We are new to Kiwi Syslog and are just getting things configured. We are on version 9.6.1.6. One thing I immediately noticed is that running the "Check for update..." results in the following error: "An error occurred while checking for available software updates. Check internet connectivity or proxy server settings.".

We have no proxy server enabled. From the server with Kiwi Syslog, I have Internet connectivity via a browser with no problems.

From Kiwi's error log, I see the following line associated with the failed update: "Info: An error occurred while checking for available software updates. Moved Temporarily [20152] - Resource: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml". If I paste that URL into a browser, it returns the following:

<?xml version="1.0"?>

-<KiwiSyslogServerVersionManifest Version="1">

<CurrentVersion Version="9.6.1" Link="http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip" DateReleased="2017-05-01"> New in 9.6.1 update ------------------------------ * Kiwi Syslog Server no longer creates large SolarWinds.SyslogServer.Engine.log fileswhich consume significant disk space. * Kiwi Syslog Server diagnostic information shows the correct buffer usage for all types of messages * If you do not see a "Download Update" button below, copy and paste the following link into your browser to download: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip</CurrentVersion>

</KiwiSyslogServerVersionManifest>

I can then paste the .zip link it references into a browser and get the zip file to download (although it appears to be the same version we already have).

Has anyone experienced the same issue or know how to fix it?

Thanks!

↧

Forward syslog events to QRadar

January 13, 2016, 11:55 am

≫ Next: Encoding for Syslog Server Console?

≪ Previous: Kiwi Syslog "Check for update..." error

I'm trying to forward events from Kiwi Syslog to QRadar SIEM.

In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected "Retain the original source address of the message"; clicked the Test button to verify the configuration and got a gree checkmark.

The test event was the only event received by the QRadar. None of the events I'm forwarding have been received as incoming logs on QRadar.

I've tried this with and without adding the Kiwi Syslog servers as log sources in QRadar.

Do I need to install a universal DSM on the Kiwi Syslog servers?

↧

Encoding for Syslog Server Console?

February 18, 2015, 12:50 am

≫ Next: Kiwi syslog web profile

≪ Previous: Forward syslog events to QRadar

Hello,

I've setup my Kiwi Syslog Server to log to an Oracle Database. That worked, except that german umlauts (like ä, ö, ü) were not written to the DB correctly. (however, they showed up fine in the Server Console).

Therefore I changed the encoding for the UDP Input to UTF-8 wich results in fine database logs, but now umlauts in the server console as well as logfiles where displayed incorrect. I could get the logfile problem resolved by setting the LogFileEncodingFormat registry key to UTF-8 (65001). But the problem in the Server Console persists.

The weird thing is, changing the UDP input back to "System" encoding doesn't resolve the issue for the console.

↧

Kiwi syslog web profile

November 15, 2018, 10:05 am

≫ Next: kiwi syslog server 9.6.6.1 service automaticaly stopped

≪ Previous: Encoding for Syslog Server Console?

Hi guys

I'm new on this forum and I need your help , I'm using Kiwi syslog server version 9.6.5 , I create a lot of rules for group of the equipments that feed my syslog server(switch, servers , firewall..), and I have different stakeholders to whom I have to give access through Kiwi syslog web acces but I want to restrict access to the context that everyone have to had access !without giving access to all logs.

When we create users account on the console , there is no way to personalize profil to do that.

My question there is a way to do that?

Thanks

↧

kiwi syslog server 9.6.6.1 service automaticaly stopped

December 23, 2018, 11:28 pm

≫ Next: Need to have log reporting from KIWI SYslog

≪ Previous: Kiwi syslog web profile

my company has the kiwi syslog server v 9.6.6.1 and today my kiwi automaticaly stopped. i received in application event viewer message

Application: Syslogd_Service.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IndexOutOfRangeException
Stack:
   at SolarWinds.SyslogServer.Engine.NetworkingDeamon.ProcessTcpMessage(System.Net.Sockets.TcpListener, System.Text.Encoding, System.Collections.Generic.List`1<System.String>)
   at SolarWinds.SyslogServer.Engine.NetworkingDeamon+<>c__DisplayClass11.<ReinitTcp>b__d()
   at SolarWinds.SyslogServer.Engine.Implementation.WatcherThread.<.ctor>b__0()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

and

Faulting application name: Syslogd_Service.exe, version: 9.6.6.1, time stamp: 0x5c013768
Faulting module name: KERNELBASE.dll, version: 6.3.9600.19178, time stamp: 0x5bc10573
Exception code: 0xe0434352
Fault offset: 0x00015ef8
Faulting process id: 0x%9
Faulting application start time: 0x%10
Faulting application path: %11
Faulting module path: %12
Report Id: %13
Faulting package full name: %14
Faulting package-relative application ID: %15

what i do?

↧

Need to have log reporting from KIWI SYslog

December 7, 2018, 4:11 am

≫ Next: log forwarder and dhcp auditing?

≪ Previous: kiwi syslog server 9.6.6.1 service automaticaly stopped

Hi All,

I need to configure logs reporting in my KIWI syslog application through my SMTP server as attachments into my email.

Please let me know , how to proceed.

Thanks

Srikant

↧

log forwarder and dhcp auditing?

October 15, 2011, 10:57 am

≫ Next: How to create filter in kiwi syslog web access to filter only windows logon events

≪ Previous: Need to have log reporting from KIWI SYslog

I am needing to forward all of our DHCP audits to the syslog, however I cannot figure out how to do that with the Log Forwarder. Which source do I use in the Event Viewer? The audit is logged to a file. Is there any way to forward changes to files?

↧

How to create filter in kiwi syslog web access to filter only windows logon events

April 21, 2015, 9:23 pm

≫ Next: Syslog stops logging with no notification

≪ Previous: log forwarder and dhcp auditing?

Dear All,

I want to create filter in syslog server to view the windows logon and logoff (event logs).

Please help me to create the filter.

↧

Syslog stops logging with no notification

May 29, 2015, 4:18 am

≫ Next: RFC 5424 support?

≪ Previous: How to create filter in kiwi syslog web access to filter only windows logon events

I discovered this morning (only because I didn't receive the nightly report) that two of our Syslog servers stopped logging yesterday afternoon. The nightly archiving and cleanup jobs did not run. The service did not crash. The drive has 63 GB of free space. There are no entries under the Application or System logs in Windows. Under the Errorlog I see this for all of the reporting nodes ("ip.address.#" is placeholder for the actual values in the logs):

2015-05-28 15:38:59 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:38:59 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address1.txt

2015-05-28 15:39:00 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:00 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1..txt

2015-05-28 15:39:02 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:02 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.2.txt

2015-05-28 15:39:03 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:03 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\ESX\ip.address.3.txt

2015-05-28 15:39:03 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:03 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt

2015-05-28 15:39:06 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:06 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt

2015-05-28 15:39:07 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:07 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\ESX\ip.address.4.txt

2015-05-28 15:39:08 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:08 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt

2015-05-28 15:39:11 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:11 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt

2015-05-28 15:39:16 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:16 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt

2015-05-28 15:39:16 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:16 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\ESX\ip.address.5.txt

The log stops there. When I restart the service I see these additional entries in the Error log:

2015-05-29 07:17:16 Unable to open InterApp listening socket on TCP port 3300

2015-05-29 07:17:16 Unable to open UDP socket on port 514

2015-05-29 07:19:08 Service running, but Service/Manager comm link is not connecting.

2015-05-29 07:19:28 Unable to connect to Service socket on TCP port 3300

2015-05-29 07:19:38 Service running, but Service/Manager comm link is not connecting.

Any ideas?

↧

RFC 5424 support?

May 1, 2013, 6:44 am

≫ Next: Kiwi Syslogd_Service.exe stopping unexpectantly

≪ Previous: Syslog stops logging with no notification

Currently Kiwi Syslog Server 9.x release supports syslog based on RFC 3164. Are there any plans to add support for RFC 5424 in a future release?

Thank you,

David

↧

Kiwi Syslogd_Service.exe stopping unexpectantly

April 19, 2018, 1:06 am

≫ Next: Changing Kiwi Syslog web port

≪ Previous: RFC 5424 support?

we are experiencing the below events:

Event ID: 1000

Faulting application name: Syslogd_Service.exe, version: 9.6.3.3, time stamp: 0x5a0da76b

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000096

Fault offset: 0x065685f4

Faulting process id: 0x%9

Faulting application start time: 0x%10

Faulting application path: %11

Faulting module path: %12

Report Id: %13

Faulting package full name: %14

Faulting package-relative application ID: %15

Event ID: 1026

Application: Syslogd_Service.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: exception code c0000096, exception address 065685F4

Stack:

the service can be manually started successfully, however it stops with the above errors on a seemingly random basis (at least once a day).

EDIT 17:38 19/04/18 - I discovered that the service fails when a scheduled job (to archive) the syslog files is activated - but not when manually ran.

↧

Changing Kiwi Syslog web port

August 19, 2016, 6:11 pm

≫ Next: Need to have log reporting from KIWI SYslog

≪ Previous: Kiwi Syslogd_Service.exe stopping unexpectantly

Hi all,

Can anyone point me in the direction some documentation on how to change the default Kiwi Syslog web port from 8088 to something else? Say 80?

I had a 'quick' search and couldn't find anything solid to go off.

Thanks!

↧

Need to have log reporting from KIWI SYslog

December 7, 2018, 4:11 am

≫ Next: Kiwi Syslog Server 9.4.1 - Active Directory Settings

≪ Previous: Changing Kiwi Syslog web port

Hi All,

I need to configure logs reporting in my KIWI syslog application through my SMTP server as attachments into my email.

Please let me know , how to proceed.

Thanks

Srikant

↧

Kiwi Syslog Server 9.4.1 - Active Directory Settings

June 30, 2014, 1:02 pm

≫ Next: Kiwi Syslog Server free ed. not receiving SNMP Traps version 2c

≪ Previous: Need to have log reporting from KIWI SYslog

Has anyone configured Active Directory Settings in Kiwi Syslog Server 9.4.1? Below are the available Active Directory Settings available in the Web Access interface under the Admin Tab.

Domain URL: <Free Form Box> My domain prepopulated correctly.
Authentication Type: <Free Form Box>. Is this supposed to be NTLM, Kerberos, etc?
User Groups: <Free Form Box> Does the format need to be LDAP based?

↧

Kiwi Syslog Server free ed. not receiving SNMP Traps version 2c

April 13, 2015, 12:24 am

≫ Next: no log shows on Kiwi Syslog Web Access

≪ Previous: Kiwi Syslog Server 9.4.1 - Active Directory Settings

Hello Everybody.

I'm having troubles receiving SNMP Traps v 2c on Kiwi Syslog Server Free edition.

Although it is described in the feature list that this is supported (also in the documentation), i can receive version 1 but not 2c.

Using Wireshark to listen to the traffic i can clearly see SNMP traps version 2 incoming, but nothing appears on syslog server.

Can anyone help?

I asked support@ and sent many mails, but didn't get any answer to the problem, they just said to post my question here because this is a free product.

Thank you very much.

↧

no log shows on Kiwi Syslog Web Access

August 25, 2015, 11:44 am

≫ Next: Query on Kiwi Syslog server

≪ Previous: Kiwi Syslog Server free ed. not receiving SNMP Traps version 2c

I am having kiwi syslog 9.5 installed.

I choose to install as service and also installed the web access.

The syslog console opened fine and I see logs on displayed and also to file.

However, with the web access, it shows nothing (what so ever). I checked the Setup on Console Manager and see that under Rules i have 2 exact same option for "Log to Syslog Web Access". Everything under that options checked.

But I still see no log on web access.

1) I tried to uncheck all the "Log to Syslog Web Access".

2) Closed the Console Manager and reopened it

3) Checked mark one of the 2 optioins "Log to Syslog Web Access" and everything below it.

4) Opened and log in to web access -> Still see nothing.

any idea?

↧

Query on Kiwi Syslog server

April 12, 2018, 2:57 am

≫ Next: Kiwi Syslog server

≪ Previous: no log shows on Kiwi Syslog Web Access

Hi All,

Just want one clarity. Kiwi Syslog server can receive the data from network devices, servers etc via syslog method right OR its different?

↧

Kiwi Syslog server

May 17, 2012, 4:44 am

≫ Next: Kiwi syslog server service can't start

≪ Previous: Query on Kiwi Syslog server

I have just installed the Windows log forwarder to enable us to point our windows event logs to our Kiwi Syslog server. We have 27TB of storage on the Syslog server and I want to seperate the Windows event logs from the regular SNMP traps. How or can I point the windows event logs to a sperate partition than the SNMP traps? The reason for this task is that our security posure requires that we retain our event logs.

↧