Hi all,
Can anyone point me in the direction some documentation on how to change the default Kiwi Syslog web port from 8088 to something else? Say 80?
I had a 'quick' search and couldn't find anything solid to go off.
Thanks!
↧
Changing Kiwi Syslog web port
↧
log forwarder error
i installed log forwarder 2.1.0 on my windows server 2008. i set my kiwi syslog server, i configured subscription for sending system logs from my server. when i click to test button, the test is ok, but in event viewer i receive in log solariwinds.net i receive message
Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
also, my kiwisyslogserver does not receives messages. where is problem
↧
↧
Mail error: SMTP protocol error. 504 5.7.4 Unrecognized authentication type
I'm having trouble configuring email alerts. I'm trying to send alerts to my Office 365 email address. Can someone see if I've input one of these settings incorrectly? I'm using my full Office 365 email for each of the blacked out sections in the screen shot below. For "SMTP Password," I'm using my Office 365 password.
↧
snmptrap -> syslog, garbled MACaddress
Hi.
We use the snmp trap feature of syslogd, receiving and forwarding SNMP traps as syslog messages.
The following problem was discovered with syslogd 9.4.x. It is still present in 9.5.0, but slightly different. See update below.
The attached file shows two network packets captured with wireshark. Both packets appears to be completely valid packets, and also decodes perfectly with the appropriate mibs loaded in wireshark.
Kiwi syslogd somehow manages to mistreat one of the packets. This is illustrated below, where you can see that cldcClientMacAddress.0 reads as ‘L?XÉöh’ in one case, and ‘Hex String=70 18 8B 44 B3 4F’ in the other. Obviously, we prefer the latter parsing of the data.
This problem is very visible to us, as approximately one third to one half of all client MAC addresses are unintelligible in our logs.
The source of the messages are SNMPtraps from a Cisco WLC wireless controller.
The captured packets (in the attachment) are taken from the inbound snmptraps to the KIWI syslog server.
The Kiwi Display function shows the same corrupted MAC as shown below.
We have not managed to figure out any pattern in corrupted/noncorrupted packets.
Also the AP MAC address shows the same corruption. There is no obvious correlation between corruption of one or the other.
(I.e. if a client MAC is corrupted this does not imply that the AP MAC is corrupted and vice versa.)
We *think* a MAC address coming through as corrupted always comes through as corrupted.
UPDATE:
After having updated syslogd to 9.5.0, *all* MAC-addresses now arrives garbled. I do prefer consistency over randomness. But still....
I have found no way to decode the received text as a valid MAC address.
None of the options in the options under 'Input | SNMP' appear to have any impact on this issue.
Is this a bug, or an intended feature? If the latter, how am I meant to parse the received data?
From kiwi syslogd:
Client 4c:bb:58:90:94:68/10.115.170.85:
13:02:25 | community=kiwi201, enterprise=1.3.6.1.4.1.9.9.599.0.4, enterprise_mib_name=ciscoLwappDot11ClientMovedToRunState, uptime=2013100, agent_ip=10.120.5.205, version=Ver2, cldcClientMacAddress.0=L?XÉöh, cLApName.0=H-BERGEN-NGV-AP30, cldcApMacAddress.0=³¹¹?Ä, cLApDot11IfSlotId.0=0, cldcClientIPAddress.0=10.115.170.85, 1.3.6.1.4.1.9.9.599.1.3.1.1.27.0=username, 1.3.6.1.4.1.9.9.599.1.3.1.1.28.0=HFK-Skole
Client 70:18:8b:44:b3:4f/10.114.58.15:
13:05:59 | community=kiwi201, enterprise=1.3.6.1.4.1.9.9.599.0.4, enterprise_mib_name=ciscoLwappDot11ClientMovedToRunState, uptime=2034500, agent_ip=10.120.5.205, version=Ver2, cldcClientMacAddress.0="Hex String=70 18 8B 44 B3 4F", cLApName.0=H-LINDAS-KNV-AP38, cldcApMacAddress.0="Hex String=70 10 5C 93 D4 E0", cLApDot11IfSlotId.0=1, cldcClientIPAddress.0=10.114.58.15, 1.3.6.1.4.1.9.9.599.1.3.1.1.27.0=anotherusername, 1.3.6.1.4.1.9.9.599.1.3.1.1.28.0=HFK-Skole
↧
How to export Kiwi syslogs
Is there any way for me to export Kiwi Syslogs. I want to be able to export the syslogs from a licensed Kiwi server into another database for viewing. Specifically the NPM database. I would think that there would have been something to do this already since both are SolarWinds products, but I am unable to find it.
I want to be able to take the logs off the Kiwi server and view them elsewhere, without viewing through Kiwi. I want to view them through NPM, but I guess I can get by viewing them through something like Access. Is there a way (even if it isn't easy) to do this?
↧
↧
Kiwi Syslog Forwarding
If I setup Kiwi Syslog to forward to another system such a Voyence. Will Kiwi keep the source IP of the deivce that sent the syslog?
↧
Kiwi Syslog Server limitations
Hi everyone,
I wonder if Kiwi Syslog Server has any limitation on how many servers that it can collect the logs from or how many servers can send the logs to the syslog server?
I know the Web Access has 4GB db limitation. What is the best practice for this limitation when you have more than 10 servers sending the logs to syslog server? I don't want to see only 1 or 2 day logs every day from Web Access. I hope at least 4GB db limitation can store like a month logs of all 10+ servers. I am trying first with the windows event logs (using the free tool Solwarwinds Event Log Forwarder)
Is there any limitation that i should be aware with Kiwi Syslog Server and Event Forwarder tool?
Another question:
Does Solarwinds Event Log Forwarder can work with other vendor syslog server? If so, which vendor and which syslog server product is that?
Thanks in advance!
↧
Kiwi Syslog Service Keeps crashing
We have been experiencing an issue with our Kiwi Syslog Service crashing about every other day. We are running version 9 and have a pretty standard setup where we are pushing syslogs from all of our devices in our network. We have quite a bit of stuff logging to our Syslog server and are easily breaching the 200000 maximum message count throughout the day and getting email's. We up'ed that and seem to be doing better however the syslog service continues to fail and will at times restart itself based off of the services recovery failure to restart the service but this is happening way to often.
Has anyone else seen this problem and if so, what kinds of things did you try/do? Is this box just getting pegged so hard that it's causing the service to malfunction and trip up? I'm not a Windows guy but is this issue even Windows related? The only other application we have running on this server is CatTools and it runs clean with no service issues. The systems team has taken a look at the server and believe this to be related only to the Kiwi application itself.
Next Steps: I'm thinking of removing and rebuilding the Kiwi 9 application from scratch to see if this corrects the issue but wanted some direction from the forum if anyone has any good ideas/suggestions.
Thankyou in advance!
↧
Kiwi Syslog Service hanging
1st time starting a discussion.
1st time working with Kiwi Syslog.
Let me know if I'm in the wrong place.
I am very new to Syslog Servers.
I'm a Route/Switch type guy.
We are using Kiwi Syslog to get Call Manager Call Traces for troubleshooting.
This Instance of Kiwi Syslog was working fine as a Guest VMware Server on a Host Server.
We used the app Veeam to move the Kiwi Syslog VMware Guest Server to another Host.
This issue started after the copy/move of the Kiwi Syslog
No IP addresses were changed, it's on the same network as before.
It starts up, logs are being received, and then they stop.
If you try to start the service, it tells you it's already running.
At the bottom of the Kiwi Syslog Service Manager, you can see the MPH indicator has stopped.
Looking at the correct folder I can see the logs are no longer being received.
If I stop the service and start the service it starts.
There is a script that tells it to restart every morning at 4am, and it will do this.
Below is the error event seen when it stopped last time.
Windows Server 2012 R2
64 -bit OS
Has anyone seen this type of issue before?
Any help would be greatly appreciated,
Mhaley
↧
↧
Maximum number of TCP connections has been reached. Not accepting connection.
KiWi Syslogd error: Maximum number of TCP connections has been reached. Not accepting connection.
Why? Thanks..
↧
Administrator Password Missed; Other way to login
Hi,
I have recently been handed over Kiwi Syslog server to manage which has both Fat Client and Web Server. Fat Client is directly logged in however Web console could not be logged in. When I checked regarding the password of "Administrator", I have been informed that resource handling it has left long ago and there is no one to tell.
Is there a way we can reset the password of Administrator or create a new user from Syslog Fat Client. I cant raise the request with Support as we do not have active maintanence.
Thanks,
Syed
↧
Collect DHCP events from Windows DHCP server
Hello,
Could you please tell me how to transfer all DHCP events (from a standard Windows 2012 DHCP server) to syslog ?
Thanks in advance for your help
↧
Kiwi syslog server service can't start
Hi everyone,
I'm using Kiwi syslog server 9 on Windows 2008 R2 server (VMware virtual machine). On 17.8.2012. physical server has stopped responding and customer had to restart it manually. Since then Kiwi syslog server doesn't work. When I try to access it, server's CPU raises to 100%, it is stuck like that for few minutes and then it displays error message in Kiwi grid pop up window saying 'Run-time error '0''.
Kiwi syslog service also can't be started, when I try to start it, it says it couldn't be started in timely fashion.
I've tried to delete/rename files in c:\program files\solarwinds\kiwi web access\html\app_data but with no success. I've renamed event.sdf to Old_event.sdf and made a copy of Event-blank.sdf and then renamed it to event.sdf.
I've raised a support ticket but with no results till now.
Do you have any idea what's the problem here?
Regards, O
↧
↧
How to search all log files
Hi everyone,
Can someone confirm that both the Kiwi Syslog Service Manager console and the Kiwi Syslog Web Access will only display messages for current log files. Therefore, a find or filter will only bring up hits for the most current log files, correct?
Assuming that is the case, I found a thread that mentions WinGREP as a freeware to search all log files on your hard drive. Wouldn't it be helpful for this capability to be integrated into Kiwi Syslog Server?
For example, I am importing all Windows Security events from all domain controllers into Kiwi Syslog Server. I want to be able to search for a username and the phrase "user account is locked out" for as far back as I have logs. How do I do this easily?
Thanks,
Tony
↧
Encoding for Syslog Server Console?
Hello,
I've setup my Kiwi Syslog Server to log to an Oracle Database. That worked, except that german umlauts (like ä, ö, ü) were not written to the DB correctly. (however, they showed up fine in the Server Console).
Therefore I changed the encoding for the UDP Input to UTF-8 wich results in fine database logs, but now umlauts in the server console as well as logfiles where displayed incorrect. I could get the logfile problem resolved by setting the LogFileEncodingFormat registry key to UTF-8 (65001). But the problem in the Server Console persists.
The weird thing is, changing the UDP input back to "System" encoding doesn't resolve the issue for the console.
↧
Syslog Console Hangs
Hi,
Then syslogd service runs fine on our windows server 2016 DC.
But if we open the console, it hangs. Memory and CPU load are ok.
Any idea what I can check ?
Best Regards,
Wouter Jinssen
Siemens
↧
Forward syslog events to QRadar
I'm trying to forward events from Kiwi Syslog to QRadar SIEM.
In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected "Retain the original source address of the message"; clicked the Test button to verify the configuration and got a gree checkmark.
The test event was the only event received by the QRadar. None of the events I'm forwarding have been received as incoming logs on QRadar.
I've tried this with and without adding the Kiwi Syslog servers as log sources in QRadar.
Do I need to install a universal DSM on the Kiwi Syslog servers?
↧
↧
Install Woes
Team,
My company purchased the full version of Kiwi Syslog Server and we started by uninstalling the free version. Once we started the install process, the process hung, then died. This happened after reboots as well. Looking at the processes, it appears the installer begins, copies some files into a temp directory, and starts a file called SWMaintDateCheck.exe. After some time, both processes die and the installation never continues. There is no error message, no log file (that I can find), and no other indicator.
Any suggestions?
Ray
↧
Kiwi Syslog Complex Text Parsing
I am trying to quiet down my kiwi syslog server a bit. I have reporting working well for several functions.
I have it alerting on any service "entered the stopped state" but this is making my server noisy.
I want to exclude "The Application Experience service" from sending an alert, but can't seem to get the text to parse properly to do this.
I have made my rule like so, but it's not working properly.
Am I doing this right, or should I be doing this another way?
Does anyone else notify on services stopping?
Thanks.og_setup
↧
Kiwi Syslog Server 9.4.1 - Active Directory Settings
Has anyone configured Active Directory Settings in Kiwi Syslog Server 9.4.1? Below are the available Active Directory Settings available in the Web Access interface under the Admin Tab.
- Domain URL: <Free Form Box> My domain prepopulated correctly.
- Authentication Type: <Free Form Box>. Is this supposed to be NTLM, Kerberos, etc?
- User Groups: <Free Form Box> Does the format need to be LDAP based?
↧