How do you detect specific clients that have not sent syslog messages to the server in a specified amount of time?
How to detect clients that stop sending Syslog messages to the server
Going insane with Kiwi Syslog
Trying to find any reason to continue with Kiwi Syslog.
So here's where I'm at:
Barracuda Firewall configured as 192.168.1.1 sending UDP 514 messages to my machine 192.168.4.107 (yes they can ping each other). Configured Kiwi to listen on UDP 514.
I've confirmed that the messages are being received:
I've confirmed that UDP port 514 is open:
If I don't bind the address, I can send and receive text messages but it doesn't log actual traffic.
If I do bind the address, I still don't receive messages. (I get no errors in the error log either way)
I tried Kiwi SyslogGen and it says "Message Sent OK" but it also says "0 messages sent" so I don't know what it's trying to say.
It seems like it's sending messages but Kiwi doesn't receive them. I've adjusted target/source addresses and still nothing.
I tried adding a firewall rule to enable the traffic but it still didn't work so I turned off my firewall completely and still nothing.
I rebooted, tried again, reinstalled Kiwi, tried again and it's still not receiving messages.
I'm going crazy here. Any advice?
Cannot upgrade Syslog from Free to Trial Mode
I just installed Syslog 9.4 trial, and found there was no easy way to search the logs. Noticing this is more of the Web Access duties, I signed up for the trial. I received the new installer, and reinstalled Syslog Eval, bit Syslog continues to come up as Free, and it will not send to the Web Access. When I select the Rule, it says it's not only available in the licensed version.
I tried installing over the existing, uninstalling the free version, deleting the syslogd directory... nothing works.
I got burned with Splunk, and do not want to buy this until I confirm it's going to work for me. Any ideas?
How to load-balance Kiwi Syslog servers
I've got a set of 3 Kiwi servers sitting behind an F5, which I *thought* would effectively load balance the incoming syslog volume (I'm seeing around 5-8million messages per hour, and we haven't really turned everything on yet).
The problem, I just discovered, is that F5 load balances based on connections, not messages/packets. So round robin isn't round robin since most of my sending systems are passing new messages (and therefore creating a connection) more than even the lowest "disconnect after" option on the F5 (which is 1 second).
So my first server is maxing out at about 5million MPH and 0% buffer, while server 02 gets 2million messages and 80% buffer, and server 03 gets barely anything at all.
Has anyone else tried this, and have you found a work around (it doesn't have to be an F5. I just need the ability to create a pool of Kiwi servers and have all the systems in my enterprise sending to ONE ip address.
Thanks!
- Leon
Scripting the creation of the ini file - set up flag/counter-timeout & time of day
Hi, we're using Syslog to monitor 10+ applications that each have 2-3 modules that need to be monitored. Currently they are feeding Syslog using log4net appenders sending syslog messages. The thing I want to do is NOT have to manually set up the rules and their filters and actions. I want to run a script that will create all that for me based on a couple of parameters and a static config. I've figured out how to do most of what I need but I haven't figured out how to set the
Flag/Counter Timeout values which generally look like this (looking to see how to set L01):
R005-F003-L01=041006000000001
R005-F003-L02=1x in 15 min
R005-F003-L03=1
R005-F003-L04=15
And the Time Of Day values (looking to see how to set L01 & L03):
R005-F004-L01=030705000000001
R005-F004-L02=M-F 8am
R005-F004-L03=00000000000000000000000000000000000000000000000000000000000000003E000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Any information is appreciated!
Thanks in advance!
Mike
Kiwi Syslog and Sonicwall Viewpoint log format are compatible?
There is some function on kiwi that I lost if I use sonicwall standard log format?
Problems w/ Kiwi Syslog
I am trying to get Kiwi Syslog Server functioning but have been banging my head all day. I am testing it in a very basic lab environment. Its a Verizon Fios wireless router (with buil-in switch). I have an esxi host plugged into the Verizon router. I have a WIndows 2012 VM running with Kiwi installed. I am soimply looking to catch syslog messaged from the Fios router. I have configured the Fios router to send the messages to the IP of my syslog server. The Kiwi service is definitely started but I receive no messages. I downloaded the message generator and installed it directly on the syslog server. I generate a test message UDP port 514 to loopback address 127.0.0.1. It says the message was sent ok but it never displays in the kiwi console.
All settings are default. I also tried binding the IP of the NIC to the UDP config under Setup>Inputs. I am new to Server 2012 so maybe I am missing something., Oh I also made sure the Windows Firewall is OFF.
Any help you can provide will be much appreciated
Warm Regards,
Ed
Kiwi Syslog Web Access
Hi, I am new to Kiwi Syslog and I keep coming up with the attached error when installing the web access component.
I have upgraded Syslog Server to 9.4.1 and can't seem to get this going. I don't know if it was ever working to begin with.
When I try and go to http://localhost:8088 I get an error that "The resource cannot be found".
Is there any pre requisites that need to be pre installed on the server for web access to run? We have it running on Windows Server 2008 R2 Ent. SP1
Kiwi Syslog 9.4 - Daily Syslog statistics for 24 hour period - Email Problem
Hi,
We are using the Free Version of Kiwi Syslog, i noticed after we upgraded to 9.4 last Wednesday, the Host names not showing in the top 25 host list. All blank now.
Thanks!
/// Kiwi Syslog Server Statistics ///
---------------------------------------------------
24 hour period ending on: Fri, 20 Dec 2013 00:00:42
Syslog Server started on: Thu, 19 Dec 2013 12:06:35
Syslog Server uptime: 11 hours, 53 minutes
---------------------------------------------------
+ Messages received - Total: 27
+ Messages received - Last 24 hours: 27
+ Messages received - Since Midnight: 0
+ Messages received - Last hour: 2
+ Message queue overflow - Last hour: 0
+ Messages received - This hour: 0
+ Message queue overflow - This hour: 0
+ Messages per hour - Average: 2
+ Messages forwarded: 0
+ Messages logged to disk: 0
+ Errors - Logging to disk: 0
+ Errors - Invalid priority tag: 0
+ Errors - No priority tag: 0
+ Errors - Oversize message: 0
+ Disk space remaining on drive C: 895955 MB
---------------------------------------------------
Breakdown of Syslog messages by sending host
+--------------------------+------------+------------+
| Top 25 Hosts | Messages | Percentage |
+--------------------------+------------+------------+
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
| | 0 | 0.00% |
+--------------------------+------------+------------+
Breakdown of Syslog messages by severity
+--------------------+------------+------------+
| Message Level | Messages | Percentage |
+--------------------+------------+------------+
| 0 - Emerg | 0 | 0.00% |
| 1 - Alert | 0 | 0.00% |
| 2 - Critical | 0 | 0.00% |
| 3 - Error | 0 | 0.00% |
| 4 - Warning | 0 | 0.00% |
| 5 - Notice | 0 | 0.00% |
| 6 - Info | 0 | 0.00% |
| 7 - Debug | 0 | 0.00% |
+--------------------+------------+------------+
Custom statistics
-----------------
CustomStats01: 0
CustomStats02: 0
CustomStats03: 0
CustomStats04: 0
CustomStats05: 0
CustomStats06: 0
CustomStats07: 0
CustomStats08: 0
CustomStats09: 0
CustomStats10: 0
CustomStats11: 0
CustomStats12: 0
CustomStats13: 0
CustomStats14: 0
CustomStats15: 0
CustomStats16: 0
End of Report.
SDEE compatibility with Kiwi Syslog Server
Dear all,
As far as I know, the Kiwi Syslog Server won't support the SDEE packets generated by Cisco IPS before the version 9.1.0
However, until launching this version, does anyone have any idea how to collect the SDEE packets from the Cisco IPS and convert them to syslog packets in order to be saved under the Kiwi Syslog Server?
Thank you
Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)
PROBLEM - pfSense syslogs for firewall event is split into two lines when it is sent to Kiwi syslog app.
Is there a way to edit configuration or parsing script to parse the pfSense event as one similar to what the Splunk app can do see link http://www.basementpctech.com/content/pfsense-log-analysis-splunk
I understand that this is a PFsense tcpdump/issue, but I have already tried changing link http://redmine.pfsense.org/issues/1938 without any luck, it just don't work, tried all combinations of changes without any luck.
Pfsense version = 2.0.1-RELEASE, (amd64) , built on Mon Dec 12 18:16:13 EST 2011 ,FreeBSD 8.1-RELEASE-p6
I would really appreciate any help with this, as I have already exhasted searching for a working soloution using Kiwi Syslog, and the only thing holding me back from purchasing this application.
Appreciate any help on this..........
Example from Kiwi Syslog
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:50:56:9d:53:fc [|bootp]
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 10.x.x.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:56:9d:53:fc, length 313, xid 0xf7d8ecbb, secs 3328, Flags[bcast]
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 00:00:08.003040 rule 1/0(match): block in on em0: (tos 0x0, ttl 128, id 12646, offset 0, flags [none], proto UDP (17), length 341)
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:xx:56:9d:53:fc [|bootp]
Syslog Manager fails to start on win 8.1
syslog_manager.exe 9.4.0.1 will not open correctly on windows 8.1. The process starts and can be seen in task manager, but closes a few second later. No GUI is seen at all not even the splash screen or the notification area icon.
there are no logs inside:
C:\Program Files (x86)\Syslogd\Dated logs
C:\Program Files (x86)\Syslogd\Logs
i tried calling (Service – Debug start-up: www.kiwisyslog.com/help/syslogd7/index.html?adv_reg_servicedebugstart_up.htm):
syslog_manager.exe DEBUGSTART
syslog_manager.exe /DEBUGSTART
syslog_manager.exe -DEBUGSTART
syslog_manager.exe --DEBUGSTART
but still no log or debug log files are created in the C:\Program Files (x86)\Syslogd directory or any of its sub directories.
i checked the window event log and found the same four error reoccurring every time the syslog_manager.exe is started up
==============================
Error 1
==============================
Fault bucket -339880763, type 1
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: Syslogd_Manager.exe
P2: 9.4.0.1
P3: 5256d7ac
P4: StackHash_4527
P5: 0.0.0.0
P6: 00000000
P7: c000041d
P8: PCH_1C_FROM_actskn43+0x00014197
P9:
P10:
Attached files:
C:\Users\user\AppData\Local\Temp\WER7A1F.tmp.WERInternalMetadata.xml
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Syslogd_Manager._1c26be14be8bc7e884ee84c763454f0becaea_d6be21d2_0a3f7cfe
Analysis symbol:
Rechecking for solution: 0
Report ID: 89cea6aa-4b23-11e3-befa-001b63a57b6a
Report Status: 0
Hashed bucket: ee82e4cf87c028d8fde4d29d457939f8
==============================
Error 2
==============================
Faulting application name: Syslogd_Manager.exe, version: 9.4.0.1, time stamp: 0x5256d7ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x040705b8
Faulting process ID: 0xbe0
Faulting application start time: 0x01cedf304b48bb7b
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Manager.exe
Faulting module path: unknown
Report ID: 89cea6aa-4b23-11e3-befa-001b63a57b6a
Faulting package full name:
Faulting package-relative application ID:
==============================
Error 3
==============================
Fault bucket 50, type 5
Event Name: BEX
Response: Not available
Cab Id: 0
Problem signature:
P1: Syslogd_Manager.exe
P2: 9.4.0.1
P3: 5256d7ac
P4: StackHash_f2c9
P5: 0.0.0.0
P6: 00000000
P7: PCH_3D_FROM_ntdll+0x0003C1AC
P8: c0000005
P9: 00000008
P10:
Attached files:
C:\Users\user\AppData\Local\Temp\WER7676.tmp.WERInternalMetadata.xml
These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Syslogd_Manager._4bac366436d77f4150a9f635e3ff4264d568c57d_d6be21d2_070f7973
Analysis symbol:
Rechecking for solution: 0
Report ID: 893e635c-4b23-11e3-befa-001b63a57b6a
Report Status: 0
Hashed bucket: 18c71da6583848b95798fbf0fc6b19c1
==============================
Error 4
==============================
Faulting application name: Syslogd_Manager.exe, version: 9.4.0.1, time stamp: 0x5256d7ac
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x040705b8
Faulting process ID: 0xbe0
Faulting application start time: 0x01cedf304b48bb7b
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Manager.exe
Faulting module path: unknown
Report ID: 893e635c-4b23-11e3-befa-001b63a57b6a
Faulting package full name:
Faulting package-relative application ID:
Log Forwarder for Windows (available to all Kiwi customers on maint)
What it does:
Log Forwarder for Windows allows you to forward Windows events as Syslog to your Kiwi Syslog Server
- Works on Windows XP, 2003, Vista, and 2008 (32-bit or 64-bit)
- Provides .MSI version for silent installs, allowing use with remote software distribution systems (e.g., Microsoft SMS)
- Enables definition of filters that describe which events are forwarded
How to get it:
If you download the Kiwi Syslog Server 9.0 from your customer portal, you will see there is an additional Log Forwarder executable included with your download. The Log Forwarder for Windows was developed by the Kiwi Syslog team. It is available at no cost to Kiwi Syslog customers current on maintenance.
Try it out and let us know what you think!
Syslog Message Logging to MYSQL DB
I am new to kiwi syslog server. Configured kiwi syslog server with default fields to log messages to MYSQL DB and working fine.
But I wish to parse the message and log to MYSQL DB using custom fields. I dont have any knowledge about scripting.
Sample log is shown below. Each field is separated by a single space character. The message content is highlighted in red.
2012-09-01 10:37:14 Local6.Warning HQ-IPS-01 DefensePro: 01-04-2012 19:49:25 WARNING 300000 Intrusions "BO-WINXP" TCP ACCTS-C-PC1 1607 ACCTS-C-PC2 80 3 Regular "DMZ-Policy" occur 1 0 N/A 0 N/A low drop FFFFFFFF-FFFF-FFFF-0001-00004F7B1BE5
Only the following things needs to be extracted and logged to DB.
MsgDate: 2012-09-01
MsgTime: 10:37:14
MsgHostname: HQ-IPS-01
AttackId: 300000
AttackType: Intrusions
AttackDesc: BO-WINXP
AttackSrc: ACCTS-C-PC1
AttackDst: ACCTS-C-PC2
The number of such logs that needs parsing by the script will be more.
Request provide me guidance in configuring this.
Any help on this would be greatly appreciated!
Thanks all...
kiwi vs orion syslog
What is the differencse between the two? Do i need both running? Can i have both running on the same box? Currently i have both installed on the same box. the orion syslog is running but the kiwi gives error messages like "Unable to open UDP socket on port 514" or "Registered action was found in settings and disabled"
TIPS HOW TO - Kiwi Syslog Web Server with SSL and IIS 7
HI all,
My first post, i wish to share you some tips i found.
My main goal was to have access to the kiwi web site working with SSL...
But looking at Cassinni Web Server, it wasn't possible.
After searching more on this forum I found a post about a Rewriting Module with Apache ; so why dont we do it with IIS ?
Here we go !
Setup
- Win 2008 R2 , IIS 7 (with auth modules etc ...) , at least a working SSL certificate for the HTTPS listener (this post will not cover how PKI works, certs installation etc .... sorry).
- We will use the ARR 2.0 module x64 for IIS... See References at bottom for DL link, install it.
- A running Kiwi Syslog Server and the Web Access working on port 8088. Access via a browser works on this port.
Goal
- Enable the rewrite/proxy module in IIS
- Create a new IIS Web Site with HTTPS Listener on TCP Port 8090
- Create a rule to rewrite requests from 8090 to 8088
- When connecting on https://server:8090 , we would see Kiwi Web page.
HOW TO
1. Enabling the rewrite module
"C:\Windows\System32\inetsrv\appcmd.exe" set config -section:system.webServer/proxy /enabled:"True" /commit:apphost
2. New Site creation
set syslogwebdir=c:\inetpub\syslog
set syslogsitename=SYSLOG
"C:\Windows\System32\inetsrv\appcmd.exe" add site /name:"%syslogsitename%" /id:15 /bindings:https/*:8090: /physicalPath:"%syslogwebdir%"
3. Attach the SSL Certificate to the Binding 8090
3.1 With batch/cmd line(copy/past to a BAT file)
set CERTHASH=EnterYourHashHere
netsh http add sslcert ipport=0.0.0.0:8090 certhash=%CERTHASH% appid={00000000-0000-0000-0000-000000000000}
3.2 With IIS Manager (if you don't know where to read Hash Certificate).
-Right Click on SYSLOG site, modify Bindings.
-Select https 8090 * Listener > Modify.
-On the "box" SSL Certificate, choose your certificate for the server.
-"OK"
4. Create the rule (copy/past to a BAT file)
set syslogsitename=SYSLOG
set syslogrulename="Rewrite to Kiwi localhost 8088"
:: Rewrite Rule creation
"C:\Windows\System32\inetsrv\appcmd.exe" set config "%syslogsitename%" -section:system.webServer/rewrite/rules /+[name='%syslogrulename%']
:: Rule Parameters (one line)
"C:\Windows\System32\inetsrv\appcmd.exe" set config "%syslogsitename%" -section:system.webServer/rewrite/rules /[name='%syslogrulename%'].action.type:"Rewrite" /[name='%syslogrulename%'].match.url:"(.*)" /[name='%syslogrulename%'].action.url:"http://localhost:8088/{R:1}"
5. End
Test with your browser https://localhost:8090/
Now you can access from an "admin desktop" to this new SSL web site ...
Configure your firewalls to forbid access on port 8088 to this server (or/and configure the internal Windows Firewall of this server to allow only Localhost connection on 8088).
6. Refs Used
http://learn.iis.net/page.aspx/489/using-the-application-request-routing-module/
---
At the beginning i was thinking to use http://mysite/syslog/ as a virtual directory, but I got some troubles with events.aspx and the rewrite module.
Inbound Rules was OK ; But Outbound Rules to rewrite URLS were not working as expected ; and filters in Kiwi were not working anymore.
That's why i decided to create a new site on another binding, with a root site ; so don't need to create Outbound Rules ...
---
Sorry for my English ... i'm french :)
Kiwi Syslog not displaying Cisco ASA 5505 syslogs
I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.
I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.
I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.
I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.
Any ideas?
Kiwi Syslog Server High CPU Utilization - Messages Seem to be behind
The CPU on my Kiwi Syslog Server is Pegged. Here is the Diagnostic info file from the server.
Kiwi Syslog Server [Registered] Version 9.0.3
/// Kiwi Syslog Server Statistics ///
---------------------------------------------------
24 hour period ending on: Wed, 08 Sep 2010 14:44:34
Syslog Server started on: Wed, 08 Sep 2010 13:37:39
Syslog Server uptime: 1 hour, 7 minutes
---------------------------------------------------
+ Messages received - Total: 1098753
+ Messages received - Last 24 hours: 1098753
+ Messages received - Since Midnight: 1098753
+ Messages received - Last hour: 996804
+ Message queue overflow - Last hour: 416654
+ Messages received - This hour: 101949
+ Message queue overflow - This hour: 12336
+ Messages per hour - Average: 996804
+ Messages forwarded: 769810
+ Messages logged to disk: 1194581
+ Errors - Logging to disk: 0
+ Errors - Invalid priority tag: 0
+ Errors - No priority tag: 2
+ Errors - Oversize message: 309
+ Disk space remaining on drive E: 41554 MB
Breakdown of Syslog messages by severity
+--------------------+------------+------------+
| Message Level | Messages | Percentage |
+--------------------+------------+------------+
| 0 - Emerg | 0 | 0.00% |
| 1 - Alert | 2753 | 0.25% |
| 2 - Critical | 496 | 0.05% |
| 3 - Error | 5745 | 0.52% |
| 4 - Warning | 103603 | 9.43% |
| 5 - Notice | 42938 | 3.91% |
| 6 - Info | 775902 | 70.62% |
| 7 - Debug | 167316 | 15.23% |
+--------------------+------------+------------+
Custom statistics
-----------------
CustomStats01: 0
CustomStats02: 0
CustomStats03: 0
CustomStats04: 0
CustomStats05: 0
CustomStats06: 0
CustomStats07: 0
CustomStats08: 0
CustomStats09: 0
CustomStats10: 0
CustomStats11: 0
CustomStats12: 0
CustomStats13: 0
CustomStats14: 0
CustomStats15: 0
CustomStats16: 0
End of Report.
DNS Cache size 20000
DNS Cache entries 2
Entries in queue 0
DNS Cache hits 0
DNS Cache misses 0
DNS Cache TTL 1440 minutes
Total DNS Lookups 0
Successful cache hits 0%
IP Address Hostname TTL (minutes)
127.0.0.1 localhost Static
::1 localhost Static
Message Buffer Information
==========================
Message Queue Max Size: 20000
Message Queue overflow: 428990
Message Count: 19932
Message Count Max: 20000
Percentage free: 1
E-mail Buffer Information
==========================
Message Queue Max Size: 1000
Message Queue overflow: 0
Message Count: 0
Message Count Max: 13
Percentage free: 100
Kiwi Syslog Server has delay from the time it receives a syslog to the time it emails a message
We are running Kiwi Syslog Server v. 9.3.0.
We are sending syslogs from about 45 Cisco devices to this server. We have a filter setup to identify any Emerg, Alert, Crit, Error, Warn, or Notice logs. We then setup an action for it to email the network administrators anytime any of these are received by Kiwi.
The problem we are having is as follows:
- Cisco device generates a log record and sends it to Kiwi.
- The time stamp on the log shows 09:29:19 EDT. If you have the Syslog Service Manager up, you will see it arrive real time.
- We receive an email notification from Kiwi at 16:16 EDT.
We've logged into the cisco device in question and have done a "show clock" and confirmed that date and time are accurate.
We've confirmed the time is accurate on the server we have Kiwi installed on (Windows Server 2003 Stanadard x64 Edition w/ SP2, 2.04GB ram).
Looking in the bottom right corner of Kiwi Syslog Service Manager, we can see the time and date are accurate.
In addition, all Cisco devices and Windows servers point to our NTP server to ensure clocks stay sync'd.
Why are we having such a huge delay from the time Kiwi receives a log record to the time it sends us an email notification?
Kiwi Syslog not capturing syslogs
Installed Kiwi Syslog Free version 9.3.4 on Windows Server 2008 R2. Trying to capture syslog from a Cisco ASA 5510. I have confirmed that the syslog events are hitting the server with Wireshark. Nothing is coming through to Kiwi Syslog. Current settings are all default. No filters in place. Not sure what is wrong as I can see the syslog messages coming through Wireshark. Any ideas as to why the syslog messages are not being seen by Kiwi?