We are using windows Server 2012 Standard version for Windows log forwarder but logs are not coming on Kiwi Syslog Server 9.6
↧
LOG FORWARDER 2012 server DOES NOT FORWARD EVENTS
↧
SolarWinds LogForwarder 1.2
Hi
I just installed Log Forwarder to pass some MS Error Events to Kiwi Syslogserver.
Can't manage to get this up and running.
SYSLOG Server is defines. works so far.
But the subscription behavers strange.
Adding one to parse Application / Error Events results in 22 Events of type Information and wrong sources.
↧
↧
Syslog stops logging with no notification
I discovered this morning (only because I didn't receive the nightly report) that two of our Syslog servers stopped logging yesterday afternoon. The nightly archiving and cleanup jobs did not run. The service did not crash. The drive has 63 GB of free space. There are no entries under the Application or System logs in Windows. Under the Errorlog I see this for all of the reporting nodes ("ip.address.#" is placeholder for the actual values in the logs):
2015-05-28 15:38:59 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:38:59 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:38:59 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address1.txt
2015-05-28 15:39:00 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:00 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:00 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1..txt
2015-05-28 15:39:02 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:02 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:02 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.2.txt
2015-05-28 15:39:03 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:03 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:03 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\ESX\ip.address.3.txt
2015-05-28 15:39:03 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:03 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:03 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt
2015-05-28 15:39:06 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:06 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:06 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt
2015-05-28 15:39:07 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:07 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:07 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\ESX\ip.address.4.txt
2015-05-28 15:39:08 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:08 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:08 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt
2015-05-28 15:39:11 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:11 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:11 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt
2015-05-28 15:39:16 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:16 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt
2015-05-28 15:39:16 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:16 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\ESX\ip.address.5.txt
The log stops there. When I restart the service I see these additional entries in the Error log:
2015-05-29 07:17:16 Unable to open InterApp listening socket on TCP port 3300
2015-05-29 07:17:16 Unable to open UDP socket on port 514
2015-05-29 07:19:08 Service running, but Service/Manager comm link is not connecting.
2015-05-29 07:19:28 Unable to connect to Service socket on TCP port 3300
2015-05-29 07:19:38 Service running, but Service/Manager comm link is not connecting.
Any ideas?
↧
Does Kiwi syslog server support TLS 1.2? If so how to enable it?
I am trying to connect to kiwi syslog server in secure TCP mode. From my client side (c# code) I try to connect to kiwi syslog sever using TLS 1.2 protocol. But SSL Handshake from server is set to TLS 1.0
I installed kiwi server in Windows 7 SP1 and enabled TLS 1.2 in the system by modifying the system registry.
SSL handshakes captured using Network monitor are given below
Client HandShake
Server HandShake
Client side code( c#)
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var tcpClient = new TcpClient(hostname, port);
var tcpClientStream = tcpClient.GetStream();
var sslStream = new SslStream(tcpClientStream, false, ValidateServerCertificate)
{
ReadTimeout = timeout,
WriteTimeout = timeout
};
sslStream.AuthenticateAsClient(hostname, new X509CertificateCollection(), System.Security.Authentication.SslProtocols.Tls12, false);
↧
Syslog solution (New*) Log Manager for Orion or (old)Kiwi Syslog.
Dear Thwack experts,
Our WAN is spread across 500 sites, connected via 5 Datacenters, Most are VPN connections btw Sites and DC's ,but few still have slow paced connections.
For NPM, We are planning to build our HA solution across DC1 and DC2, and will use APE at DC3,DC4 & Dc5, So that each polling engine can poll the devices at connected remote site.
Now speaking about Syslog monitoring Requirement, We felt Log manager for Orion has lot more feature , But may not fit into our environment.
Discussion points:
-In our case, Device at remote site, need to send syslog message to the centralized solution
1)Kiwi have below solution:
Kiwi Secure Tunnel receives, compresses, and securely transports, syslog messages from distributed network devices to the Kiwi Syslog Daemon.
Does Log manager for Orion can be used here.??
2) Kiwi also store the syslog and trap messages into Microsoft® SQL Server , Apart from Log tagging, how different can Log manager can help to our operations team,, any comparison between KIWI and LM would be more helpful
( please correct me, if I am wrong some where)
↧
↧
TCP Syslog Does Not Work in Latest Version
I use kiwi syslog server a lot for testing syslog. It seems like in the latest version there are issues with TCP. I'm verifying with the Kiwi Syslog Message Generator. Seems like with syslog server version 9.4.1 TCP connects and works, but in latest version 9.6.3 it does not connect for some reason. When I try to connect TCP with message generator it says "TCP session remotely disconnected" using the same tool the same exact way, it works with version 9.4.1. I'm using the syslog message generator tool on the same machine as the syslog server. Is this a known issue, or am I missing something? Any suggestions or help would be much appreciated. Thank you very much.
↧
SolarWinds Event Log Forwarder for Windows
I do not know if this is the correct place to post this question.
I am using Kiwi Syslog Server, and I have SolarWinds Event Log Forwarder for Windows installed on a computer.The forwarder will send test messages, but it is not sending the logs to the log server. Any suggestions?
Dejacpp...
↧
log forwarder error
i installed log forwarder 2.1.0 on my windows server 2008. i set my kiwi syslog server, i configured subscription for sending system logs from my server. when i click to test button, the test is ok, but in event viewer i receive in log solariwinds.net i receive message
Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
also, my kiwisyslogserver does not receives messages. where is problem
↧
Need help in creating filter to discard messages
Hello
I need help in creating filters to discard message based on content of message text. For example "Access is denied" error should not logged ot forward to web access, Kiwi should not process this message.
Any help would be appreciated with example.
Thanks
Parvez
↧
↧
Does Kiwi Syslog Server works on Windows 2016 Core version?
I having issues installing the latest Kiwi Syslog version on Windows 2016 Core version. Please share relevant documentations.
Thanks in Advance!
↧
Kiwi Syslog - Maximum request length exceeded.
When using an Events filter, I get the following return (see below). My Kiwi Syslog is running on a virtual 2012 R2 standard (64bit). In an attempt to resolve the error, I have followed advice to increase the maximum size to 4MB but to no avail. Any thoughts?
Exception of type 'System.Web.HttpUnhandledException' was thrown.
Status Code: 500
System.Web.HttpUnhandledException:
Exception of type 'System.Web.HttpUnhandledException' was thrown. --->
System.Web.HttpException: Maximum request length exceeded.
at System.Web.HttpRequest.GetEntireRawContent()
at System.Web.HttpRequest.FillInFormCollection()
at System.Web.HttpRequest.get_Form()
at System.Web.HttpRequest.get_HasForm()
at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull)
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,
Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace
---
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,
Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean
includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.events_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)
↧
Bind Kiwi Syslog Web Access to a specific IP address
You can use the UltiDev Web App Explorer to bind Kiwi Syslog Web Access to a specific IP address.
1. You will need to open the UltiDev Web App Explorer:
2. Click the Network Address tab:
3. Highlight the Host or IP address and click Edit:
4. Select Specify host name or IP address optioin, and enter the IP address to bind to, then click OK:
5. Finally you will want to Save the changes, and the stop and start the Monitoring Service:
↧
Collect DHCP events from Windows DHCP server
Hello,
Could you please tell me how to transfer all DHCP events (from a standard Windows 2012 DHCP server) to syslog ?
Thanks in advance for your help
↧
↧
[Log to file Action Error] Merging 2 or more hostnames in one file
Hello folks.
My Kiwi Syslog is merging 2 or more hostnames (devices) in the same file when: "Log to file Action".
For example, i have 3 devices:
- 10.168.1.20
- 10.168.1.201
- 10.168.1.202
In the root folder of files, i had 3 folders, one for each hostname.
The 10.168.1.201 and 10.168.1.202 are logging correctly. But when i should have the 10.168.1.20 logs, i have a merge of 10.168.1.201 and 10.168.202 (without the 10.168.1.20).
I check another scenario (that i consider worse)...
I had a file log from 10.120.1.2. But this device don't exist.
IN this file, are logged 6 devices: 10.120.1.20, 10.120.1.25, 10.120.1.26, 10.120.1.27, 10.120.1.28 and 10.120.1.29.
The logs below, are in same file:
| 2015-02-10 00:10:19 | Local4.Warning | 10.120.1.2 | Feb 10 2015 02:10:19 HQ-BL1-HW9306-A1 %%01LLDP/4/BAD_PACKET(l)[2159934]:8 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/14. |
| 2015-02-10 00:11:26 | Local4.Warning | 10.120.1.2 | Feb 10 2015 02:11:26 HQ-BL1-HW9306-A3 %%01LLDP/4/BAD_PACKET(l)[3194428]:6 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/19. |
| 2015-02-10 00:11:45 | Local4.Warning | 10.120.1.2 | Feb 10 2015 02:11:45 HQ-BL1-HW9306-A2 %%01LLDP/4/BAD_PACKET(l)[6928978]:7 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/4. |
| 2015-02-10 00:11:46 | Local4.Info | 10.120.1.2 | Feb 10 2015 02:11:46 HQ-BL1-HW9306-A5 %%01MSTP/6/SET_PORT_LEARNING(l)[2711307]:In process 0 instance 0, MSTP set port GigabitEthernet2/0/29 state as learning. |
Is a bug, or some misconfigured of my part?
Looking forward for a help,
Regards Fold
↧
Can I install Kiwi 9.3.4 in Windows Server 2012 R2
I currently have a Kiwi Syslog (9.3.4) on a Windows Server 2003 R2 (x64) and would like to know the following;
1. Can I install the current version (9.3.4) into a newly build Windows Server 2012 R2 machine? Is it compatible with Server 2012 R2? If yes, can I move the database of the old Kiwi to the newly installed Kiwi Syslog server? If no;
2. Can I install the new version (9.5) into a newly build Windows Server 2012 R2 without buying a new license?
Thanks guys.
↧
Changing Kiwi Syslog web port
Hi all,
Can anyone point me in the direction some documentation on how to change the default Kiwi Syslog web port from 8088 to something else? Say 80?
I had a 'quick' search and couldn't find anything solid to go off.
Thanks!
↧
Getting an error message "Cannot specify a column width on data type text" when trying to create a table in SQL server.
Kiwi Syslog server, SQL2008R2 using a OBCC SQL connector.
Any thoughts?
↧
↧
Syslog server not receiving messages in TCP/SSL mode
Hello,
I have installed kiwi syslog server 9.6.3.3 eval version and trying to configure syslog in TCP SSL mode.
First, these are the steps I following to configure the server:
a) created a self signed certificate using java keytool.
b) imported into windows certificates personal and trusted roots folder.
c) selected the imported certificate in kiwi setup configuration.
After following the above steps , I got below error in Event log file.
2017-11-29 16:40:06 Unable to bind secure TCP listener to port 6514 There might be a problem with the certificate provided.
After googling for this error, I got below link and used IIS server to create a self-signed certificate
Re: Kiwi Syslog Server does not display secure ASA syslogs
After configuring certificate which is generated from IIS, I started getting below error.
2017-11-30 12:37:30 Source: C:\Windows\SysWow64\mswinsck.ocx Error: Socket is non-blocking and the specified operation will block
But , I was able to receive messages in SSL mode using java code running in same box where syslog server is installed. If I try to run same java code from any box other than kiwi server, it is not receiving messages.
Observed similar behavior for TCP mode as well.
How to check syslog server is configured correctly or not? Is there any way to do that?.
Thanks in Advance!!
↧
TCP Syslog Does Not Work in Latest Version
I use kiwi syslog server a lot for testing syslog. It seems like in the latest version there are issues with TCP. I'm verifying with the Kiwi Syslog Message Generator. Seems like with syslog server version 9.4.1 TCP connects and works, but in latest version 9.6.3 it does not connect for some reason. When I try to connect TCP with message generator it says "TCP session remotely disconnected" using the same tool the same exact way, it works with version 9.4.1. I'm using the syslog message generator tool on the same machine as the syslog server. Is this a known issue, or am I missing something? Any suggestions or help would be much appreciated. Thank you very much.
↧
Event log forwarder not forwarding log messsages when login to a domain account.
Hi,
First I am new here.
Currently, I am having an issue where I login as a domain user from my windows PC no logs were forwarded to my syslog server. I did a test log and it works correctly, but only when I login as a local user from my computer.
Overall, when i login as a local user it forwards log messages according to the subscription and preview functionality. When i tried login as a domain user, it do not work?
I would be appreciated if you would assist me with this issue.
↧