I use kiwi syslog server a lot for testing syslog. It seems like in the latest version there are issues with TCP. I'm verifying with the Kiwi Syslog Message Generator. Seems like with syslog server version 9.4.1 TCP connects and works, but in latest version 9.6.3 it does not connect for some reason. When I try to connect TCP with message generator it says "TCP session remotely disconnected" using the same tool the same exact way, it works with version 9.4.1. I'm using the syslog message generator tool on the same machine as the syslog server. Is this a known issue, or am I missing something? Any suggestions or help would be much appreciated. Thank you very much.
↧
TCP Syslog Does Not Work in Latest Version
↧
Another copy of Kiwi Syslog Server Service manager is already running.
If you get this message:
You can check the system tray:
If Kiwi Syslog Server does not show up, you will want to go into Task Manager and End task on Syslogd_Manager.exe:
↧
↧
Setting Up a Syslog Server
Dear All,
We are planning to setup a syslog server. i.e, move from Orion inbuilt syslog to kiwi syslog.
We are not utilizing orion inbuilt at this point to fullest. Just few devices are configured to send logs to this inbuilt syslog
We have around 5 devices per centers across 60 location (13 Countries)
1) 2 Routers
2) 1 Bandwidth Shaper
3) 2 Switch Stacks
4) 1 WLC with 10 APs minimum
Total=250 Devices.
I would like to what is the best approach.
1) How many syslog license i should be looking at?
2) What kind of server configuration is required ?
3) We need a log retention policy of 15 days. Should I consider to setup a DB to for log storage?
4) Can the Orion inbuilt syslog write messages to external DB storage
↧
Kiwi Syslog Server Web Access can't start
Hello!
I install Kiwi Syslog Server & Web Access.
Kiwi Syslog Server start and i see events from my devices, but when i start Kiwi Syslog Server Web Access its could not start:
"Kiwi Syslog WebAccess requires Kiwi Syslog Server to be online, but it is offline"
What's problem?
Version 9.2
↧
Kiwi syslog server service can't start
Hi everyone,
I'm using Kiwi syslog server 9 on Windows 2008 R2 server (VMware virtual machine). On 17.8.2012. physical server has stopped responding and customer had to restart it manually. Since then Kiwi syslog server doesn't work. When I try to access it, server's CPU raises to 100%, it is stuck like that for few minutes and then it displays error message in Kiwi grid pop up window saying 'Run-time error '0''.
Kiwi syslog service also can't be started, when I try to start it, it says it couldn't be started in timely fashion.
I've tried to delete/rename files in c:\program files\solarwinds\kiwi web access\html\app_data but with no success. I've renamed event.sdf to Old_event.sdf and made a copy of Event-blank.sdf and then renamed it to event.sdf.
I've raised a support ticket but with no results till now.
Do you have any idea what's the problem here?
Regards, O
↧
↧
Event Log Forwarder - Where is the Audit Failure Type?
Hi There,
I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?
Thanks,
↧
Windows 2012 error for Kiwi Manager
Has anyone else ever run into this issue?
I'm receiving the following error whenever I try to open the Kiwi Syslog Manager (Console).
Faulting application name: Syslogd_Manager.exe, version: 9.4.0.2, time stamp: 0x54fda0df
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x043c05b8
Faulting process id: 0x780
Faulting application start time: 0x01d0b3331378b7a3
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Manager.exe
Faulting module path: unknown
Report Id: 51d9622d-1f26-11e5-80eb-0050569a06c7
Faulting package full name:
Faulting package-relative application ID:
This is on a fresh physical Windows 2012 server and is running as a local system service. The service runs, collects logging, and we have web access working. However, whenever I try to open the Kiwi Manager, it crashes. I do have a support ticket in place but as of now, it has been sent up to the developers. It's frustrating for the syslog catchall files because we can't filter what we want.
What's weird is that it run perfectly fine on Windows 2003 Storage Server.
Before install i did the following:
Disabled UAC
Disabled any HIPS / HBSS so that doesn't block the install.
Set a different TMP / TEMP directory with read/write privileges.
Tried a dedicated local admin-account to run the service and tried just local system.
Any help or information in this regards would be a HUGE help. I'm pretty stumped at the moment.
↧
Log Forwarder - display information had to be saved with the event - The specified resource language ID cannot be found in the image file.
I'm evaluation Kiwi Syslog server and using the Event Log Forwarder from my servers
The message I receive in the Syslog server looks like this
dec 01 11:00:36 SERVERNAME.CHANGED.TOTHISTEXT MSWinEventLog 6 TaskView 3 fre dec 01 11:00:34 2017 0 SolarWinds Event Log Forwarder for Windows (TaskView) N/A Information SERVERNAME.CHANGED.TOTHISTEXT 0 The description for Event ID 0 from source SolarWinds Event Log Forwarder for Windows (TaskView) cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.If the event originated on another computer, the display information had to be saved with the event.The following information was included with the event: Test Message from Log Forwarder to the 'TaskView' event log.. FormatMessage failed with error 1815, The specified resource language ID cannot be found in the image file.
Why?
Server versions is Windows server 2012 R2 Standard
The server use Swedish location Sweden, but language English
(Attached is pictures of langue settings)
Regards
Roland
↧
Kiwi Syslog WebAccess Installation Error (error code is 2869)
*Kiwi Syslog Server V.9.1.0
*Windows 2008 SP1 and SP2 64bit
Our client encountered a Kiwi Syslog WebAccess installation error.
The error message is as follows:
=============================================
The installer has encountered an unexpected error
installing this package. This may indicate a problem
with this package.The error code is 2869.
=============================================
*Kiwi Syslog Server service runs correctly.
*The client stopped Anti-Virus service before the installation.
Are there some information to resolve the problem?
↧
↧
[Log to file Action Error] Merging 2 or more hostnames in one file
Hello folks.
My Kiwi Syslog is merging 2 or more hostnames (devices) in the same file when: "Log to file Action".
For example, i have 3 devices:
- 10.168.1.20
- 10.168.1.201
- 10.168.1.202
In the root folder of files, i had 3 folders, one for each hostname.
The 10.168.1.201 and 10.168.1.202 are logging correctly. But when i should have the 10.168.1.20 logs, i have a merge of 10.168.1.201 and 10.168.202 (without the 10.168.1.20).
I check another scenario (that i consider worse)...
I had a file log from 10.120.1.2. But this device don't exist.
IN this file, are logged 6 devices: 10.120.1.20, 10.120.1.25, 10.120.1.26, 10.120.1.27, 10.120.1.28 and 10.120.1.29.
The logs below, are in same file:
| 2015-02-10 00:10:19 | Local4.Warning | 10.120.1.2 | Feb 10 2015 02:10:19 HQ-BL1-HW9306-A1 %%01LLDP/4/BAD_PACKET(l)[2159934]:8 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/14. |
| 2015-02-10 00:11:26 | Local4.Warning | 10.120.1.2 | Feb 10 2015 02:11:26 HQ-BL1-HW9306-A3 %%01LLDP/4/BAD_PACKET(l)[3194428]:6 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/19. |
| 2015-02-10 00:11:45 | Local4.Warning | 10.120.1.2 | Feb 10 2015 02:11:45 HQ-BL1-HW9306-A2 %%01LLDP/4/BAD_PACKET(l)[6928978]:7 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/4. |
| 2015-02-10 00:11:46 | Local4.Info | 10.120.1.2 | Feb 10 2015 02:11:46 HQ-BL1-HW9306-A5 %%01MSTP/6/SET_PORT_LEARNING(l)[2711307]:In process 0 instance 0, MSTP set port GigabitEthernet2/0/29 state as learning. |
Is a bug, or some misconfigured of my part?
Looking forward for a help,
Regards Fold
↧
Windows failed logins tracking
Hi folks,
We currently have v9.5 running on a Windows 2012 R2 VM which is the loghost for our environment of approx. 60 systems. We use AD for authentication and I'm attempting to configure the logger to alert on multiple failed logins, however, nothing appears to be getting to the loghost from the DC, other than the previously configured items. I have been able to configure this successfully for our Linux VM's but no luck on the Windows side. My assumption is, the problem is between the keyboard and monitor
I've configured the Event Log Forwarder to send all things Microsoft Security to the loghost but having no luck. Has anyone done this successfully? What have I missed?
Thanks in advance.
Buddy
↧
Kiwi Syslogd_Service.exe stopping unexpectantly
we are experiencing the below events:
Event ID: 1000
Faulting application name: Syslogd_Service.exe, version: 9.6.3.3, time stamp: 0x5a0da76b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x065685f4
Faulting process id: 0x%9
Faulting application start time: 0x%10
Faulting application path: %11
Faulting module path: %12
Report Id: %13
Faulting package full name: %14
Faulting package-relative application ID: %15
Event ID: 1026
Application: Syslogd_Service.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000096, exception address 065685F4
Stack:
the service can be manually started successfully, however it stops with the above errors on a seemingly random basis (at least once a day).
EDIT 17:38 19/04/18 - I discovered that the service fails when a scheduled job (to archive) the syslog files is activated - but not when manually ran.
↧
Kiwi Syslog Server 9.4.1 - Active Directory Settings
Has anyone configured Active Directory Settings in Kiwi Syslog Server 9.4.1? Below are the available Active Directory Settings available in the Web Access interface under the Admin Tab.
- Domain URL: <Free Form Box> My domain prepopulated correctly.
- Authentication Type: <Free Form Box>. Is this supposed to be NTLM, Kerberos, etc?
- User Groups: <Free Form Box> Does the format need to be LDAP based?
↧
↧
Error Number: 6
Error Number: 6
Description: 溢出
Module Name: RC4Encryption.bas
Procedure Name: KiwiEnCryptLots
Line Number: 440
when setting syslog log to MS SQL server,then the program breakdown with the error message above.
↧
Need Help Troubleshooting - Not Receiving/Displaying Messages
Server 2008 R2 Std
Kiwi Syslog Server 9.4.1
I have an older version of Kiwi installed on an old server that is being retired. I've installed it on the new server, but I cannot get it to display anything. I exported settings from the other server and imported on this one, then went to Inputs-UDP and set the correct IP to bind it to.
- I've gone through ALL the steps at SolarWinds Knowledge Base :: Kiwi Syslog Daemon is not receiving messages and Kiwi Syslog Server but had no luck getting it to work.
- I know for a fact that messages are being received -- when I run WireShark with the filter, "udp port 514", I see PLENTY of traffic from my firewall. Both my firewall and VPN device are sending syslog messages to the old server and the new one. The old server is still working just fine.
- Windows Firewall on the new server is completely disabled.
- I loaded the default rules and settings but still had no luck.
- I disabled all DNS resolution - no luck.
- There is no Errorlog.txt in C:\Program Files (x86)\Syslogd.
- Test messages from within Kiwi work just fine.
- I finally uninstalled Kiwi, rebooted the server, then reinstalled, and have the same problem.
Kiwi is running as LocalService -- I wondered if that might be the problem, but that's how it's running on the old server as well.
I'm at a loss as to what to do now. I tried contacting support, but since I'm using the free version I was directed here.
↧
Kiwi Syslog Server v9.6.0/9.6.1 need ".NET Framework 4.0" ?
I tried to install v9.6.1 on Windows Server 2008 R2.
I had already installed ".NET Framework 3.5 SP1" on this system.
When I executed v9.6.1 installer, I got the following message.
----------------------
Kiwi Syslog Server 9.6.1 Installer
Microsoft .Net Framework 4.0 is not installed on this system
[OK]
----------------------
I can not install v9.6.1.
I got the same message, when I tried to install v9.6.0.
SolarWinds discribed the System Requirements as below:
NET Framework: .NET Framework 3.5 SP1
http://www.kiwisyslog.com/kiwi-syslog-server
http://www.solarwinds.com/ja/kiwi-syslog-server#requirements
Question:
Do Kiwi Syslog Server v9.6.0/9.6.1 need ".NET Framework 4.0" or Higher?
Best Regards,
↧
Syslog server not receiving messages in TCP/SSL mode
Hello,
I have installed kiwi syslog server 9.6.3.3 eval version and trying to configure syslog in TCP SSL mode.
First, these are the steps I following to configure the server:
a) created a self signed certificate using java keytool.
b) imported into windows certificates personal and trusted roots folder.
c) selected the imported certificate in kiwi setup configuration.
After following the above steps , I got below error in Event log file.
2017-11-29 16:40:06 Unable to bind secure TCP listener to port 6514 There might be a problem with the certificate provided.
After googling for this error, I got below link and used IIS server to create a self-signed certificate
Re: Kiwi Syslog Server does not display secure ASA syslogs
After configuring certificate which is generated from IIS, I started getting below error.
2017-11-30 12:37:30 Source: C:\Windows\SysWow64\mswinsck.ocx Error: Socket is non-blocking and the specified operation will block
But , I was able to receive messages in SSL mode using java code running in same box where syslog server is installed. If I try to run same java code from any box other than kiwi server, it is not receiving messages.
Observed similar behavior for TCP mode as well.
How to check syslog server is configured correctly or not? Is there any way to do that?.
Thanks in Advance!!
↧
↧
Error 1053 when starting Kiwi Syslog Server
Hi,
When trying to start the Kiwi Syslog Server we are receiving the following error: Error 1053: The service did not respond to the start or control reqest in a timely fashion.
We also get the following messages in Event Viewer:
A timeout was reached (30000 milliseconds) while waiting for the Kiwi Syslog Server service to connect.
We are using the free version and had it running quite happily for 2 months before this issue occured. I can't find what may have changed on the day it started to fail. The tool is running on a Win7 Enterprise machine. I have tried the changes suggested here: http://knowledgebase.solarwinds.com/kb/questions/4386/Kiwi+Syslog+Server+Service+Startup+Failure+in+Versions+9.3.3+and+9.3.4 but they didn't work. I have also read the following but the service for me doesn't start no matter what account is used: http://thwack.solarwinds.com/thread/45470
Any suggestions would be greatly appreciated!
↧
Event Log Forwarder - Where is the Audit Failure Type?
Hi There,
I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?
Thanks,
↧
Does Kiwi syslog server support TLS 1.2? If so how to enable it?
I am trying to connect to kiwi syslog server in secure TCP mode. From my client side (c# code) I try to connect to kiwi syslog sever using TLS 1.2 protocol. But SSL Handshake from server is set to TLS 1.0
I installed kiwi server in Windows 7 SP1 and enabled TLS 1.2 in the system by modifying the system registry.
SSL handshakes captured using Network monitor are given below
Client HandShake
Server HandShake
Client side code( c#)
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var tcpClient = new TcpClient(hostname, port);
var tcpClientStream = tcpClient.GetStream();
var sslStream = new SslStream(tcpClientStream, false, ValidateServerCertificate)
{
ReadTimeout = timeout,
WriteTimeout = timeout
};
sslStream.AuthenticateAsClient(hostname, new X509CertificateCollection(), System.Security.Authentication.SslProtocols.Tls12, false);
↧