Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

no log shows on Kiwi Syslog Web Access

August 25, 2015, 11:44 am
$
0
0

I am having kiwi syslog 9.5 installed.

I choose to install as service and also installed the web access.

The syslog console opened fine and I see logs on displayed and also to file.

However, with the web access, it shows nothing (what so ever).  I checked the Setup on Console Manager and see that under Rules i have 2 exact same option for "Log to Syslog Web Access".  Everything under that options checked.

But I still see no log on web access.

 

1) I tried to uncheck all the "Log to Syslog Web Access".

2) Closed the Console Manager and reopened it

3) Checked mark one of the 2 optioins "Log to Syslog Web Access" and everything below it.

4) Opened and log in to web access -> Still see nothing.

 

any idea?

Search

[Log to file Action Error] Merging 2 or more hostnames in one file

February 10, 2015, 8:22 am
$
0
0

Hello folks.

 

My Kiwi Syslog is merging 2 or more hostnames (devices) in the same file when: "Log to file Action".

 

For example, i have 3 devices:

  1. 10.168.1.20
  2. 10.168.1.201
  3. 10.168.1.202

 

In the root folder of files, i had 3 folders, one for each hostname.

The 10.168.1.201 and 10.168.1.202 are logging correctly. But when i should have the 10.168.1.20 logs, i have a merge of 10.168.1.201 and 10.168.202 (without the 10.168.1.20).

 

I check another scenario (that i consider worse)...

I had a file log from 10.120.1.2. But this device don't exist.

IN this file, are logged 6 devices: 10.120.1.20, 10.120.1.25, 10.120.1.26, 10.120.1.27, 10.120.1.28 and 10.120.1.29.

 

The logs below, are in same file:

2015-02-10 00:10:19Local4.Warning10.120.1.2Feb 10 2015 02:10:19 HQ-BL1-HW9306-A1 %%01LLDP/4/BAD_PACKET(l)[2159934]:8 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/14.
2015-02-10 00:11:26Local4.Warning10.120.1.2Feb 10 2015 02:11:26 HQ-BL1-HW9306-A3 %%01LLDP/4/BAD_PACKET(l)[3194428]:6 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/19.
2015-02-10 00:11:45Local4.Warning10.120.1.2Feb 10 2015 02:11:45 HQ-BL1-HW9306-A2 %%01LLDP/4/BAD_PACKET(l)[6928978]:7 invalid packets were received after latest notification. The last invalid packet came from interface GigabitEthernet1/0/4.
2015-02-10 00:11:46Local4.Info10.120.1.2Feb 10 2015 02:11:46 HQ-BL1-HW9306-A5 %%01MSTP/6/SET_PORT_LEARNING(l)[2711307]:In process 0 instance 0, MSTP set port GigabitEthernet2/0/29 state as learning.

 

Is a bug, or some misconfigured of my part?

 

Looking forward for a help,

 

Regards Fold

Kiwi Syslog Server 9.4.1 - Active Directory Settings

June 30, 2014, 1:02 pm
$
0
0

Has anyone configured Active Directory Settings in Kiwi Syslog Server 9.4.1?  Below are the available Active Directory Settings available in the Web Access interface under the Admin Tab.

 

  • Domain URL: <Free Form Box>  My domain prepopulated correctly.
  • Authentication Type: <Free Form Box>.  Is this supposed to be NTLM, Kerberos, etc?
  • User Groups: <Free Form Box>  Does the format need to be LDAP based?

Kiwi Syslog Mail error: SMTP protocol error. 421 4.3.2 Service not available

March 13, 2015, 8:31 am
$
0
0

I am trying to setup the email section of the Kiwi Syslog server and I am receiving the following error in the log, "Mail error: SMTP protocol error. 421 4.3.2 Service not available.". Does this message mean I need to have the SMTP service installed on the same server as the Kiwi Syslog server? Or is this error coming from the server I entered as the valid SMTP server? The admin manual does not specify.

 

Thanks,

Caleb

 

Kiwi Syslog Server Version 9.4.1

Windows Server 2008 R2 Standard

TCP Syslog Does Not Work in Latest Version

March 8, 2018, 1:07 pm
$
0
0

I use kiwi syslog server a lot for testing syslog.  It seems like in the latest version there are issues with TCP.  I'm verifying with the Kiwi Syslog Message Generator.  Seems like with syslog server version 9.4.1 TCP connects and works, but in latest version 9.6.3 it does not connect for some reason. When I try to connect TCP with message generator it says "TCP session remotely disconnected" using the same tool the same exact way, it works with version 9.4.1. I'm using the syslog message generator tool on the same machine as the syslog server.  Is this a known issue, or am I missing something?  Any suggestions or help would be much appreciated.  Thank you very much.

how to setup snort-log link to syslog server?

April 24, 2017, 12:31 pm
$
0
0

how to setup snort-log link to syslog server?

 

in snort.conf  (windows 7 32 bits)

output alert_syslog: host=127.0.0.1:8080, LOG_AUTH LOG_ALERT

 

command :

snort -i 1 -c c:\snort\etc\snort.conf -s

 

then get a file in c:\snort\log\snort.log.1493058792.

 

please tell me, how to send log to syslog server?

 

thank you

Kiwi Syslog Server High CPU Utilization - Messages Seem to be behind

September 8, 2010, 11:51 am
$
0
0

The CPU on my Kiwi Syslog Server is Pegged.  Here is the Diagnostic info file from the server.

 

Kiwi Syslog Server [Registered] Version 9.0.3


///       Kiwi Syslog Server Statistics         ///
---------------------------------------------------
24 hour period ending on: Wed, 08 Sep 2010 14:44:34
Syslog Server started on: Wed, 08 Sep 2010 13:37:39
Syslog Server uptime:     1 hour, 7 minutes
---------------------------------------------------

+ Messages received - Total:          1098753
+ Messages received - Last 24 hours:  1098753
+ Messages received - Since Midnight: 1098753
+ Messages received - Last hour:      996804
+ Message queue overflow - Last hour: 416654
+ Messages received - This hour:      101949
+ Message queue overflow - This hour: 12336
+ Messages per hour - Average:        996804

+ Messages forwarded:                 769810
+ Messages logged to disk:            1194581

+ Errors - Logging to disk:           0
+ Errors - Invalid priority tag:      0
+ Errors - No priority tag:           2
+ Errors - Oversize message:          309

+ Disk space remaining on drive E:    41554 MB

    Breakdown of Syslog messages by severity  
+--------------------+------------+------------+
| Message Level      |  Messages  | Percentage |
+--------------------+------------+------------+
| 0 - Emerg          |         0  |      0.00% |
| 1 - Alert          |      2753  |      0.25% |
| 2 - Critical       |       496  |      0.05% |
| 3 - Error          |      5745  |      0.52% |
| 4 - Warning        |    103603  |      9.43% |
| 5 - Notice         |     42938  |      3.91% |
| 6 - Info           |    775902  |     70.62% |
| 7 - Debug          |    167316  |     15.23% |
+--------------------+------------+------------+

Custom statistics
-----------------
CustomStats01: 0
CustomStats02: 0
CustomStats03: 0
CustomStats04: 0
CustomStats05: 0
CustomStats06: 0
CustomStats07: 0
CustomStats08: 0
CustomStats09: 0
CustomStats10: 0
CustomStats11: 0
CustomStats12: 0
CustomStats13: 0
CustomStats14: 0
CustomStats15: 0
CustomStats16: 0

End of Report.


DNS Cache size  20000
DNS Cache entries 2
Entries in queue 0
DNS Cache hits  0
DNS Cache misses 0
DNS Cache TTL  1440 minutes
Total DNS Lookups 0
Successful cache hits 0%


IP Address Hostname TTL (minutes)
127.0.0.1       localhost Static
::1             localhost Static


Message Buffer Information
==========================
Message Queue Max Size: 20000
Message Queue overflow: 428990
Message Count:          19932
Message Count Max:      20000
Percentage free:        1

 

E-mail Buffer Information
==========================
Message Queue Max Size: 1000
Message Queue overflow: 0
Message Count:          0
Message Count Max:      13
Percentage free:        100

Kiwi Syslog Server limitations

July 28, 2017, 9:00 am
$
0
0

Hi everyone,

 

I wonder if Kiwi Syslog Server has any limitation on how many servers that it can collect the logs from or how many servers can send the logs to the syslog server?

 

I know the Web Access has 4GB db limitation.  What is the best practice for this limitation when you have more than 10 servers sending the logs to syslog server? I don't want to see only 1 or 2 day logs every day from Web Access.  I hope at least 4GB db limitation can store like a month logs of all 10+ servers.  I am trying first with the windows event logs (using the free tool Solwarwinds Event Log Forwarder)

 

Is there any limitation that i should be aware with Kiwi Syslog Server and Event Forwarder tool?

 

Another question:

Does Solarwinds Event Log Forwarder can work with other vendor syslog server? If so, which vendor and which syslog server product is that?

 

Thanks in advance!

Search

DBCache folder accumulation (log to database action)

June 30, 2015, 1:08 pm
$
0
0

I am consistently getting warnings from SAM that the DB Cache folder the kiwi syslog (\\${IP}\c$\Program Files (x86)\Syslogd\DBCache) contains files. The warning in SAM indicates that the log to database action is falling behind or failing. I do not see anything in the documentation regarding this warning. Does anybody know how this affects the kiwi syslog and how concerned I should be? I would like to add more devices to send syslog information but am concerned kiwi will have more of these files in the DBCache. Currently I am seeing about 47K MPH in Kiwi. Has anybody else seen this message from SAM, or have any suggestions for possible solutions?

 

Thanks,
Caleb

 

Kiwi Syslog Server 9.4.2 installed on Windows 2008 R2 Standard, 8 GB ram, 200 GB HD.

Using the log to database action to Microsoft SQL Server 2008 R2, 8 GB ram, 100 GB HD

SAM 6.1.1 Application component File Count: DBCache Folder for Kiwi Syslog Server

When is Kiwi Syslog v10 coming out?

March 11, 2016, 6:15 am
$
0
0

As you all may recall, it's been 7 months since Kiwi Syslog v9.5 was posted (see Kiwi Syslog 9.5 is now Available! ).  I am very much looking forward to a major release (i.e. v10).  What would this new version contain?  I have a few things in my wish-list...

 

  • Increased the of number of syslog messages and snmp traps that can Kiwi can handle. According to a posting on Geek Speak (How many messages can Kiwi Syslog manage?), Kiwi can handle between 400 and 600 messages per second.  I'd like to see that go all the way up to 2,000 messages (or more).
  • Rules Wizard (for the novice and those of us with diminished brain-cells due to age. 
  • Full web-based management option.  I don't know about other Thwackers, but I prefer not to use Win32 (via RDP) whenever possible.
  • Additional Polling Engine option for Kiwi.  This, so we can have multiple servers handle syslog messages and snmp traps.

 

I am sure that other Thwackers have many other items in their respective wish-list for Kiwi.  I'd like to hear from you.  And, of course, I'd like to hear from the Kiwi PM, to tell us what's in the Roadmap for the next Kiwi release.  Have a great day, everyone!!! 

Maximum number of TCP connections has been reached. Not accepting connection.

July 9, 2014, 7:38 am
$
0
0

KiWi Syslogd error: Maximum number of TCP connections has been reached. Not accepting connection.

Why? Thanks..

Administrator Password Missed; Other way to login

April 17, 2015, 2:56 am
$
0
0

Hi,

 

I have recently been handed over Kiwi Syslog server to manage which has both Fat Client and Web Server. Fat Client is directly logged in however Web console could not be logged in. When I checked regarding the password of "Administrator", I have been informed that resource handling it has left long ago and there is no one to tell.

 

Is there a way we can reset the password of Administrator or create a new user from Syslog Fat Client. I cant raise the request with Support as we do not have active maintanence.

 

Thanks,

Syed

Syslog solution (New*) Log Manager for Orion or (old)Kiwi Syslog.

July 9, 2018, 12:12 am
$
0
0

Dear Thwack experts,

 

Our WAN is spread across 500 sites, connected via 5  Datacenters, Most are VPN connections btw Sites and DC's ,but few still have slow paced connections.

For NPM, We are planning to build our HA solution across DC1 and DC2, and will use APE at DC3,DC4 & Dc5, So that each polling engine can poll the devices at connected remote site.

 

Now speaking about Syslog monitoring Requirement, We felt Log manager for Orion has  lot  more feature , But may not fit into our environment.

 

Discussion points:

-In our case, Device at remote site, need to send syslog message to the centralized solution

 

1)Kiwi have below solution:
Kiwi Secure Tunnel receives, compresses, and securely transports, syslog messages from distributed network devices to the Kiwi Syslog Daemon.

 

Does Log manager for Orion can be used here.??

 

2) Kiwi also store the syslog and trap messages into Microsoft® SQL Server , Apart from Log tagging, how different can Log manager can help to our operations team,, any comparison between KIWI and LM would be more helpful

 

( please correct me, if I am wrong some where)

no log shows on Kiwi Syslog Web Access

August 25, 2015, 11:44 am
$
0
0

I am having kiwi syslog 9.5 installed.

I choose to install as service and also installed the web access.

The syslog console opened fine and I see logs on displayed and also to file.

However, with the web access, it shows nothing (what so ever).  I checked the Setup on Console Manager and see that under Rules i have 2 exact same option for "Log to Syslog Web Access".  Everything under that options checked.

But I still see no log on web access.

 

1) I tried to uncheck all the "Log to Syslog Web Access".

2) Closed the Console Manager and reopened it

3) Checked mark one of the 2 optioins "Log to Syslog Web Access" and everything below it.

4) Opened and log in to web access -> Still see nothing.

 

any idea?

How Do I add a Mac Address Field or Column?

December 13, 2012, 12:23 pm
$
0
0

Hello,

 

I am tracking dynamic IP computers. How can I add a field or column for MAC address so I know what which traffic belongs to which computer.

Search

Forescout NAC & syslog

March 12, 2015, 12:29 pm
$
0
0

We have a couple of Forescout NAC devices. They are configured to forward to our local Kiwi servers, and then rules on the Kiwi are supposed to be sending warning & above messages to the main Orion server. Unfortunately, I have oodles (technical term) of info messages showing in the main repository. I'm pretty sure the Kiwi rules are correct (they are working for other devices) but our on site security guy isn't a Forescout expert, so he hasn't been able to see anything wrong on the NAC itself. I'm thinking we have it set to forward directly to Orion under a different facility, but that's a pure guess. From what I've seen of the NAC's SYSLOG setup there aren't drop downs to look at different facilities.

 

Does anyone have experience with this? Thanks in advance!

sys log server errors "FormatMessage failed with 1815" help please!!

April 8, 2015, 2:19 pm
$
0
0

Good day Community,

 

I am experiencing an urgent issue. The sys log server forwarder is forwarding the following message to the KIWI sys log server. The actual security logs are showing the correct information, however the message below is being showed. I thought it was the server, but wen I added another sever to forward security logs, I am getting the same message as shown below.

 

Can anyone who have encountered this message or know how to resolve this issue. The security logs are on the server and I can view them using event viewer properly and audit logs are reflecting fine.

 

I would really appreciate your humble assistance or comments.

 

 

 

Apr 08 14:36:34 CASSIOPEIA1.carimed.local MSWinEventLog 5 Security 495 Wed Apr 08 14:36:33 2015

4624 Microsoft-Windows-Security-Auditing N/A Audit Success CASSIOPEIA1.carimed.local 12544

The description for Event ID 4624 from source Microsoft-Windows-Security-Auditing cannot be

found. Either the component that raises this event is not installed on your local computer or

the installation is corrupted. You can install or repair the component on the local computer.If

the event originated on another computer, the display information had to be saved with the

event.The following information was included with the event: S-1-0-0. FormatMessage failed with

error 1815, The specified resource language ID cannot be found in the image file.

Display original source of message when logs are aggregated through rsyslog server

December 6, 2015, 3:58 pm
$
0
0

I am hoping you can give me a hand with an issue that I am having. I have a number of servers in a DMZ that are logging to a central rsyslog server and then forwarding these messages to a KiwiSyslog server. Unfortunately when this happens all of the messages received by Kiwi are labelled with the hostname/ip of the rsyslog server and not their original source. I am unable to enable UDP Spoofing on the RSyslog server as the firewall will only allow traffic from this servers IP and not the spoofed addresses.


Take the following example:
InternalServer1 -> KiwiSyslogServer
-Kiwi is able to resolve the name of InternalServer1 and everything works fine.

DMZServer1 -> DMZRSyslogServer -> KiwiSyslogServer
-Kiwi is not able to resolve the name of DMZServer1 as the incoming messages are stamped with the IPAddress of the DMZRSyslogServer


I noticed in the help documents that there is the option to modify a message by processing it with a script. The example they give for "Fields.VarPeerAddress" is very similar to what we want to happen:

"Firewall device (192.168.1.1) ---> First syslog collector (192.168.1.2) ---> This syslog collector (192.168.1.3)
The Fields.VarPeerAddres value would be 192.168.1.1."

So would a script similar to the following work? Anyone have any experience with this?

"Function Main()
  ' Replace DMZServerIP with ActualSourceIP within the message hostname
Fields. = Replace(Fields., "123.123.123.123", Fields.VarPeerAddress)
  ' Return OK to tell syslog that the script ran correctly.
Main = "OK"
  End Function"

Thanks,
Ryan

Changing Kiwi Syslog web port

August 19, 2016, 6:11 pm
$
0
0

Hi all,

 

Can anyone point me in the direction some documentation on how to change the default Kiwi Syslog web port from 8088 to something else? Say 80?

 

I had a 'quick' search and couldn't find anything solid to go off.

 

Thanks!

Syslog manager not receiving events forwarded

May 23, 2017, 2:43 am
$
0
0

Hi.

 

I am trying to get Event Log Forwarder and Syslog Service Manager to work together.

I have the Log Forwarder running on a domain controller and the SSM on the logging server.

I have the syslog generator tested on the domain controller and it can generate messages in the SSM, but when I run the Event Log Forwarder, then I am not getting any events through. Not even test messages are getting through. I have set up subscriptions for error 4776 in the security tab for both Audit success and failure. I have added the syslog server in that tab, but still no luck. A reinstall of the programs didnt help.

 

Can anyone point me in the right direction?

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>