Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

kiwi syslog server 9.6.6.1 service automaticaly stopped

December 23, 2018, 11:28 pm
$
0
0

my company has the kiwi syslog server v 9.6.6.1 and today my kiwi automaticaly stopped. i received in application event viewer message

 

Application: Syslogd_Service.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.IndexOutOfRangeException

Stack:

   at SolarWinds.SyslogServer.Engine.NetworkingDeamon.ProcessTcpMessage(System.Net.Sockets.TcpListener, System.Text.Encoding, System.Collections.Generic.List`1<System.String>)

   at SolarWinds.SyslogServer.Engine.NetworkingDeamon+<>c__DisplayClass11.<ReinitTcp>b__d()

   at SolarWinds.SyslogServer.Engine.Implementation.WatcherThread.<.ctor>b__0()

   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ThreadHelper.ThreadStart()

and

Faulting application name: Syslogd_Service.exe, version: 9.6.6.1, time stamp: 0x5c013768

Faulting module name: KERNELBASE.dll, version: 6.3.9600.19178, time stamp: 0x5bc10573

Exception code: 0xe0434352

Fault offset: 0x00015ef8

Faulting process id: 0x%9

Faulting application start time: 0x%10

Faulting application path: %11

Faulting module path: %12

Report Id: %13

Faulting package full name: %14

Faulting package-relative application ID: %15

 

what i do?

Search

How to detect clients that stop sending Syslog messages to the server

January 29, 2013, 7:28 am
$
0
0

How do you detect specific clients that have not sent syslog messages to the server in a specified amount of time?

Collect DHCP events from Windows DHCP server

November 26, 2016, 2:39 am
$
0
0

Hello,

 

Could you please tell me how to transfer all DHCP events (from a standard Windows 2012 DHCP server) to syslog ?

 

Thanks in advance for your help

Syslog solution (New*) Log Manager for Orion or (old)Kiwi Syslog.

July 9, 2018, 12:12 am
$
0
0

Dear Thwack experts,

 

Our WAN is spread across 500 sites, connected via 5  Datacenters, Most are VPN connections btw Sites and DC's ,but few still have slow paced connections.

For NPM, We are planning to build our HA solution across DC1 and DC2, and will use APE at DC3,DC4 & Dc5, So that each polling engine can poll the devices at connected remote site.

 

Now speaking about Syslog monitoring Requirement, We felt Log manager for Orion has  lot  more feature , But may not fit into our environment.

 

Discussion points:

-In our case, Device at remote site, need to send syslog message to the centralized solution

 

1)Kiwi have below solution:
Kiwi Secure Tunnel receives, compresses, and securely transports, syslog messages from distributed network devices to the Kiwi Syslog Daemon.

 

Does Log manager for Orion can be used here.??

 

2) Kiwi also store the syslog and trap messages into Microsoft® SQL Server , Apart from Log tagging, how different can Log manager can help to our operations team,, any comparison between KIWI and LM would be more helpful

 

( please correct me, if I am wrong some where)

How to create filter in kiwi syslog web access to filter only windows logon events

April 21, 2015, 9:23 pm
$
0
0

Dear All,

I want to create filter in syslog server to view the windows logon and logoff (event logs).

 

Please help me to create the filter.

AutoSplit value based on Policy name

June 1, 2017, 2:38 am
$
0
0

My goal is to have diferent log files which names are unique for each policy name. Is this possible?

 

Path and filename of log file:

D:\KIWI\Logs\Syslog-%PolicyName.txt

 

Syslog message:

source-address="10.18.100.100" source-port="62394" destination-address="10.17.200.100" destination-port="443" policy-name="263" source-zone-name="Trust" destination-zone-name="Untrust"

 

How should I define  %PolicyName?

Kiwi Syslog not receiving any message

October 2, 2014, 5:44 am
$
0
0

Hello,

 

I just installed Syslog on a Windows 8 VM (ESXi 5.5).

However... I don't received any message from the router (Cisco RV042G) I want to log.

 

I tried the generic troubleshhoting :

• Check network connectivity by pinging from the sending device to the Syslog Server machine  => OK
• Check only one instance of Kiwi Syslog Server is running (Ctrl-Shift-Esc to get the task-list) => OK, only one
• Disable any personal firewall software such as ZoneAlarm or BlackIce => Disabled

• Use a sniffer to check if messages from the routing are reaching the PC => Yes, I can see them
• Check DNS resolution is working as expected by pinging a hostname from the Command Prompt => OK
• Check that there is a "Display" action setup for the facility and level you are expecting to receive messages on. => OK
• Send a test message to yourself by pressing Ctrl+T => Displayed
• Download a copy of the Free Syslog Server Message Generator (SyslogGen) from: www.kiwisyslog.com/downloads => Done
• Install SyslogGen and set it to send a message every second to the address 127.0.0.1 (local host). => Not displayed, and I don't see them in a local packet capture.
• Try sending messages with SyslogGen from another machine to the host running the Syslog Server => Not displayed, but see them on a packet capture (on Syslog PC)

 

Do you have any idea about the cause of this issue ?

 

Thanks in advance for your help.

High availability solution available for Kiwi Syslog server

November 14, 2018, 1:24 am
$
0
0

How can we design Kiwi syslog server in High availability , Does it required cluster setup (or) Load balancer setting, or any in built  product HA capabilities available

Search

How to create filter in kiwi syslog web access to filter only windows logon events

April 21, 2015, 9:23 pm
$
0
0

Dear All,

I want to create filter in syslog server to view the windows logon and logoff (event logs).

 

Please help me to create the filter.

Kiwi Syslog not receiving any message

October 2, 2014, 5:44 am
$
0
0

Hello,

 

I just installed Syslog on a Windows 8 VM (ESXi 5.5).

However... I don't received any message from the router (Cisco RV042G) I want to log.

 

I tried the generic troubleshhoting :

• Check network connectivity by pinging from the sending device to the Syslog Server machine  => OK
• Check only one instance of Kiwi Syslog Server is running (Ctrl-Shift-Esc to get the task-list) => OK, only one
• Disable any personal firewall software such as ZoneAlarm or BlackIce => Disabled

• Use a sniffer to check if messages from the routing are reaching the PC => Yes, I can see them
• Check DNS resolution is working as expected by pinging a hostname from the Command Prompt => OK
• Check that there is a "Display" action setup for the facility and level you are expecting to receive messages on. => OK
• Send a test message to yourself by pressing Ctrl+T => Displayed
• Download a copy of the Free Syslog Server Message Generator (SyslogGen) from: www.kiwisyslog.com/downloads => Done
• Install SyslogGen and set it to send a message every second to the address 127.0.0.1 (local host). => Not displayed, and I don't see them in a local packet capture.
• Try sending messages with SyslogGen from another machine to the host running the Syslog Server => Not displayed, but see them on a packet capture (on Syslog PC)

 

Do you have any idea about the cause of this issue ?

 

Thanks in advance for your help.

How to load-balance Kiwi Syslog servers

December 23, 2013, 12:31 pm
$
0
0

I've got a set of 3 Kiwi servers sitting behind an F5, which I *thought* would effectively load balance the incoming syslog volume (I'm seeing around 5-8million messages per hour, and we haven't really turned everything on yet).

 

The problem, I just discovered, is that F5 load balances based on connections, not messages/packets. So round robin isn't round robin since most of my sending systems are passing new messages (and therefore creating a connection) more than even the lowest "disconnect after" option on the F5 (which is 1 second).

 

So my first server is maxing out at about 5million MPH and 0% buffer, while server 02 gets 2million messages and 80% buffer, and server 03 gets barely anything at all.

 

Has anyone else tried this, and have you found a work around (it doesn't have to be an F5. I just need the ability to create a pool of Kiwi servers and have all the systems in my enterprise sending to ONE ip address.

 

Thanks!

- Leon

LOG FORWARDER 2012 server DOES NOT FORWARD EVENTS

June 29, 2017, 4:06 am
$
0
0

We are using windows Server 2012 Standard version for Windows log forwarder but logs are not coming on Kiwi Syslog Server 9.6

Deploying Kiwi Syslog server to NPM Environment

September 22, 2017, 7:22 am
$
0
0

Hello All,

 

I am planning to Deploy a Kiwi Syslog server to my NPM Environment.

 

We are planning to enable snmp traps and syslog messages to be sent from other tools to SolarWinds NPM hoping to have one alert dashboard focused on SolarWinds NPM.

 

I don't want to flood the polling engine and peg the processing power dealing will all the additional noise.

 

Instead the Kiwi Syslog server will process the items and forward the actionable items to the SolarWinds Server to be alerted and ticketed.

 

Any thoughts, concerns , or tips are appreciated.

 

Thank you,

Raymond

Administrator Password Missed; Other way to login

April 17, 2015, 2:56 am
$
0
0

Hi,

 

I have recently been handed over Kiwi Syslog server to manage which has both Fat Client and Web Server. Fat Client is directly logged in however Web console could not be logged in. When I checked regarding the password of "Administrator", I have been informed that resource handling it has left long ago and there is no one to tell.

 

Is there a way we can reset the password of Administrator or create a new user from Syslog Fat Client. I cant raise the request with Support as we do not have active maintanence.

 

Thanks,

Syed

Windows failed logins tracking

January 6, 2017, 11:19 am
$
0
0

Hi folks,

 

We currently have v9.5 running on a Windows 2012 R2 VM which is the loghost for our environment of approx. 60 systems. We use AD for authentication and I'm attempting to configure the logger to alert on multiple failed logins, however, nothing appears to be getting to the loghost from the DC, other than the previously configured items. I have been able to configure this successfully for our Linux VM's but no luck on the Windows side. My assumption is, the problem is between the keyboard and monitor

I've configured the Event Log Forwarder to send all things Microsoft Security to the loghost but having no luck. Has anyone done this successfully? What have I missed?

 

Thanks in advance.

 

Buddy

Search

Kiwi Syslog Server Web Access can't start

November 26, 2010, 4:44 am
$
0
0

Hello!

I install Kiwi Syslog Server & Web Access.

 Kiwi Syslog Server start and i see events from my devices, but when i start Kiwi Syslog Server Web Access its could not start:

"Kiwi Syslog WebAccess requires Kiwi Syslog Server to be online, but it is offline"

What's problem?

Version 9.2

Need to have log reporting from KIWI SYslog

December 7, 2018, 4:11 am
$
0
0

Hi All,

 

I need to configure logs reporting in my KIWI syslog application through my SMTP server as attachments into my email.

 

Please let me know , how to proceed.

 

 

Thanks

Srikant

Kiwi 9.6 and forwarding SNMP traps as Syslogs

March 4, 2017, 6:46 am
$
0
0

9.6 release notes....

 

"SNMP traps are now forwarded without changes. In previous versions, the SNMP trap was converted to a string and forwarded as a syslog messages, which could result in MAC addresses being displayed incorrectly."

 

I considered this conversion a feature, one that I need to pipe data into a system that can't receive traps.  Is this a setting in which I can choose how it gets forwarded (snmp/syslog)?  This conversion feature was a deciding factor in my Kiwi purchase last week. 

 

Thank you.

Forward syslog events to QRadar

January 13, 2016, 11:55 am
$
0
0

I'm trying to forward events from Kiwi Syslog to QRadar SIEM. 

 

In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected "Retain the original source address of the message"; clicked the Test button to verify the configuration and got a gree checkmark.

 

The test event was the only event received by the QRadar.  None of the events I'm forwarding have been received as incoming logs on QRadar.

 

I've tried this with and without adding the Kiwi Syslog servers as log sources in QRadar.

 

Do I need to install a universal DSM on the Kiwi Syslog servers?

Kiwi Syslog Server Web Access can't start

November 26, 2010, 4:44 am
$
0
0

Hello!

I install Kiwi Syslog Server & Web Access.

 Kiwi Syslog Server start and i see events from my devices, but when i start Kiwi Syslog Server Web Access its could not start:

"Kiwi Syslog WebAccess requires Kiwi Syslog Server to be online, but it is offline"

What's problem?

Version 9.2

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>