Kiwi syslog 9.4 on windows server 2012 64bit Service crash - Possible bug!

October 2, 2013, 4:10 am

≫ Next: Kiwy syslog "Service running, but Service/Manager comm link is not connecting" on a virtual machine

≪ Previous: Kiwi Syslog Server High CPU Utilization - Messages Seem to be behind

$

0

0

Hello , kiwi friends!

 

I am trying to get Kiwi syslog 9.4 to work on windows server 2012 64bit but having problems with the service crashing then i try to start the kiwi syslog server console.

I have applied the kb fix for Microsoft .Net Framework 2 , before that i couldnt install kiwi syslog successfully becuse the service could not start.

http://knowledgebase.solarwinds.com/kb/questions/4386/

 

 

I have the following errors in the windows event viewer!

Error 7000: The Kiwi Syslog Server service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion

Error 7009 : A timeout was reached (30000 milliseconds) while waiting for the Kiwi Syslog Server service to connect.

 

Do you have a solution for this or could it be a new bug in windows server 2012 and the old dot net framework combined ?

 

Thanks in advance.

---

Kiwy syslog "Service running, but Service/Manager comm link is not connecting" on a virtual machine

March 14, 2017, 2:14 am

≫ Next: Does Kiwi Syslog Server works on Windows 2016 Core version?

≪ Previous: Kiwi syslog 9.4 on windows server 2012 64bit Service crash - Possible bug!

$

0

0

Hi eveyone

 

I have a problem with my syslog server, it send he following messages:

 

Service running, but Service/Manager comm link is not connecting.

Unable to connect to Service socket on TCP port 3300

 

The server is installed on a windows 7 virtual machine on an vmware enviroment, I already verified the TCP port  and it belongs to the syslog server, also the windows firewall is down

 

Do you have any ideas?

 

Regards

Does Kiwi Syslog Server works on Windows 2016 Core version?

May 17, 2018, 11:13 pm

≫ Next: Event log entries not showing on Kiwi Syslog server

≪ Previous: Kiwy syslog "Service running, but Service/Manager comm link is not connecting" on a virtual machine

$

0

0

I having issues installing the latest Kiwi Syslog version on Windows 2016 Core version. Please share relevant documentations.

 

Thanks in Advance!

Event log entries not showing on Kiwi Syslog server

May 31, 2018, 2:19 pm

≫ Next: Problem with python script in Kiwi syslog server

≪ Previous: Does Kiwi Syslog Server works on Windows 2016 Core version?

$

0

0

I have Kiwi Syslog server v9.6.3.3 installed as a 14 day evaluation.  I successfully setup 3 servers to send event logs to the server using the SolarWinds Log Forwarder software.  I setup 2 additional servers using the same method and settings and none of the events appear in the Kiwi Syslog Server.  No errors appear on the client or server.  How can I troubleshoot this problem?

Problem with python script in Kiwi syslog server

May 21, 2016, 2:20 am

≫ Next: Insecure (non https) and Chrome warning

≪ Previous: Event log entries not showing on Kiwi Syslog server

$

0

0

Hi,

 

I have a problem with python script, my script works fine when I run it outside Kiwi syslog with test data as you can see it in picture below

 

but when i try to run it inside kiwi syslog i get error as you can see in next pictures

 

this is the script:

 

there is very little info on python script usage in kiwi syslog, maybe I'm doing something wrong. Any help would be appreciated.

 

Thanks in advance.

Insecure (non https) and Chrome warning

November 29, 2016, 12:12 pm

≫ Next: Forward Event Viewer subscriptions with Event Log Forwarder for Windows

≪ Previous: Problem with python script in Kiwi syslog server

$

0

0

According to the webinar from Symantec today, starting from Jan 2017, Chrome will give warning on insecure (non https) site that asks for password and/or credit card info

I am not sure how it will affect the functionality of the Kiwi Syslog Web Access (9.5) service edition - if any.

 

 

CA Security Council | The Web Is Moving From HTTP to HTTPS

 

Google Security Alert: How to Be Trusted in 2017

Forward Event Viewer subscriptions with Event Log Forwarder for Windows

March 8, 2017, 1:45 pm

≫ Next: Kiwi Syslog - Maximum request length exceeded.

≪ Previous: Insecure (non https) and Chrome warning

$

0

0

Has anyone been able to forward subscribed events (from other machines) to Kiwi Syslog server using Event Log Forwarder for Windows? I am trying to setup a single point to collect events to be forwarded to our syslog server.

 

I setup a test and subscribed to events from another machine to be placed in the Windows Logs -> Application. I see the forwarded events in Windows Event Viewer, but when viewing the "preview of matching event records" (Event Log Forwarder for Windows) I only see the events sources from the computer running the event log forwarder. (see the attached screenshot)

 

Thanks!

 

Jeremy

Kiwi Syslog - Maximum request length exceeded.

September 17, 2018, 1:26 pm

≫ Next: Log forwarder fail to start on windows server 2012

≪ Previous: Forward Event Viewer subscriptions with Event Log Forwarder for Windows

$

0

0

When using an Events filter, I get the following return (see below).  My Kiwi Syslog is running on a virtual 2012 R2 standard (64bit). In an attempt to resolve the error, I have followed advice to increase the maximum size to 4MB but to no avail.  Any thoughts?

 

Exception of type  'System.Web.HttpUnhandledException' was thrown.

Status Code: 500

 

 

System.Web.HttpUnhandledException:
Exception of type 'System.Web.HttpUnhandledException' was thrown. --->
System.Web.HttpException: Maximum request length exceeded.
at System.Web.HttpRequest.GetEntireRawContent()
at System.Web.HttpRequest.FillInFormCollection()
at System.Web.HttpRequest.get_Form()
at System.Web.HttpRequest.get_HasForm()
at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull)
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,
Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace
---
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,
Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean
includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.events_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)

---

Log forwarder fail to start on windows server 2012

July 7, 2015, 1:27 pm

≫ Next: LOG FORWARDER 2012 server DOES NOT FORWARD EVENTS

≪ Previous: Kiwi Syslog - Maximum request length exceeded.

$

0

0

Hi

 

today i installed the log forwarder on a windows server 2012 machine but i am facing the following error:

 

after the installation, it seems that the log forwarder agent doesn't want to start (also the console seems to be unresponsive)

and if i try to start manually the log forwarder agent service, i receive a message box that informs me that :''the solarwinds event forwarder for windows service, started and than stopped. some services stops automatically if they are not used by any program or service''

 

did you ever faced something like this?

how do i have to procede?

 

thanks a lot

LOG FORWARDER 2012 server DOES NOT FORWARD EVENTS

June 29, 2017, 4:06 am

≫ Next: Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)

≪ Previous: Log forwarder fail to start on windows server 2012

$

0

0

We are using windows Server 2012 Standard version for Windows log forwarder but logs are not coming on Kiwi Syslog Server 9.6

Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)

February 6, 2013, 5:04 am

≫ Next: Kiwi Syslog Web Access Database Location

≪ Previous: LOG FORWARDER 2012 server DOES NOT FORWARD EVENTS

$

0

0

PROBLEM - pfSense syslogs for firewall event is split into two lines when it is sent to Kiwi syslog app.

 

Is there a way to edit configuration or parsing script to parse the pfSense event as one similar to what the Splunk app can do see link http://www.basementpctech.com/content/pfsense-log-analysis-splunk

 

I understand that this is a PFsense tcpdump/issue, but I have already tried changing link http://redmine.pfsense.org/issues/1938 without any luck, it just don't work, tried all combinations of changes without any luck.

 

Pfsense version = 2.0.1-RELEASE, (amd64) , built on Mon Dec 12 18:16:13 EST 2011 ,FreeBSD 8.1-RELEASE-p6

 

I would really appreciate any help with this, as I have already exhasted searching for a working soloution using Kiwi Syslog, and the only thing holding me back from purchasing this application.

 

Appreciate any help on this..........

 

 

Example from Kiwi Syslog

 

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb  6 13:01:37 pf: <009>  Client-Ethernet-Address 00:50:56:9d:53:fc [|bootp]

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb  6 13:01:37 pf:     10.x.x.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:56:9d:53:fc, length 313, xid 0xf7d8ecbb, secs 3328, Flags[bcast]

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb  6 13:01:37 pf: 00:00:08.003040 rule 1/0(match): block in on em0: (tos 0x0, ttl 128, id 12646, offset 0, flags [none], proto UDP (17), length 341)

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb  6 13:01:37 pf: <009>  Client-Ethernet-Address 00:xx:56:9d:53:fc [|bootp]

Kiwi Syslog Web Access Database Location

May 20, 2016, 4:23 am

≫ Next: Kiwi Syslog advantages over PRTG syslog

≪ Previous: Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)

$

0

0

Hello,

  We are looking to find the Windows file/folder location for where the Kiwi Syslog Web Access is pulling its records from?

  We currently save events to the syslogd/logs location, as well as a SQL database.  But when we setup in the Kiwi Syslog Console Service Manager to send forwarded events to the 'Log to Kiwi Syslog Web Access', we cannot find where it stores those records?

Thanks,

Mark

Kiwi Syslog advantages over PRTG syslog

September 15, 2016, 1:10 pm

≫ Next: syslog server service will not stay running

≪ Previous: Kiwi Syslog Web Access Database Location

$

0

0

Hi guys, my boss has asked me to consider moving our syslogging services to PRTG syslog. I am very happy with Kiwi Syslog and don't want to migrate.

I want to come up with a  list of reasons why this is not a good idea i.e. what things KiwiSyslog does better.
Can someone who is familiar with both of these packages assist me.

Thanks kindly for any help.

syslog server service will not stay running

February 17, 2017, 2:42 pm

≫ Next: Kiwi Syslog Server v9.6.0/9.6.1 need ".NET Framework 4.0" ?

≪ Previous: Kiwi Syslog advantages over PRTG syslog

$

0

0

I had this the syslog server on a 2003 box - moved to 2012 R2 and the service will not stay running - anyone have any ideas or have run into this issue?

Kiwi Syslog Server v9.6.0/9.6.1 need ".NET Framework 4.0" ?

June 14, 2017, 10:04 pm

≫ Next: Which logs are important when finding intruders?

≪ Previous: syslog server service will not stay running

$

0

0

I tried to install v9.6.1 on Windows Server 2008 R2.

I had already installed ".NET Framework 3.5 SP1" on this system.

 

 

When I executed v9.6.1 installer, I got the following message.

----------------------

Kiwi Syslog Server 9.6.1 Installer

Microsoft .Net Framework 4.0 is not installed on this system

[OK]

----------------------

 

I can not install v9.6.1.

I got the same message, when I tried to install v9.6.0.

 

SolarWinds discribed the System Requirements as below:

NET Framework: .NET Framework 3.5 SP1

 

http://www.kiwisyslog.com/kiwi-syslog-server

https://support.solarwinds.com/Success_Center/Kiwi_Syslog_Server/Kiwi_Syslog_Server_Installation_Guide/020_System_requirements_for_Kiwi_Syslog_Server

http://www.solarwinds.com/ja/kiwi-syslog-server#requirements

 

 

 

Question:

Do Kiwi Syslog Server v9.6.0/9.6.1 need  ".NET Framework 4.0" or Higher?

 

 

Best Regards,

---

Which logs are important when finding intruders?

May 15, 2018, 5:10 am

≫ Next: Kiwi Syslog Server collect administrator log gdpr

≪ Previous: Kiwi Syslog Server v9.6.0/9.6.1 need ".NET Framework 4.0" ?

$

0

0

Hi!

If there would be an intruder due to a virus, a network attack or anything else. Which logs are important to forward to the Syslog Server, so we can see what they have done? For example, if they tried to install a program, to open a network port, disabled the firewall etc.

 

Thanks in advance!

Kiwi Syslog Server collect administrator log gdpr

October 6, 2018, 8:23 am

≫ Next: sys log server errors "FormatMessage failed with 1815" help please!!

≪ Previous: Which logs are important when finding intruders?

$

0

0

Is there a way to collect access logs from a local machine and other machines regarding administrative access and generate a report for GDPR?

sys log server errors "FormatMessage failed with 1815" help please!!

April 8, 2015, 2:19 pm

≫ Next: Kiwi Syslog Server Log Location won't change.

≪ Previous: Kiwi Syslog Server collect administrator log gdpr

$

0

0

Good day Community,

 

I am experiencing an urgent issue. The sys log server forwarder is forwarding the following message to the KIWI sys log server. The actual security logs are showing the correct information, however the message below is being showed. I thought it was the server, but wen I added another sever to forward security logs, I am getting the same message as shown below.

 

Can anyone who have encountered this message or know how to resolve this issue. The security logs are on the server and I can view them using event viewer properly and audit logs are reflecting fine.

 

I would really appreciate your humble assistance or comments.

 

 

 

Apr 08 14:36:34 CASSIOPEIA1.carimed.local MSWinEventLog 5 Security 495 Wed Apr 08 14:36:33 2015

4624 Microsoft-Windows-Security-Auditing N/A Audit Success CASSIOPEIA1.carimed.local 12544

The description for Event ID 4624 from source Microsoft-Windows-Security-Auditing cannot be

found. Either the component that raises this event is not installed on your local computer or

the installation is corrupted. You can install or repair the component on the local computer.If

the event originated on another computer, the display information had to be saved with the

event.The following information was included with the event: S-1-0-0. FormatMessage failed with

error 1815, The specified resource language ID cannot be found in the image file.

Kiwi Syslog Server Log Location won't change.

September 17, 2012, 10:44 am

≫ Next: Does Kiwi Syslog Server Support Receiving Syslog over TCP via RFC3195

≪ Previous: sys log server errors "FormatMessage failed with 1815" help please!!

$

0

0

Hey all,

 

I have recently taken over a sys admin position, and am required to move the location of the Kiwi Syslog Server logs to another file location. I have never used it prior.  However, I can't seem to move the file.

 

Kiwi Syslog Server 9.2.1 (Free version.)

Windows Server 2003 SP2 (WORKGROUP)(VM)

 

Current configuration:

Log to Log File

Path and file name:  C:\Program Files\Syslogd\Logs\SyslogCatchAll.txt

 

If I test the configuration, I can see the test messages in the location noted about.  However, after I apply the settings, the older location (a CIFS share) continues to receive the actual syslogs of the devices we monitor.

 

There are three local users, all of which show the same configuration.

 

I have tried deleting and recreating the Log to Log File rule.  No change.

I have tried starting and stopping the service.  No change.

I have tried exporting the system settings, and then reimporting them.  No change.

I have tried searching the registery for the old location.  Nothing found.

 

I have two theories.

1.  The settings are locked for some reason.

2.  The settings are stored somewhere else.

 

Any help would be great.

 

Thanks,

 

Aaron

Solarwinds Padawan

Does Kiwi Syslog Server Support Receiving Syslog over TCP via RFC3195

September 24, 2014, 2:45 pm

≫ Next: Event Log Forwarder - Where is the Audit Failure Type?

≪ Previous: Kiwi Syslog Server Log Location won't change.

$

0

0

We are currently trying to migrate all UDP senders of syslog to TCP.  Our fortigate security appliances only support the RFC 3195 standard for syslog over TCP.  syslog-ng does not support this and rsyslog says that they support RFC 3195, but it is not working.  Please, any assistance with this request would be appreciated.  Running syslog with UDP is no longer an option.

 

Thanks in advance.