Procurve switches will not send any syslog messages (wiresharked the server)

Turned on logging on the switch: logging 'ip-address'

show debug

Debug Logging

Source IP Selection: Outgoing Interface
Destination:
Logging --
'ip-address' Kiwi Syslog server

       Protocol = UDP
       Port     = 514
     Facility = user
     Severity = info
     System Module = all-pass
     Priority Desc =

tried facility 'syslog' still nothing.

Only the Procurve switches will not send any syslog messages.

Other devices such as Cisco ASA's work fine.

Anyone ideas to solve this?

TIA Jaap

↧

How to load-balance Kiwi Syslog servers

December 23, 2013, 12:31 pm

≫ Next: How to encrypt syslog from cisco switch or router into Kiwi syslog?

≪ Previous: Procurve switches not sending syslog messages in KIWI syslog

So my first server is maxing out at about 5million MPH and 0% buffer, while server 02 gets 2million messages and 80% buffer, and server 03 gets barely anything at all.

Thanks!

- Leon

↧

How to encrypt syslog from cisco switch or router into Kiwi syslog?

June 16, 2014, 4:01 am

≫ Next: Kiwi syslog - 2011-03-18 10:54:01Licensed action was found in settings and disabled.

≪ Previous: How to load-balance Kiwi Syslog servers

I want to encrypt syslog from Cisco swirtch or router into Kiwi Syslog.

I read somewhere I can use syslog tls or snmp trap v3

Is that possible using Kiwi Syslog

thanks

↧

Kiwi syslog - 2011-03-18 10:54:01Licensed action was found in settings and disabled.

March 18, 2011, 4:43 am

≫ Next: Kiwi Syslog not receiving any message

≪ Previous: How to encrypt syslog from cisco switch or router into Kiwi syslog?

Kiwi syslog stopped collecting information. The view error log button is red and blinking. When i click to view the log

is see the below message repeating itself:

2011-03-18 10:54:01 Licensed action was found in settings and disabled.

2011-03-18 13:37:56 Licensed action was found in settings and disabled.

2011-03-18 13:37:57 Licensed action was found in settings and disabled.

↧

Kiwi Syslog not receiving any message

October 2, 2014, 5:44 am

≫ Next: 'How much traffic can Kiwi Syslog Server handle?'

≪ Previous: Kiwi syslog - 2011-03-18 10:54:01Licensed action was found in settings and disabled.

Hello,

I just installed Syslog on a Windows 8 VM (ESXi 5.5).

However... I don't received any message from the router (Cisco RV042G) I want to log.

I tried the generic troubleshhoting :

• Check network connectivity by pinging from the sending device to the Syslog Server machine => OK
• Check only one instance of Kiwi Syslog Server is running (Ctrl-Shift-Esc to get the task-list) => OK, only one
• Disable any personal firewall software such as ZoneAlarm or BlackIce => Disabled

• Use a sniffer to check if messages from the routing are reaching the PC => Yes, I can see them
• Check DNS resolution is working as expected by pinging a hostname from the Command Prompt => OK
• Check that there is a "Display" action setup for the facility and level you are expecting to receive messages on. => OK
• Send a test message to yourself by pressing Ctrl+T => Displayed
• Download a copy of the Free Syslog Server Message Generator (SyslogGen) from: www.kiwisyslog.com/downloads => Done
• Install SyslogGen and set it to send a message every second to the address 127.0.0.1 (local host). => Not displayed, and I don't see them in a local packet capture.
• Try sending messages with SyslogGen from another machine to the host running the Syslog Server => Not displayed, but see them on a packet capture (on Syslog PC)

Do you have any idea about the cause of this issue ?

Thanks in advance for your help.

↧

'How much traffic can Kiwi Syslog Server handle?'

January 3, 2016, 8:13 pm

≫ Next: Kiwi Syslog "Check for update..." error

≪ Previous: Kiwi Syslog not receiving any message

according to the FAQ.. Our software is built and tested to support more than two million messages an hour without tuning. (That would support more than 500 machines each sending one message a second.)

This blog says to split out your busiest syslog source...

How many messages can Kiwi Syslog manage?

But what do you do when a single source exceeds 600-1000 messages per second? eg., upstream syslog aggregator or firewalls

↧

Kiwi Syslog "Check for update..." error

August 29, 2017, 12:29 pm

≫ Next: Kiwi Syslog Server Tool - Free to use or just a trial version for 14 days?

≪ Previous: 'How much traffic can Kiwi Syslog Server handle?'

We are new to Kiwi Syslog and are just getting things configured. We are on version 9.6.1.6. One thing I immediately noticed is that running the "Check for update..." results in the following error: "An error occurred while checking for available software updates. Check internet connectivity or proxy server settings.".

We have no proxy server enabled. From the server with Kiwi Syslog, I have Internet connectivity via a browser with no problems.

From Kiwi's error log, I see the following line associated with the failed update: "Info: An error occurred while checking for available software updates. Moved Temporarily [20152] - Resource: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml". If I paste that URL into a browser, it returns the following:

<?xml version="1.0"?>

-<KiwiSyslogServerVersionManifest Version="1">

<CurrentVersion Version="9.6.1" Link="http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip" DateReleased="2017-05-01"> New in 9.6.1 update ------------------------------ * Kiwi Syslog Server no longer creates large SolarWinds.SyslogServer.Engine.log fileswhich consume significant disk space. * Kiwi Syslog Server diagnostic information shows the correct buffer usage for all types of messages * If you do not see a "Download Update" button below, copy and paste the following link into your browser to download: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip</CurrentVersion>

</KiwiSyslogServerVersionManifest>

I can then paste the .zip link it references into a browser and get the zip file to download (although it appears to be the same version we already have).

Has anyone experienced the same issue or know how to fix it?

Thanks!

↧

Kiwi Syslog Server Tool - Free to use or just a trial version for 14 days?

December 19, 2017, 5:46 pm

≫ Next: Kiwi Syslog Server v9.6.0/9.6.1 need ".NET Framework 4.0" ?

≪ Previous: Kiwi Syslog "Check for update..." error

I would like to get a verification for the stated tool, is it a freeware tool that I can use with a limitation features or is just 14 days trial version tool?

↧