We are using windows Server 2012 Standard version for Windows log forwarder but logs are not coming on Kiwi Syslog Server 9.6
↧
LOG FORWARDER 2012 server DOES NOT FORWARD EVENTS
↧
Kiwi Syslog Server limitations
Hi everyone,
I wonder if Kiwi Syslog Server has any limitation on how many servers that it can collect the logs from or how many servers can send the logs to the syslog server?
I know the Web Access has 4GB db limitation. What is the best practice for this limitation when you have more than 10 servers sending the logs to syslog server? I don't want to see only 1 or 2 day logs every day from Web Access. I hope at least 4GB db limitation can store like a month logs of all 10+ servers. I am trying first with the windows event logs (using the free tool Solwarwinds Event Log Forwarder)
Is there any limitation that i should be aware with Kiwi Syslog Server and Event Forwarder tool?
Another question:
Does Solarwinds Event Log Forwarder can work with other vendor syslog server? If so, which vendor and which syslog server product is that?
Thanks in advance!
↧
↧
Kiwi syslog web access export all filters
Hello,
We got a old Kiwi syslog web access server with allot of different filters that need to be exported.
The problem is that we can only export one at the time... is there a way to export all at ones.
↧
Can't start Kiwi Syslog Service - Logon Failure
After installing the permanent license for Kiwi Syslog server the Syslog service will not start. It started without problems when running as the trial version. No errors appear in the Kiwi Syslog error log, but the Windows event viewer shows the following error: The Kiwi Syslog Server service failed to start due to the following error: The service did not start due to a logon failure. I can't find anything in the Kiwi Syslog documentation about having to login. The OS is Windows 2008 R2. I am starting the Syslog service from Service Manager > Manage, and Service Manager was Run As Administrator. Is this a known problem? Thanks, Glenn
↧
Can Kiwi Syslog be used in a syslog relay chain without being the first in the chain ?
Hello,
I have been working in log management for a couple of years now. Across all the clients I've met, kiwi syslog had been in use for quite a while.
From a functionality perspectives, amazing things were achieved with it by operational teams.
But I am no expert at configuring kiwi syslog although somewhat familiar with it.
I am often involved in building centralized log management infrastructure and here where I always get stuck with kiwi syslog.
Perhaps there is a hidden config option that I missed ?
Implementing a centralized log management infrastructure often dictates that all logs (syslog) are to be sent to a single destination, the centralized log management.
This destination is always defined with high performance and high resilience in mind e.g. VIP, load balancers, failover systems
For any other systems that requires access to the logs, a live unmodified copy is forwarded to them.
In other words, we just built a syslog relay chain.
And with as much respect I have for your product, making kiwi syslog the first in that relay chain in a central log management system is not an option.
Nor is double-feeding from the source, building a central log management is all about having a single destination for logs where redistribution is performed there.
Whenever I walk into a department that has been running kiwi syslog for a while, they have implemented a lot of automation with it.
Obviously, they (and I agree) want to keep using it.
So the simplest solution would be to forward logs from the centralized syslog server TO the deparment kiwi syslog server.
This ways the enterprise is happy, centralized log management is in place AND that department is happy, the same interface they are using is still there.
Thats where I hit a snag.
To my knowledge, Kiwi syslog ALWAYS take as the source of the message the IP address even if it receives properly RFC3164 or RFC5424 messages containing hostnames.
Therefore, using kiwi syslog in a relay chain where its not the first one in the relay makes all source the previous IP address.
Yes spoofing can be used in the relay chain, but its not elegant, it slows down throughput quite a lot and more often than not, does get blocked by security guidelines.
Almost all advanced syslog server in the field are configurable and allow to use either the hostname contained in properly formatted syslog messages as the source host.
For improperly formatted messages, then the IP of the connected socket is taken.
Also, with some templating, its even possible in the first relay to add in the message an ORIGINATING IP prefix and get the hostname from there.
On output I saw that rsyslog supports adding such prefix.
My questions are:
1. Is there a way to configure kiwi syslog to take the source from inside the syslog message received because it was prefixed with "originating address=4.4.4.4" for example ?
2. Is there a way to configure kiwi syslog to take the source from the hostname syslog header and if it fails to take it from the connected socket ?
Without a way to do any of the above, Kiwi simply doesn't support being on the receiving end of a syslog relay chain and ends up being discarded where it still had lots of value.
Most large enterprises are really looking at central log management, and message brokers like kafka to store the logs and allow for log distribution.
Feeding specific logs from Kafka to kiwi syslog would be a tremendous help for operational teams but e.g. if all the logs have as a source a single IP address, the Kafka cluster instead of the real IP of their firewall, it makes this forwarding useless.
Presuming that I read the doc and havent missed anything, if rsyslog could support on TCP and UDP input a setting that instruct to look for ORIGINATING ADDRESS inserted it the messatge and use this IP address as the source for display, that would be amazing.
Hoping I overlooked some part of the documentation, otherwise is there anyone else who sees this an extremely important feature to support ?
↧
↧
Changing Kiwi Syslog web port
Hi all,
Can anyone point me in the direction some documentation on how to change the default Kiwi Syslog web port from 8088 to something else? Say 80?
I had a 'quick' search and couldn't find anything solid to go off.
Thanks!
↧
Windows failed logins tracking
Hi folks,
We currently have v9.5 running on a Windows 2012 R2 VM which is the loghost for our environment of approx. 60 systems. We use AD for authentication and I'm attempting to configure the logger to alert on multiple failed logins, however, nothing appears to be getting to the loghost from the DC, other than the previously configured items. I have been able to configure this successfully for our Linux VM's but no luck on the Windows side. My assumption is, the problem is between the keyboard and monitor
I've configured the Event Log Forwarder to send all things Microsoft Security to the loghost but having no luck. Has anyone done this successfully? What have I missed?
Thanks in advance.
Buddy
↧
Kiwy syslog "Service running, but Service/Manager comm link is not connecting" on a virtual machine
Hi eveyone
I have a problem with my syslog server, it send he following messages:
Service running, but Service/Manager comm link is not connecting.
Unable to connect to Service socket on TCP port 3300
The server is installed on a windows 7 virtual machine on an vmware enviroment, I already verified the TCP port and it belongs to the syslog server, also the windows firewall is down
Do you have any ideas?
Regards
↧
Syslog server not receiving messages in TCP/SSL mode
Hello,
I have installed kiwi syslog server 9.6.3.3 eval version and trying to configure syslog in TCP SSL mode.
First, these are the steps I following to configure the server:
a) created a self signed certificate using java keytool.
b) imported into windows certificates personal and trusted roots folder.
c) selected the imported certificate in kiwi setup configuration.
After following the above steps , I got below error in Event log file.
2017-11-29 16:40:06 Unable to bind secure TCP listener to port 6514 There might be a problem with the certificate provided.
After googling for this error, I got below link and used IIS server to create a self-signed certificate
Re: Kiwi Syslog Server does not display secure ASA syslogs
After configuring certificate which is generated from IIS, I started getting below error.
2017-11-30 12:37:30 Source: C:\Windows\SysWow64\mswinsck.ocx Error: Socket is non-blocking and the specified operation will block
But , I was able to receive messages in SSL mode using java code running in same box where syslog server is installed. If I try to run same java code from any box other than kiwi server, it is not receiving messages.
Observed similar behavior for TCP mode as well.
How to check syslog server is configured correctly or not? Is there any way to do that?.
Thanks in Advance!!
↧
↧
How to export Kiwi syslogs
Is there any way for me to export Kiwi Syslogs. I want to be able to export the syslogs from a licensed Kiwi server into another database for viewing. Specifically the NPM database. I would think that there would have been something to do this already since both are SolarWinds products, but I am unable to find it.
I want to be able to take the logs off the Kiwi server and view them elsewhere, without viewing through Kiwi. I want to view them through NPM, but I guess I can get by viewing them through something like Access. Is there a way (even if it isn't easy) to do this?
↧
TCP Syslog Does Not Work in Latest Version
I use kiwi syslog server a lot for testing syslog. It seems like in the latest version there are issues with TCP. I'm verifying with the Kiwi Syslog Message Generator. Seems like with syslog server version 9.4.1 TCP connects and works, but in latest version 9.6.3 it does not connect for some reason. When I try to connect TCP with message generator it says "TCP session remotely disconnected" using the same tool the same exact way, it works with version 9.4.1. I'm using the syslog message generator tool on the same machine as the syslog server. Is this a known issue, or am I missing something? Any suggestions or help would be much appreciated. Thank you very much.
↧
How to send windows sever log to kiwi syslog sever
I already install kiwi syslog server windows sever 2008 its running good.
Now I want capture windows log from another windows server to kiwi syslog server?
(SNMP TRAP) My site already enable SNMP trap send to kiwi syslog server but I cant see any progress on that????
↧
Kiwi Syslog Server collect administrator log gdpr
Is there a way to collect access logs from a local machine and other machines regarding administrative access and generate a report for GDPR?
↧
↧
no log shows on Kiwi Syslog Web Access
I am having kiwi syslog 9.5 installed.
I choose to install as service and also installed the web access.
The syslog console opened fine and I see logs on displayed and also to file.
However, with the web access, it shows nothing (what so ever). I checked the Setup on Console Manager and see that under Rules i have 2 exact same option for "Log to Syslog Web Access". Everything under that options checked.
But I still see no log on web access.
1) I tried to uncheck all the "Log to Syslog Web Access".
2) Closed the Console Manager and reopened it
3) Checked mark one of the 2 optioins "Log to Syslog Web Access" and everything below it.
4) Opened and log in to web access -> Still see nothing.
any idea?
↧
Changing Kiwi Syslog web port
Hi all,
Can anyone point me in the direction some documentation on how to change the default Kiwi Syslog web port from 8088 to something else? Say 80?
I had a 'quick' search and couldn't find anything solid to go off.
Thanks!
↧
Mail error: SMTP protocol error. 504 5.7.4 Unrecognized authentication type
I'm having trouble configuring email alerts. I'm trying to send alerts to my Office 365 email address. Can someone see if I've input one of these settings incorrectly? I'm using my full Office 365 email for each of the blacked out sections in the screen shot below. For "SMTP Password," I'm using my Office 365 password.
↧
Kiwi Syslog Server service starts then stops
When attempting to start the Kiwi Syslog Server service (on Windows 2008 R2), I get the message "The Kiwi Syslog Server service on [my server name] started and then stopped. Some services stop automatically if they are not in use by other services or programs." Any ideas what could be causing this?
↧
↧
Kiwi Syslog not receiving any message
Hello,
I just installed Syslog on a Windows 8 VM (ESXi 5.5).
However... I don't received any message from the router (Cisco RV042G) I want to log.
I tried the generic troubleshhoting :
• Check network connectivity by pinging from the sending device to the Syslog Server machine => OK
• Check only one instance of Kiwi Syslog Server is running (Ctrl-Shift-Esc to get the task-list) => OK, only one
• Disable any personal firewall software such as ZoneAlarm or BlackIce => Disabled
• Use a sniffer to check if messages from the routing are reaching the PC => Yes, I can see them
• Check DNS resolution is working as expected by pinging a hostname from the Command Prompt => OK
• Check that there is a "Display" action setup for the facility and level you are expecting to receive messages on. => OK
• Send a test message to yourself by pressing Ctrl+T => Displayed
• Download a copy of the Free Syslog Server Message Generator (SyslogGen) from: www.kiwisyslog.com/downloads => Done
• Install SyslogGen and set it to send a message every second to the address 127.0.0.1 (local host). => Not displayed, and I don't see them in a local packet capture.
• Try sending messages with SyslogGen from another machine to the host running the Syslog Server => Not displayed, but see them on a packet capture (on Syslog PC)
Do you have any idea about the cause of this issue ?
Thanks in advance for your help.
↧
Collect DHCP events from Windows DHCP server
Hello,
Could you please tell me how to transfer all DHCP events (from a standard Windows 2012 DHCP server) to syslog ?
Thanks in advance for your help
↧
Event log forwarder not forwarding log messsages when login to a domain account.
Hi,
First I am new here.
Currently, I am having an issue where I login as a domain user from my windows PC no logs were forwarded to my syslog server. I did a test log and it works correctly, but only when I login as a local user from my computer.
Overall, when i login as a local user it forwards log messages according to the subscription and preview functionality. When i tried login as a domain user, it do not work?
I would be appreciated if you would assist me with this issue.
↧