Hi,
i never used syslog servers and i would like to setup a logging system for my meraki mr32 devices.
I tried to setup myself Kiwi with the mr32 but with no success.
Can someone help?
↧
Setting up Kiwi Syslog with Meraki mr32
↧
Kiwi Syslog Console Crashing Constantly After Upgrading 9.5.0 To 9.5.1
After upgrading to v9.5.1, from v9.5.0, we started experiencing constant crashing on our console. Other than a few minor quirks and annoyances, the previous version had not really crashed too often after we applied the hotfix.
Windows Server 2012
Virtual
4 CPUs(2 Cores per Socket, 2 Sockets)
24 GB RAM
150 GB Hard Disk
Kiwi Syslog Server, Installed as a Service
I began to notice the message buffer would quickly drop down from 100%, shortly after starting up the console. Sometimes we would only reach 43K MPH before crashing, while other times we made it up around 350K+ MPH before crashing. And, every time it would crash, the message buffer would be far away from 100%. Previously, the message buffer rarely, if ever, dropped under 100% free.
After reading through various other user issues of the past, I found something that mentioned the "MsgBufferSize" settings in the registry. I went looking into the registry for those settings, however, "MsgBufferSize" was nowhere to be found. I added the "MsgBufferSize" with the value of "10000000", which is shown to be the max value. After adding the settings into the registry, and restarting everything, our system appears to be running fairly smooth, so far. Currently, we are roughly around 430K MPH, with a full 100% buffer free.
Previously posted thread regarding the "MsgBufferSize" registry entry:
Does the Kiwi Syslog buffer with SQL Server
Registry values documentation:
Section: HKEY_LOCAL_MACHINE\SOFTWARE\SolarWinds\Syslogd\Properties
Value (STRING): MsgBufferSize
Registered mode:
Min value: 100
Max value: 10000000 (10 million)
Default value: 500000
Type: Maximum number of message buffer entries
So, did something change from 9.5.0 to 9.5.1 that would have removed those settings from the registry? If not, then what else would have removed the entry altogether? Or, has the "MsgBufferSize" registry entry been removed all along, and the documentation just not updated? If it has been removed, and is not used anymore, then why would adding the entry back into the registry make everything suddenly start working again?
Thank you,
-Will
↧
↧
log forwarder error
i installed log forwarder 2.1.0 on my windows server 2008. i set my kiwi syslog server, i configured subscription for sending system logs from my server. when i click to test button, the test is ok, but in event viewer i receive in log solariwinds.net i receive message
Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
also, my kiwisyslogserver does not receives messages. where is problem
↧
Kiwi Syslog not receiving any message
Hello,
I just installed Syslog on a Windows 8 VM (ESXi 5.5).
However... I don't received any message from the router (Cisco RV042G) I want to log.
I tried the generic troubleshhoting :
• Check network connectivity by pinging from the sending device to the Syslog Server machine => OK
• Check only one instance of Kiwi Syslog Server is running (Ctrl-Shift-Esc to get the task-list) => OK, only one
• Disable any personal firewall software such as ZoneAlarm or BlackIce => Disabled
• Use a sniffer to check if messages from the routing are reaching the PC => Yes, I can see them
• Check DNS resolution is working as expected by pinging a hostname from the Command Prompt => OK
• Check that there is a "Display" action setup for the facility and level you are expecting to receive messages on. => OK
• Send a test message to yourself by pressing Ctrl+T => Displayed
• Download a copy of the Free Syslog Server Message Generator (SyslogGen) from: www.kiwisyslog.com/downloads => Done
• Install SyslogGen and set it to send a message every second to the address 127.0.0.1 (local host). => Not displayed, and I don't see them in a local packet capture.
• Try sending messages with SyslogGen from another machine to the host running the Syslog Server => Not displayed, but see them on a packet capture (on Syslog PC)
Do you have any idea about the cause of this issue ?
Thanks in advance for your help.
↧
[Log to file Action Error] Merging 2 or more hostnames in one file
Hello folks.
My Kiwi Syslog is merging 2 or more hostnames (devices) in the same file when: "Log to file Action".
For example, i have 3 devices:
- 10.168.1.20
- 10.168.1.201
- 10.168.1.202
In the root folder of files, i had 3 folders, one for each hostname.
The 10.168.1.201 and 10.168.1.202 are logging correctly. But when i should have the 10.168.1.20 logs, i have a merge of 10.168.1.201 and 10.168.202 (without the 10.168.1.20).
I check another scenario (that i consider worse)...
I had a file log from 10.120.1.2. But this device don't exist.
IN this file, are logged 6 devices: 10.120.1.20, 10.120.1.25, 10.120.1.26, 10.120.1.27, 10.120.1.28 and 10.120.1.29.
The logs below, are in same file:
| 2015-02-10 00:10:19 | Local4.Warning | 10.120.1.2 | Feb 10 2015 02:10:19 HQ-BL1-HW9306-A1 %%01LLDP/4/BAD_PACKET(l)[2159934]:8 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/14. |
| 2015-02-10 00:11:26 | Local4.Warning | 10.120.1.2 | Feb 10 2015 02:11:26 HQ-BL1-HW9306-A3 %%01LLDP/4/BAD_PACKET(l)[3194428]:6 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/19. |
| 2015-02-10 00:11:45 | Local4.Warning | 10.120.1.2 | Feb 10 2015 02:11:45 HQ-BL1-HW9306-A2 %%01LLDP/4/BAD_PACKET(l)[6928978]:7 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/4. |
| 2015-02-10 00:11:46 | Local4.Info | 10.120.1.2 | Feb 10 2015 02:11:46 HQ-BL1-HW9306-A5 %%01MSTP/6/SET_PORT_LEARNING(l)[2711307]:In process 0 instance 0, MSTP set port GigabitEthernet2/0/29 state as learning. |
Is a bug, or some misconfigured of my part?
Looking forward for a help,
Regards Fold
↧
↧
How to backup Kiwi Syslog Server?
Dear all,
I would like to know how to backup a Kiwi Syslog Server. We are installing this in VM, but the environment only has NetBackup.
I know that I can export the data out as log file for backup, but how about backup when log are still in the Kiwi Syslog Server database?
I am not able to find any reference in the Admin guide.
Best Regards,
Rayson Wong
↧
KIWI LOG VIEWER 2.1.0
Hello everyone,
Looking for suggestions, if it is possible, to filter the log on a time range (example from 21:14:54 to 22:05:15)?
Thnx
Clark
↧
SCRIPT SEND LOGS TO A QUEUE STORAGE AZURE
Hi all, I need to send the log files from my virtual machine with kiwi syslog to a storage of microsoft azure automatically, is there any way to be able to direct to the cloud? through some script or some other form? thank you very much
↧
Additional MIB files support
We have a custom made device that is sending SNMP traps. The vendor has created several MIB files to translate OID values, unfortunately the MIB files cannot be provided to Solarwinds to create a new MIB database file.
Does anyone know if it is possible to add additional MIB files to the MIB database file without Solarwinds assistants?
If the above is not support, can anyone recommend an alternative on how OID values can be translated? Or how OID values and exported from a MIB file?
Many Thanks
Adam
↧
↧
TCP Syslog Does Not Work in Latest Version
I use kiwi syslog server a lot for testing syslog. It seems like in the latest version there are issues with TCP. I'm verifying with the Kiwi Syslog Message Generator. Seems like with syslog server version 9.4.1 TCP connects and works, but in latest version 9.6.3 it does not connect for some reason. When I try to connect TCP with message generator it says "TCP session remotely disconnected" using the same tool the same exact way, it works with version 9.4.1. I'm using the syslog message generator tool on the same machine as the syslog server. Is this a known issue, or am I missing something? Any suggestions or help would be much appreciated. Thank you very much.
↧
Kiwi Syslog Server Tool - Free to use or just a trial version for 14 days?
I would like to get a verification for the stated tool, is it a freeware tool that I can use with a limitation features or is just 14 days trial version tool?
↧
log forwarder error
i installed log forwarder 2.1.0 on my windows server 2008. i set my kiwi syslog server, i configured subscription for sending system logs from my server. when i click to test button, the test is ok, but in event viewer i receive in log solariwinds.net i receive message
Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
also, my kiwisyslogserver does not receives messages. where is problem
↧
How to delete old records from Kiwi Syslog Web Access?
How to delete records from the Kiwi Syslog Web Access?
Thanks.
↧
↧
Kiwi syslog - 2011-03-18 10:54:01Licensed action was found in settings and disabled.
Kiwi syslog stopped collecting information. The view error log button is red and blinking. When i click to view the log
is see the below message repeating itself:
2011-03-18 10:54:01 Licensed action was found in settings and disabled.
2011-03-18 10:54:01 Licensed action was found in settings and disabled.
2011-03-18 13:37:56 Licensed action was found in settings and disabled.
2011-03-18 13:37:57 Licensed action was found in settings and disabled.
2011-03-18 13:37:57 Licensed action was found in settings and disabled.
↧
Event Log Forwarder - Where is the Audit Failure Type?
Hi There,
I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?
Thanks,
↧
no log shows on Kiwi Syslog Web Access
I am having kiwi syslog 9.5 installed.
I choose to install as service and also installed the web access.
The syslog console opened fine and I see logs on displayed and also to file.
However, with the web access, it shows nothing (what so ever). I checked the Setup on Console Manager and see that under Rules i have 2 exact same option for "Log to Syslog Web Access". Everything under that options checked.
But I still see no log on web access.
1) I tried to uncheck all the "Log to Syslog Web Access".
2) Closed the Console Manager and reopened it
3) Checked mark one of the 2 optioins "Log to Syslog Web Access" and everything below it.
4) Opened and log in to web access -> Still see nothing.
any idea?
↧
sys log server errors "FormatMessage failed with 1815" help please!!
Good day Community,
I am experiencing an urgent issue. The sys log server forwarder is forwarding the following message to the KIWI sys log server. The actual security logs are showing the correct information, however the message below is being showed. I thought it was the server, but wen I added another sever to forward security logs, I am getting the same message as shown below.
Can anyone who have encountered this message or know how to resolve this issue. The security logs are on the server and I can view them using event viewer properly and audit logs are reflecting fine.
I would really appreciate your humble assistance or comments.
Apr 08 14:36:34 CASSIOPEIA1.carimed.local MSWinEventLog 5 Security 495 Wed Apr 08 14:36:33 2015
4624 Microsoft-Windows-Security-Auditing N/A Audit Success CASSIOPEIA1.carimed.local 12544
The description for Event ID 4624 from source Microsoft-Windows-Security-Auditing cannot be
found. Either the component that raises this event is not installed on your local computer or
the installation is corrupted. You can install or repair the component on the local computer.If
the event originated on another computer, the display information had to be saved with the
event.The following information was included with the event: S-1-0-0. FormatMessage failed with
error 1815, The specified resource language ID cannot be found in the image file.
↧
↧
Kiwi Syslog not receiving any message
Hello,
I just installed Syslog on a Windows 8 VM (ESXi 5.5).
However... I don't received any message from the router (Cisco RV042G) I want to log.
I tried the generic troubleshhoting :
• Check network connectivity by pinging from the sending device to the Syslog Server machine => OK
• Check only one instance of Kiwi Syslog Server is running (Ctrl-Shift-Esc to get the task-list) => OK, only one
• Disable any personal firewall software such as ZoneAlarm or BlackIce => Disabled
• Use a sniffer to check if messages from the routing are reaching the PC => Yes, I can see them
• Check DNS resolution is working as expected by pinging a hostname from the Command Prompt => OK
• Check that there is a "Display" action setup for the facility and level you are expecting to receive messages on. => OK
• Send a test message to yourself by pressing Ctrl+T => Displayed
• Download a copy of the Free Syslog Server Message Generator (SyslogGen) from: www.kiwisyslog.com/downloads => Done
• Install SyslogGen and set it to send a message every second to the address 127.0.0.1 (local host). => Not displayed, and I don't see them in a local packet capture.
• Try sending messages with SyslogGen from another machine to the host running the Syslog Server => Not displayed, but see them on a packet capture (on Syslog PC)
Do you have any idea about the cause of this issue ?
Thanks in advance for your help.
↧
How to export Kiwi syslogs
Is there any way for me to export Kiwi Syslogs. I want to be able to export the syslogs from a licensed Kiwi server into another database for viewing. Specifically the NPM database. I would think that there would have been something to do this already since both are SolarWinds products, but I am unable to find it.
I want to be able to take the logs off the Kiwi server and view them elsewhere, without viewing through Kiwi. I want to view them through NPM, but I guess I can get by viewing them through something like Access. Is there a way (even if it isn't easy) to do this?
↧
Kiwi Syslog server setup (installation) via SSCM [System Center Configuration Manager] (Windows)
Dear All,
I have purchased a Kiwi Syslog Server Ver 9.4.1 and I require to install it onto 60 Servers in my environment. My query is that is there any way to install it using SSCM(System Center Configuration Manager) in Windows? Also I have few conditions in the installation process, these are:
------------------------------------------------------------------------------------------------------
1. As a Service
2. No Web Access (unchecking it - as it is enabled by default in the wizard)
3. Local System Account
4. Normal Install
------------------------------------------------------------------------------------------------------
Kindly help me in installing the Kiwi Syslog server.
Thanks in Advance.
↧