I would like to get a verification for the stated tool, is it a freeware tool that I can use with a limitation features or is just 14 days trial version tool?
↧
Kiwi Syslog Server Tool - Free to use or just a trial version for 14 days?
↧
What scripting language do you use for Kiwi?
I was going to post this as a poll, but for some reason it's not letting me post polls...
Do you use scripts with Kiwi Syslog Server to capture statistics, filter your syslogs, parse, seperate or replace portions of logs prior to sending them off to correlation engines, to alert based on logs, or for any other reason?
If so what languages do you use for your scripts?
Out of all of the scripting options provided, I can work with any of them, but I'm mostly comfortable with VB so that's what I tend to use if I have the option.I also have a few jscripts running in Kiwi though. Outside of Kiwi, but still relating to it and interfacing with it, I also use batch files and PowerShell scripts to do things locally on the syslog server like edit the registry or collect directory/network information. I've also been experimenting with some success using klogwin (command line syslog generator) as a method to send remote commands to the Kiwi Syslog server to execute scripts, generate reports from the database, etc...
↧
↧
Collect DHCP events from Windows DHCP server
Hello,
Could you please tell me how to transfer all DHCP events (from a standard Windows 2012 DHCP server) to syslog ?
Thanks in advance for your help
↧
Kiwi Syslog Server - Status Code 500
Hi community. I ve searched about my problem but only found topics related about Orin software. I am getting an exception in Kiwi Syslog Web Access. Status Code 500. Any one have experienced this issue ? Thanks a lot.
Exception of type 'System.Web.HttpUnhandledException' was thrown.
Status Code: 500
System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.ArgumentOutOfRangeException: 'capacity' must be non-negative.
Parameter name: capacity
at System.Collections.ArrayList..ctor(Int32 capacity)
at RadGridUserSettings.GetSerializedSettings()
at _Event.Render(HtmlTextWriter writer)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer, Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at System.Web.UI.Page.Render(HtmlTextWriter writer)
at _Event.Render(HtmlTextWriter writer)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer, Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter writer, ICollection children)
at System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at System.Web.UI.Page.Render(HtmlTextWriter writer)
at _Event.Render(HtmlTextWriter writer)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer, ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace ---
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.events_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Resource: http://localhost:8088/Events.aspx
Referrer: http://localhost:8088/Gateway.aspx
Click here to return to the previous page Click here to return to the login page
↧
Procurve switches not sending syslog messages in KIWI syslog
Hi all,
New here, searched for discussions but found no entry on procurve switch(es).
The Procurve switches will not send any syslog messages (wiresharked the server)
Turned on logging on the switch: logging 'ip-address'
show debug
Debug Logging
Source IP Selection: Outgoing Interface
Destination:
Logging --
'ip-address' Kiwi Syslog server
Protocol = UDP
Port = 514
Facility = user
Severity = info
System Module = all-pass
Priority Desc =
tried facility 'syslog' still nothing.
Only the Procurve switches will not send any syslog messages.
Other devices such as Cisco ASA's work fine.
Anyone ideas to solve this?
TIA Jaap
↧
↧
SolarWinds.SyslogServer.Engine.log
Hi, I was hoping someone can explain the log files ('SolarWinds.SyslogServer.Engine.log') created in the Syslogd folder to me. What purpose do they serve? Are they safe to delete? Can I set them to be created in a different directory?
Thank you.
↧
How to encrypt syslog from cisco switch or router into Kiwi syslog?
I want to encrypt syslog from Cisco swirtch or router into Kiwi Syslog.
I read somewhere I can use syslog tls or snmp trap v3
Is that possible using Kiwi Syslog
thanks
↧
Kiwi Syslog Console Crashing Constantly After Upgrading 9.5.0 To 9.5.1
After upgrading to v9.5.1, from v9.5.0, we started experiencing constant crashing on our console. Other than a few minor quirks and annoyances, the previous version had not really crashed too often after we applied the hotfix.
Windows Server 2012
Virtual
4 CPUs(2 Cores per Socket, 2 Sockets)
24 GB RAM
150 GB Hard Disk
Kiwi Syslog Server, Installed as a Service
I began to notice the message buffer would quickly drop down from 100%, shortly after starting up the console. Sometimes we would only reach 43K MPH before crashing, while other times we made it up around 350K+ MPH before crashing. And, every time it would crash, the message buffer would be far away from 100%. Previously, the message buffer rarely, if ever, dropped under 100% free.
After reading through various other user issues of the past, I found something that mentioned the "MsgBufferSize" settings in the registry. I went looking into the registry for those settings, however, "MsgBufferSize" was nowhere to be found. I added the "MsgBufferSize" with the value of "10000000", which is shown to be the max value. After adding the settings into the registry, and restarting everything, our system appears to be running fairly smooth, so far. Currently, we are roughly around 430K MPH, with a full 100% buffer free.
Previously posted thread regarding the "MsgBufferSize" registry entry:
Does the Kiwi Syslog buffer with SQL Server
Registry values documentation:
Section: HKEY_LOCAL_MACHINE\SOFTWARE\SolarWinds\Syslogd\Properties
Value (STRING): MsgBufferSize
Registered mode:
Min value: 100
Max value: 10000000 (10 million)
Default value: 500000
Type: Maximum number of message buffer entries
So, did something change from 9.5.0 to 9.5.1 that would have removed those settings from the registry? If not, then what else would have removed the entry altogether? Or, has the "MsgBufferSize" registry entry been removed all along, and the documentation just not updated? If it has been removed, and is not used anymore, then why would adding the entry back into the registry make everything suddenly start working again?
Thank you,
-Will
↧
Mail error: SMTP protocol error. 504 5.7.4 Unrecognized authentication type
I'm having trouble configuring email alerts. I'm trying to send alerts to my Office 365 email address. Can someone see if I've input one of these settings incorrectly? I'm using my full Office 365 email for each of the blacked out sections in the screen shot below. For "SMTP Password," I'm using my Office 365 password.
↧
↧
how to setup snort-log link to syslog server?
how to setup snort-log link to syslog server?
in snort.conf (windows 7 32 bits)
output alert_syslog: host=127.0.0.1:8080, LOG_AUTH LOG_ALERT
command :
snort -i 1 -c c:\snort\etc\snort.conf -s
then get a file in c:\snort\log\snort.log.1493058792.
please tell me, how to send log to syslog server?
thank you
↧
Syslog solution (New*) Log Manager for Orion or (old)Kiwi Syslog.
Dear Thwack experts,
Our WAN is spread across 500 sites, connected via 5 Datacenters, Most are VPN connections btw Sites and DC's ,but few still have slow paced connections.
For NPM, We are planning to build our HA solution across DC1 and DC2, and will use APE at DC3,DC4 & Dc5, So that each polling engine can poll the devices at connected remote site.
Now speaking about Syslog monitoring Requirement, We felt Log manager for Orion has lot more feature , But may not fit into our environment.
Discussion points:
-In our case, Device at remote site, need to send syslog message to the centralized solution
1)Kiwi have below solution:
Kiwi Secure Tunnel receives, compresses, and securely transports, syslog messages from distributed network devices to the Kiwi Syslog Daemon.
Does Log manager for Orion can be used here.??
2) Kiwi also store the syslog and trap messages into Microsoft® SQL Server , Apart from Log tagging, how different can Log manager can help to our operations team,, any comparison between KIWI and LM would be more helpful
( please correct me, if I am wrong some where)
↧
How Do I add a Mac Address Field or Column?
Hello,
I am tracking dynamic IP computers. How can I add a field or column for MAC address so I know what which traffic belongs to which computer.
↧
TCP Syslog Does Not Work in Latest Version
I use kiwi syslog server a lot for testing syslog. It seems like in the latest version there are issues with TCP. I'm verifying with the Kiwi Syslog Message Generator. Seems like with syslog server version 9.4.1 TCP connects and works, but in latest version 9.6.3 it does not connect for some reason. When I try to connect TCP with message generator it says "TCP session remotely disconnected" using the same tool the same exact way, it works with version 9.4.1. I'm using the syslog message generator tool on the same machine as the syslog server. Is this a known issue, or am I missing something? Any suggestions or help would be much appreciated. Thank you very much.
↧
↧
Problem with filtering in Kiwi Syslog
I am setting up a kiwi syslog server. Running into a problem with the filtering not working the way I would expect. I have used Kiwi but that was several years ago. I have setup a display for a specific switch and have tried several different filter possibilities but still getting syslog messages on the display that dont belong to the switch I am trying to watch.
I have tried a ip address - simple filter with the ip address of the switch "10.1.1.2". On the cisco switch, I have used the command logging source-interface vlan 254 which should send out the syslog messages using the ip address in the simple filter I setup. I have also tried the hostname option with the hostname of the switch "Switch1" but same problem.
It has got to be something simple but so far I havent found the problem. Since this is the free version, I know I cant call Solar Winds support.
Any suggestions are appreciated.
Ron
↧
Kiwi Message Buffer
We have two syslog servers and use a F5 to load balance between the two. In total they receive around 45 million messages a day.We have around a dozen rules that forward messages onto a security appliance or splunk and it can take around 30 minutes before those messages arrive. It can also take 30 minutes for any emails to end up in a users mailbox.
As soon as we start the syslog service the message count on the buffer starts to climb and eventually the overflow queue increase. We haven't checked the stats for a while but one of the servers had a overflow queue count of 125,000! It is a VM server running Windows 2003, 2 CPU's and 4Gb RAM.
Here are the stats from the first hour of starting the syslog service
Kiwi Syslog Server [Licensed] Version 9.4.1
/// Kiwi Syslog Server Statistics ///
---------------------------------------------------
24 hour period ending on: Thu, 22 May 2014 09:03:09
Syslog Server started on: Thu, 22 May 2014 08:04:17
Syslog Server uptime: 0 hours, 58 minutes
---------------------------------------------------
+ Messages received - Total: 767628
+ Messages received - Last 24 hours: 767628
+ Messages received - Since Midnight: 767628
+ Messages received - Last hour: 0
+ Message queue overflow - Last hour: 0
+ Messages received - This hour: 767628
+ Message queue overflow - This hour: 0
+ Messages per hour - Average: 767628
+ Messages forwarded: 775368
+ Messages logged to disk: 767587
+ Errors - Logging to disk: 0
+ Errors - Invalid priority tag: 0
+ Errors - No priority tag: 602
+ Errors - Oversize message: 464
+ Disk space remaining on drive C: 3904 MB
Breakdown of Syslog messages by severity
+--------------------+------------+------------+
| Message Level | Messages | Percentage |
+--------------------+------------+------------+
| 0 - Emerg | 17 | 0.00% |
| 1 - Alert | 10 | 0.00% |
| 2 - Critical | 504 | 0.07% |
| 3 - Error | 26356 | 3.43% |
| 4 - Warning | 619384 | 80.69% |
| 5 - Notice | 61780 | 8.05% |
| 6 - Info | 58963 | 7.68% |
| 7 - Debug | 614 | 0.08% |
+--------------------+------------+------------+
Message Buffer Information
==========================
Message Queue Max Size: 500000
Message Queue overflow: 18858
Message Count: 500000
Message Count Max: 500000
Percentage free: 0
Any help would be appreciated
Thanks
John
↧
Faulting application name: Syslogd_Service.exe
I have installed and configured Kiwi Syslog, i recently started noticing the service stops randomly. after looking through event logs im finding that the app keeps crashing and i get the below. any ideas?
Faulting application name: Syslogd_Service.exe, version: 9.4.0.2, time stamp: 0x54fda0c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x064edf14
Faulting process id: 0x%9
Faulting application start time: 0x%10
Faulting application path: %11
Faulting module path: %12
Report Id: %13
Faulting package full name: %14
Faulting package-relative application ID: %15
Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: Syslogd_Service.exe
P2: 9.4.0.2
P3: 54fda0c5
P4: unknown
P5: 0.0.0.0
P6: 00000000
P7: c0000005
P8: 064edf14
P9:
P10:
Attached files:
C:\Windows\Temp\WER751C.tmp.WERInternalMetadata.xml
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Syslogd_Service._db17ea651912375fcb9862559d784039662e_00000000_cab_1012775e\memory.hdmp
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Syslogd_Service._db17ea651912375fcb9862559d784039662e_00000000_cab_1012775e\minidump.mdmp
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Syslogd_Service._db17ea651912375fcb9862559d784039662e_00000000_cab_1012775e
Analysis symbol:
Rechecking for solution: 0
Report Id: e3d4b04b-1f3b-11e5-80de-005056aa628b
Report Status: 4
Hashed bucket:
↧
Changing Kiwi Syslog web port
Hi all,
Can anyone point me in the direction some documentation on how to change the default Kiwi Syslog web port from 8088 to something else? Say 80?
I had a 'quick' search and couldn't find anything solid to go off.
Thanks!
↧
↧
Query on Kiwi Syslog server
Hi All,
Just want one clarity. Kiwi Syslog server can receive the data from network devices, servers etc via syslog method right OR its different?
↧
Kiwi Syslogd_Service.exe stopping unexpectantly
we are experiencing the below events:
Event ID: 1000
Faulting application name: Syslogd_Service.exe, version: 9.6.3.3, time stamp: 0x5a0da76b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x065685f4
Faulting process id: 0x%9
Faulting application start time: 0x%10
Faulting application path: %11
Faulting module path: %12
Report Id: %13
Faulting package full name: %14
Faulting package-relative application ID: %15
Event ID: 1026
Application: Syslogd_Service.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000096, exception address 065685F4
Stack:
the service can be manually started successfully, however it stops with the above errors on a seemingly random basis (at least once a day).
EDIT 17:38 19/04/18 - I discovered that the service fails when a scheduled job (to archive) the syslog files is activated - but not when manually ran.
↧
how to setup snort-log link to syslog server?
how to setup snort-log link to syslog server?
in snort.conf (windows 7 32 bits)
output alert_syslog: host=127.0.0.1:8080, LOG_AUTH LOG_ALERT
command :
snort -i 1 -c c:\snort\etc\snort.conf -s
then get a file in c:\snort\log\snort.log.1493058792.
please tell me, how to send log to syslog server?
thank you
↧