i have web access enabled, and it is showing logs, just not the current logs.
E:\Program Files\Syslogd\Logs\ is showing txt files for the current date, but what is being displayed in the web console is the oldest file
The service manager is showing live data being captured
how can i get the web access to also show the live data being captured?
Hello guys,
I setup kiwi syslog server and could receive message from other devices, such cisco switch 2960, 5510, and windows server. But can not get any message from 3750. I enclosed 3750 configuration as below. Please help to take a look and where am I wrong. Thank you.
logging trap notifications
logging facility local5
logging 192.168.0.51
Hello,
I''ve tried searching the forum but was unable to find an answer to this specific issue. I just setup Kiwi Syslogd (paid) and have been testing logging from some firewalls. While I have no problem creating the log files and directory structure, log files are being created about every minute. I thought I'd modified this behavior by enabling Log File Rotation (under the Log to File action) with Total number of log files set to "2" and Maximum log file age set to "1 hour", but I am still seeing a log file being created every minute and I do not understand why. Yes I am using AutoSplit Values within the pathname btw (I saw this mentioned in another post), but I'm not sure why this would still generate a file each minute. I'm clearly lost so thank you in advance for pointing me in the right direction.
-l4d
Hi All,
Few months back we bought Kiwi Syslog Server license version because of the SSL feature only. I enabled the option Secured TCP option. But unfortunately it is unable to bind the port itself.
It says "invalid certificate provided". We use the same SSL certificate for other products with no issues. If use the same port for TCP or UDP only then it is working fine. I could not find what is the exact issue.
I contacted the SolarWinds customer portal few months back. They are not able tell what is exactly going on. Can you some one help me in fixing the problem?
Regards,
Abdun
Hi,
i never used syslog servers and i would like to setup a logging system for my meraki mr32 devices.
I tried to setup myself Kiwi with the mr32 but with no success.
Can someone help?
I currently have a Kiwi Syslog (9.3.4) on a Windows Server 2003 R2 (x64) and would like to know the following;
1. Can I install the current version (9.3.4) into a newly build Windows Server 2012 R2 machine? Is it compatible with Server 2012 R2? If yes, can I move the database of the old Kiwi to the newly installed Kiwi Syslog server? If no;
2. Can I install the new version (9.5) into a newly build Windows Server 2012 R2 without buying a new license?
Thanks guys.
Is there a way to collect access logs from a local machine and other machines regarding administrative access and generate a report for GDPR?
Hello folks.
My Kiwi Syslog is merging 2 or more hostnames (devices) in the same file when: "Log to file Action".
For example, i have 3 devices:
In the root folder of files, i had 3 folders, one for each hostname.
The 10.168.1.201 and 10.168.1.202 are logging correctly. But when i should have the 10.168.1.20 logs, i have a merge of 10.168.1.201 and 10.168.202 (without the 10.168.1.20).
I check another scenario (that i consider worse)...
I had a file log from 10.120.1.2. But this device don't exist.
IN this file, are logged 6 devices: 10.120.1.20, 10.120.1.25, 10.120.1.26, 10.120.1.27, 10.120.1.28 and 10.120.1.29.
The logs below, are in same file:
| 2015-02-10 00:10:19 | Local4.Warning | 10.120.1.2 | Feb 10 2015 02:10:19 HQ-BL1-HW9306-A1 %%01LLDP/4/BAD_PACKET(l)[2159934]:8 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/14. |
| 2015-02-10 00:11:26 | Local4.Warning | 10.120.1.2 | Feb 10 2015 02:11:26 HQ-BL1-HW9306-A3 %%01LLDP/4/BAD_PACKET(l)[3194428]:6 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/19. |
| 2015-02-10 00:11:45 | Local4.Warning | 10.120.1.2 | Feb 10 2015 02:11:45 HQ-BL1-HW9306-A2 %%01LLDP/4/BAD_PACKET(l)[6928978]:7 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/4. |
| 2015-02-10 00:11:46 | Local4.Info | 10.120.1.2 | Feb 10 2015 02:11:46 HQ-BL1-HW9306-A5 %%01MSTP/6/SET_PORT_LEARNING(l)[2711307]:In process 0 instance 0, MSTP set port GigabitEthernet2/0/29 state as learning. |
Is a bug, or some misconfigured of my part?
Looking forward for a help,
Regards Fold
Is it possible for Kiwi to send an email alert only after X number of message types are received in Y units of time? I set up a test action and it (unintentionally!) generated about 200 events in 10 seconds. I'm still getting the emails from my kiwi server...
Has anyone been able to forward subscribed events (from other machines) to Kiwi Syslog server using Event Log Forwarder for Windows? I am trying to setup a single point to collect events to be forwarded to our syslog server.
I setup a test and subscribed to events from another machine to be placed in the Windows Logs -> Application. I see the forwarded events in Windows Event Viewer, but when viewing the "preview of matching event records" (Event Log Forwarder for Windows) I only see the events sources from the computer running the event log forwarder. (see the attached screenshot)
Thanks!
Jeremy
how to setup snort-log link to syslog server?
in snort.conf (windows 7 32 bits)
output alert_syslog: host=127.0.0.1:8080, LOG_AUTH LOG_ALERT
command :
snort -i 1 -c c:\snort\etc\snort.conf -s
then get a file in c:\snort\log\snort.log.1493058792.
please tell me, how to send log to syslog server?
thank you
I have Kiwi Syslog server v9.6.3.3 installed as a 14 day evaluation. I successfully setup 3 servers to send event logs to the server using the SolarWinds Log Forwarder software. I setup 2 additional servers using the same method and settings and none of the events appear in the Kiwi Syslog Server. No errors appear on the client or server. How can I troubleshoot this problem?
I am having kiwi syslog 9.5 installed.
I choose to install as service and also installed the web access.
The syslog console opened fine and I see logs on displayed and also to file.
However, with the web access, it shows nothing (what so ever). I checked the Setup on Console Manager and see that under Rules i have 2 exact same option for "Log to Syslog Web Access". Everything under that options checked.
But I still see no log on web access.
1) I tried to uncheck all the "Log to Syslog Web Access".
2) Closed the Console Manager and reopened it
3) Checked mark one of the 2 optioins "Log to Syslog Web Access" and everything below it.
4) Opened and log in to web access -> Still see nothing.
any idea?
So I tried searching to see if this question was asked before but nothing came up. (at least in regards to this question)
I am installing this on our 2012R2 windows servers so they can forward logs to kiwi.
for the default syslog facility setting, which should I pick if I want to forward say applications, security and system?
Whatever I think closely matches that? The docs don't discuss this in any real detail other than to mention network devices (which I already knew) and unix.
Thanks in advance.
Hi There,
I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?
Thanks,
Hi,
i never used syslog servers and i would like to setup a logging system for my meraki mr32 devices.
I tried to setup myself Kiwi with the mr32 but with no success.
Can someone help?
We have two syslog servers and use a F5 to load balance between the two. In total they receive around 45 million messages a day.We have around a dozen rules that forward messages onto a security appliance or splunk and it can take around 30 minutes before those messages arrive. It can also take 30 minutes for any emails to end up in a users mailbox.
As soon as we start the syslog service the message count on the buffer starts to climb and eventually the overflow queue increase. We haven't checked the stats for a while but one of the servers had a overflow queue count of 125,000! It is a VM server running Windows 2003, 2 CPU's and 4Gb RAM.
Here are the stats from the first hour of starting the syslog service
Kiwi Syslog Server [Licensed] Version 9.4.1
/// Kiwi Syslog Server Statistics ///
---------------------------------------------------
24 hour period ending on: Thu, 22 May 2014 09:03:09
Syslog Server started on: Thu, 22 May 2014 08:04:17
Syslog Server uptime: 0 hours, 58 minutes
---------------------------------------------------
+ Messages received - Total: 767628
+ Messages received - Last 24 hours: 767628
+ Messages received - Since Midnight: 767628
+ Messages received - Last hour: 0
+ Message queue overflow - Last hour: 0
+ Messages received - This hour: 767628
+ Message queue overflow - This hour: 0
+ Messages per hour - Average: 767628
+ Messages forwarded: 775368
+ Messages logged to disk: 767587
+ Errors - Logging to disk: 0
+ Errors - Invalid priority tag: 0
+ Errors - No priority tag: 602
+ Errors - Oversize message: 464
+ Disk space remaining on drive C: 3904 MB
Breakdown of Syslog messages by severity
+--------------------+------------+------------+
| Message Level | Messages | Percentage |
+--------------------+------------+------------+
| 0 - Emerg | 17 | 0.00% |
| 1 - Alert | 10 | 0.00% |
| 2 - Critical | 504 | 0.07% |
| 3 - Error | 26356 | 3.43% |
| 4 - Warning | 619384 | 80.69% |
| 5 - Notice | 61780 | 8.05% |
| 6 - Info | 58963 | 7.68% |
| 7 - Debug | 614 | 0.08% |
+--------------------+------------+------------+
Message Buffer Information
==========================
Message Queue Max Size: 500000
Message Queue overflow: 18858
Message Count: 500000
Message Count Max: 500000
Percentage free: 0
Any help would be appreciated
Thanks
John
Hello,
I am trying to send events from a Cisco 3750 switch to our Kiwi syslog server but am unsure of the config for the switch.
Should the following work:
Switch (config) # logging on
Switch (config) # logging Syslog Server IP
Switch (config) # logging trap error
This command will send (Error 3) events (0-3) to the Kiwi server via UDP514. Is this the supported method of transfer?
Should this work or is there a "Supported" switch configuration that I should be using.
Thank you,
Chris
I am setting up Cisco Routers and assorted firewall with Kiwi to listen and alert on Bad Passwords with little success. I have also allowed SNMP. Has anyone have success with doing this and have any examples of the Cisco devices. We are using an assorted number of Cisco Routers, Switches, ASA firewalls, and VPN 3000 series gear.
logging trap errors
logging source-interface Ethernet0/0
logging 172.16.7.57
snmp-server community readmib RO
snmp-server enable traps snmp
snmp-server enable traps syslog
snmp-server host 172.16.7.57 traps writemib
!
Hello guys,
I setup kiwi syslog server and could receive message from other devices, such cisco switch 2960, 5510, and windows server. But can not get any message from 3750. I enclosed 3750 configuration as below. Please help to take a look and where am I wrong. Thank you.
logging trap notifications
logging facility local5
logging 192.168.0.51
