Kiwi Syslog Service slow to start, possibly causing install to fail

April 15, 2013, 12:44 pm

≫ Next: Syslog 9.1 log to sql database error

Hello, I ran the Kiwi Syslog trial previously with no problems at all on a virtual server running Windows Server 2008 R2 64 bit. When I came to upgrade it to a registered version, the install failed at the end, at the part where the Kiwi Syslog server gets started.

The error is: Kiwi Syslog Server Service Installation failed. The Kiwi Syslog Server Service could not be installed using account. Please run the installer again and try another user account (eg. LocalSystem or a member of the local Administrators group).

Sometimes the error is: Kiwi Syslog Server Service failed to start. Please try installing the service again using a member of the Administrators group.

I ran the setup application as administrator, using a domain user account which is in a security group in the local administrators group. I chose LocalSystem as the account to run it as.

I also tried using the local administrator, with the same results.

If I try to start the service manually, it eventually starts, but takes about 40 or so seconds. But it doesn't stay up for long.

The Windows Event Viewer doesn't seem to log anything when the service quits.

I had no such problems with the evaluation copy. Perhaps a clean install is required? How would I go about doing this? I've uninstalled, then deleted C:\Program Files (x86)\syslogd, then deleted c:\Program Data\solarwinds and also HKLM\Software\Wow6432Node\SolarWinds. Have I missed anything?

Thank you.

↧

Syslog 9.1 log to sql database error

October 11, 2010, 2:10 pm

≫ Next: Kiwi Syslog not capturing syslogs

≪ Previous: Kiwi Syslog Service slow to start, possibly causing install to fail

Hello all,

I keep getting the below errors when trying to send info to our SQL database.

2010-10-10 16:49:39 DBLogger.ClearQueue aborted with error: Incorrect syntax near '2222:43:netmgtd:10-Oct-2010 16:49:37.018014:rca_ocp.c:295:INFO:25.2.4:GUI: Account admin from 10.X.X.XX logged in to 10.X.X.X'. - SQL statement has been removed from the database cache. [Syslogd_TaskEngine.exe 2.5.151] (801) INSERT INTO Syslogd (MsgDate,MsgTime,MsgPriority,MsgHostname,MsgText) VALUES ('2010-10-10','16:49:38','User.Info','10.X.X.XXX','2222:43:netmgtd:10-Oct-2010 16:49:37.018014:rca_ocp.c:295:INFO:25.2.4:GUI: Account admin from 10.X.X.XX logged in to 10.X.X.XXX. ') : C:\Program Files\Syslogd\DBCache\ca7ad33fa4e635d00d4106908427f600 [Line:0]

I have setup the the log to database using the built in sql file format as well as creating one from scratch. What I don't get is that every time I use the debug command, the table gets updated properly without any errors. But when I apply my settings the log file gets filled with errors. I know it is complaining about quotes someplace, but in the view none of the statements have any quotes in them.

Any help would be greatly appreciated.

Thank you,

Giuseppe

↧

Kiwi Syslog not capturing syslogs

May 14, 2013, 1:40 pm

≫ Next: Kiwi Notifications

≪ Previous: Syslog 9.1 log to sql database error

Installed Kiwi Syslog Free version 9.3.4 on Windows Server 2008 R2. Trying to capture syslog from a Cisco ASA 5510. I have confirmed that the syslog events are hitting the server with Wireshark. Nothing is coming through to Kiwi Syslog. Current settings are all default. No filters in place. Not sure what is wrong as I can see the syslog messages coming through Wireshark. Any ideas as to why the syslog messages are not being seen by Kiwi?

↧

Kiwi Notifications

September 23, 2009, 10:20 am

≫ Next: Kiwi Syslog Server High CPU Utilization - Messages Seem to be behind

≪ Previous: Kiwi Syslog not capturing syslogs

Is there anyway Kiwi syslog can be setup to monitor certain changes in the network like OSPF Neighbor state changes and send out an alert right away? Is there another product that can do this if Kiwi Syslog can't do it.

↧

Kiwi Syslog Server High CPU Utilization - Messages Seem to be behind

September 8, 2010, 11:51 am

≫ Next: Doc, KB and Getting Started

≪ Previous: Kiwi Notifications

The CPU on my Kiwi Syslog Server is Pegged. Here is the Diagnostic info file from the server.

Kiwi Syslog Server [Registered] Version 9.0.3

/// Kiwi Syslog Server Statistics ///
---------------------------------------------------
24 hour period ending on: Wed, 08 Sep 2010 14:44:34
Syslog Server started on: Wed, 08 Sep 2010 13:37:39
Syslog Server uptime: 1 hour, 7 minutes
---------------------------------------------------

+ Messages received - Total:          1098753
+ Messages received - Last 24 hours: 1098753
+ Messages received - Since Midnight: 1098753
+ Messages received - Last hour:      996804
+ Message queue overflow - Last hour: 416654
+ Messages received - This hour:      101949
+ Message queue overflow - This hour: 12336
+ Messages per hour - Average:        996804

+ Messages forwarded: 769810
+ Messages logged to disk: 1194581

+ Errors - Logging to disk:           0
+ Errors - Invalid priority tag:      0
+ Errors - No priority tag:           2
+ Errors - Oversize message:          309

+ Disk space remaining on drive E:    41554 MB

    Breakdown of Syslog messages by severity
+--------------------+------------+------------+
| Message Level      | Messages | Percentage |
+--------------------+------------+------------+
| 0 - Emerg          |         0 |      0.00% |
| 1 - Alert          |      2753 |      0.25% |
| 2 - Critical       |       496 |      0.05% |
| 3 - Error          |      5745 |      0.52% |
| 4 - Warning        |    103603 |      9.43% |
| 5 - Notice         |     42938 |      3.91% |
| 6 - Info           |    775902 |     70.62% |
| 7 - Debug          |    167316 |     15.23% |
+--------------------+------------+------------+

Custom statistics
-----------------
CustomStats01: 0
CustomStats02: 0
CustomStats03: 0
CustomStats04: 0
CustomStats05: 0
CustomStats06: 0
CustomStats07: 0
CustomStats08: 0
CustomStats09: 0
CustomStats10: 0
CustomStats11: 0
CustomStats12: 0
CustomStats13: 0
CustomStats14: 0
CustomStats15: 0
CustomStats16: 0

End of Report.

DNS Cache size  20000
DNS Cache entries 2
Entries in queue 0
DNS Cache hits  0
DNS Cache misses 0
DNS Cache TTL  1440 minutes
Total DNS Lookups 0
Successful cache hits 0%

IP Address Hostname TTL (minutes)
127.0.0.1 localhost Static
::1 localhost Static

Message Buffer Information
==========================
Message Queue Max Size: 20000
Message Queue overflow: 428990
Message Count:          19932
Message Count Max:      20000
Percentage free:        1

E-mail Buffer Information
==========================
Message Queue Max Size: 1000
Message Queue overflow: 0
Message Count:          0
Message Count Max:      13
Percentage free:        100

↧

Doc, KB and Getting Started

June 19, 2013, 3:01 am

≫ Next: Sending events from Cisco 3750 switch

≪ Previous: Kiwi Syslog Server High CPU Utilization - Messages Seem to be behind

Kiwi Syslog

↧

Sending events from Cisco 3750 switch

January 19, 2011, 8:13 am

≫ Next: Kiwi Syslog Alert

≪ Previous: Doc, KB and Getting Started

Hello,

I am trying to send events from a Cisco 3750 switch to our Kiwi syslog server but am unsure of the config for the switch.

Should the following work:

Switch (config) # logging on
Switch (config) # logging Syslog Server IP
Switch (config) # logging trap error

This command will send (Error 3) events (0-3) to the Kiwi server via UDP514. Is this the supported method of transfer?

Should this work or is there a "Supported" switch configuration that I should be using.

Thank you,

Chris

↧

Kiwi Syslog Alert

April 4, 2013, 12:49 am

≫ Next: Kiwi Syslog Alert.

≪ Previous: Sending events from Cisco 3750 switch

Hi,

I am one of the user of kiwi syslog, in the log I am running the rules with filter of IP Address Range & action place - am using email action So whenever logs are coming this action is working.

I want to create the alert when the logs are stopping for my created rules. Anyone having the idea how to do that?

Once the logs generation is stopped i should get email alert?

↧

Kiwi Syslog Alert.

September 3, 2013, 5:47 am

≫ Next: Kiwi Syslog WebAccess Installation Error (error code is 2869)

≪ Previous: Kiwi Syslog Alert

I need an alert when a message arrives containing the word "OSPF" or "STP", I want it to send an email to a group of ADM Network. There is that possibility?

Thanks =).

↧

Kiwi Syslog WebAccess Installation Error (error code is 2869)

October 27, 2010, 8:29 pm

≫ Next: Kiwi Syslog not capturing syslogs

≪ Previous: Kiwi Syslog Alert.

*Kiwi Syslog Server V.9.1.0
*Windows 2008 SP1 and SP2 64bit

Our client encountered a Kiwi Syslog WebAccess installation error.

The error message is as follows:
=============================================
The installer has encountered an unexpected error
installing this package. This may indicate a problem
with this package.The error code is 2869.
=============================================
*Kiwi Syslog Server service runs correctly.

*The client stopped Anti-Virus service before the installation.

Are there some information to resolve the problem?

↧

Kiwi Syslog not capturing syslogs

May 14, 2013, 1:40 pm

≫ Next: Kiwi Syslog Server and SNMP Traps on VMWare ESXi 4.0

≪ Previous: Kiwi Syslog WebAccess Installation Error (error code is 2869)

↧

Kiwi Syslog Server and SNMP Traps on VMWare ESXi 4.0

February 24, 2010, 6:27 am

≫ Next: Changing the userid for Syslog Web Access

≪ Previous: Kiwi Syslog not capturing syslogs

Good Day,

We are have an issue getting SNMP trap inputs to work on Kiwi v9. We have installed Kiwi on both a WinXP (with SNMP trap service) and Win2k3 Virtual Machine. When collecting syslogs it works fine. However when we configure the SNMP inputs under setup, we get a message stating that it "cannot open snmp listener on port 162"

There was no other SNMP software installed as it suggested that the port is already bound to an interface. We then installed the Solarwinds Engineer's toolset on the VM and used the trap receiver. Once alarms were generated this worked well while Kiwi is still unable to receive the traps.

Finally, we used a standalone laptop and loaded Kiwi. Using the same address as the VM we were able to receive the SNMP traps from the device under test. The platform that Kiwi was loaded onto was WinXP with Trap service installed.

Any ideas anyone? Any assistance will be greatly appreciated. I saw in the forum something about UDP Spoofing being unable to work as well and I was wondering if it had any connection.

↧

Changing the userid for Syslog Web Access

October 13, 2009, 2:06 pm

≫ Next: Kiwi Syslog 9.4 is Now Available!

≪ Previous: Kiwi Syslog Server and SNMP Traps on VMWare ESXi 4.0

During installation of Syslog Web Access, you are prompted for a userid and password. The password can be changed at any time easily.

But how does one change the userid? Where is it stored?

We even went as far as trying to reinstall syslog web access to get to the initial userid prompt again. But having already asked us once, it did not ask us again.

Thanks,

-Ken

↧

Kiwi Syslog 9.4 is Now Available!

September 4, 2013, 2:57 am

≫ Next: Kiwi Syslog Server Web Access can't start

≪ Previous: Changing the userid for Syslog Web Access

We are pleased to announce the general availability of Kiwi Syslog v9.4.

This version includes the following enhancements:

New UltiDev Web Server implementation.
Active Directory authentication for web access.
Support for SSL (https) support for Web Access
Alerting for Message Queue Monitor based on defined thresholds.

Kiwi Syslog v9.4 is available for download in your customer portal for those customers under current Kiwi Syslog maintenance.

You can view the full set of release notes, including problems fixed here.

Enjoy Kiwi Syslog 9.4!

↧

Kiwi Syslog Server Web Access can't start

November 26, 2010, 4:44 am

≫ Next: How Do I add a Mac Address Field or Column?

≪ Previous: Kiwi Syslog 9.4 is Now Available!

Hello!

I install Kiwi Syslog Server & Web Access.

Kiwi Syslog Server start and i see events from my devices, but when i start Kiwi Syslog Server Web Access its could not start:

"Kiwi Syslog WebAccess requires Kiwi Syslog Server to be online, but it is offline"

What's problem?

Version 9.2

↧

How Do I add a Mac Address Field or Column?

December 13, 2012, 12:23 pm

≫ Next: syslog missing packets

≪ Previous: Kiwi Syslog Server Web Access can't start

Hello,

I am tracking dynamic IP computers. How can I add a field or column for MAC address so I know what which traffic belongs to which computer.

↧

syslog missing packets

September 4, 2013, 12:21 pm

≫ Next: Doc, KB and Getting Started

≪ Previous: How Do I add a Mac Address Field or Column?

I am running the Kiwi Syslog Server (free version 9.4) and it is not showing or recording any syslog info.

1. It does get localhost test messages

2. under file | setup | inputs | UDP, it is set to listen, port 514, nothing for the "bind to" address.

3. There are no filters and the action is display and log to file (default install).

4. I've rebooted the windows (Win 7) machine.

5. The packets are being sent from a local linux machine using socket() and sendto()

6. wireshark running on the same machine as kiwi syslog does see the packets and identify them as syslog packets

7. The behavior is the same whether the win7 firewall is on with the Kiwi input rule exceptions on, or if the firewall is off

8. Kiwi is not logging any errors

9. outbound ping from the Windows machine running Kiwi syslog works.

10. If the win7 firewall is off, inbound ping from the local linux machine to the Windows machine works.

11. I'm running it as an application, not as a service / daemon.

Any suggestions?

-Marty

↧

Doc, KB and Getting Started

June 19, 2013, 3:01 am

≫ Next: Sending events from Cisco 3750 switch

≪ Previous: syslog missing packets

Kiwi Syslog

↧

Sending events from Cisco 3750 switch

January 19, 2011, 8:13 am

≫ Next: How do you set up AD integration in Kiwi Syslog?

≪ Previous: Doc, KB and Getting Started

Hello,

Should this work or is there a "Supported" switch configuration that I should be using.

Thank you,

Chris

↧

How do you set up AD integration in Kiwi Syslog?

September 5, 2013, 1:42 pm

≫ Next: Wrong IP showing as from 127.0.0.1 ?

≪ Previous: Sending events from Cisco 3750 switch

I upgraded to Kiwi Syslog Server 9.4 to take advantage of the AD integration feature, but can't seem to find any documentation on how to set it up. Can someone point me in the right direction?

Thanks,

Dave

↧