Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

Kiwi SyslogServer 9.6.6.1 is failing to stay up with TCP traffic on port 514

April 8, 2019, 11:55 pm
$
0
0

Hello Experts,

 

We have two instances of Kiwi 9.6.6.1(enterprise licensed) which are failing to stay up with TCP traffic over port 514. It fails with an unhandled exception "System.IndexOutofRangeException". If I try to send the normal burst messages using SyslogGen it works but for actual traffic it crashes. Tried to bind IP and disable UDP as well without luck.

 

We have DNS lookup disabled to achieve necessary speed. Our environment is Windows 2016.

 

Any suggestions would be of great help.

 

Thanks

Pradeep

Search

Kiwi syslog migration

April 10, 2019, 2:05 am
$
0
0

We have upgraded our kiwi syslog server to a new server with a new version of the OS.

 

I need to migrate the settings of the previous server to the new server, but I am unable to find a migration tool or guide on how to migrate the settings.

 

I dont need to migrate the files (logs) only the settings.


Can anyone help or advise, or point me to a guide?

Administrator Password Missed; Other way to login

April 17, 2015, 2:56 am
$
0
0

Hi,

 

I have recently been handed over Kiwi Syslog server to manage which has both Fat Client and Web Server. Fat Client is directly logged in however Web console could not be logged in. When I checked regarding the password of "Administrator", I have been informed that resource handling it has left long ago and there is no one to tell.

 

Is there a way we can reset the password of Administrator or create a new user from Syslog Fat Client. I cant raise the request with Support as we do not have active maintanence.

 

Thanks,

Syed

Collect DHCP events from Windows DHCP server

November 26, 2016, 2:39 am
$
0
0

Hello,

 

Could you please tell me how to transfer all DHCP events (from a standard Windows 2012 DHCP server) to syslog ?

 

Thanks in advance for your help

Domain Admin login event log forwarding?

October 2, 2017, 11:54 am
$
0
0

Hello,

 

    I'm currently trying to get the logs of where (what IP) and when (date and time) the Domain Administrator account information is used to log into one of three specific machines (2 DC's, and a Finance server). I'm having some trouble defining the subscription in the Kiwi Log Forwarder - Specifically, what boxes do I need to tick off and what event ID number do I need to include? I have the IP's for the three servers that I want AD to send the Admin login logs from. Thanks!

Forward syslog events to QRadar

January 13, 2016, 11:55 am
$
0
0

I'm trying to forward events from Kiwi Syslog to QRadar SIEM. 

 

In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected "Retain the original source address of the message"; clicked the Test button to verify the configuration and got a gree checkmark.

 

The test event was the only event received by the QRadar.  None of the events I'm forwarding have been received as incoming logs on QRadar.

 

I've tried this with and without adding the Kiwi Syslog servers as log sources in QRadar.

 

Do I need to install a universal DSM on the Kiwi Syslog servers?

Automate SolarWinds Event Log Forwarder?

January 25, 2016, 3:30 pm
$
0
0

Hi all,

Is there away to setup an automated install of SolarWinds Event Log Forwarder? I'm planning on deploying it via SCCM and wanted to know if there's a way to automate the install and configuration of the program?

 

Any help would be grateful!!!

 

Thanks in advance.

Kiwi Syslog Email Alerts & Filters

September 12, 2016, 5:14 pm
$
0
0

Hi all,

 

I just have some questions around setting up email alerts and filters in Kiwi Syslog.

 

  1. What is the average processing time from receiving a syslog message to it being processed and emailed out? I'm seeing delays of up to 30 seconds or more before I am even seeing it in the email log within Kiwi, then you add the time it takes for your mail server to actually deliver the message. Curious to see what others are seeing?
  2. When creating filters and actions within a rule, the filters look to be processed as "AND" instead of "OR". E.g. If I have a single rule called "Logon Success Events", with an action to email the alert, and a filter to catch the first devices message which might be "logon successful" and the second devices message "successful logon", it appears to not work. It appears I have to create a new rule for each different message string? Is there a way for multiple filters under a rule to be processed as "OR" and not "AND"?

 

Many thanks!

Search

Superflorus Characters In Messaging

October 3, 2016, 3:24 pm
$
0
0

My syslogging is working  but I am getting unwanted data included as follows:

 

10-03-2016    17:33:33    Local7.Error    172.16.1.17    0‚<001>L<002><001><001><004><008>xxxxxxxx§‚<001>;<002><001><002><002><001><000><002><001><000>0‚<001>.0<016><006><008>+<006><001><002><001><001><003><000>C<004><016>€X<008>0<025><006><010>+<006><001><006><003><001><001><004><001><000><006><011>+<006><001><004><001><009><009>)<002><000><001>0<020><006><014>+<006><001><004><001><009><009>)<001><002><003><001><002><000><004><002>200<019><006><014>+<006><001><004><001><009><009>)<001><002><003><001><003><000><002><001><007>0<029><006><014>+<006><001><004><001><009><009>)<001><002><003><001><004><000><004><011>Syslog Trap0œ<006><014>+<006><001><004><001><009><009>)<001><002><003><001><005><000><004>‰<166>%ASA-6-302016: Teardown UDP connection 37074340 for Outside:209.235.168.30/0 to McCallie:192.168.30.99/5060 duration 0:01:01 bytes 00<022><006><014>+<006><001><004><001><009><009>)<001><002><003><001><006><000>C<004><016>€X<008>

 

I cannot seem to get rid of the <001>;<002>...etc. data.

 

The above example should look something like this:

10-03-2016    17:33:33    Local7.Error    172.16.1.17 Syslog Trap %ASA-6-302016: Teardown UDP connection 37074340 for Outside:209.235.168.30/0 to McCallie:192.168.30.99/5060 duration 0:01:01 bytes 00

 

My device providing the data is a Cisco ASA 5512-X

 

Thanks in advance

Sys Log Configuation.

October 17, 2016, 9:21 am
$
0
0

Dears,

 

I have some questions here regarding the below:

 

1- log rotation

2- log archiving

3- Clean up.

 

Please advise with a best practice configuration. currently we have a clean up action to delete logs every one week. our requirement to keep three months logs.

 

: we are using AutoSplit option using IP address. so the number of logs is equal the number of hosts. . and if I use log rotation then the information for all logs will be accessible from the console,shall I use archiving as well?

 

what is the best practices configuration?

 

Thanks

The list of Windows Update that conflicts with Kiwi Syslog Server

May 22, 2017, 12:37 am
$
0
0

Hi,

I use Kiwi Syslog Server on Windows Server 2016.

 

I got an error on Kiwi Syslog Server due to conflict with Windows Update several times.

 

1) Performed on April 26, 2017

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.5.2

 

The following patchs were installed by Windows Update successfully.

KB4015217

KB890830

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

 

 

2) Performed on May 19, 2017

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.1

 

The following patchs were installed by Windows Update successfully.

KB3150513

KB4019472

KB890830

KB4013418

 

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'XceedZip.dll' or one of its dependencies not correctly registered: a file is missing or invalid.

---------------------------

 

 

[Resolution]

Both cases, I uninstalled and re-installed Kiwi Syslog Server.

 

Please refer:

https://support.solarwinds.com/Success_Center/Kiwi_Syslog_Server/KSS_error_Component_XceedZip_dll_or_one_of_its_dependencies_not_correctly_registered_a_file_is_missing_or_invalid

 

 

 

3) Performed on June 21, 2017

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.1

 

The following patchs were installed by Windows Update successfully.

(KB3186568)

(KB4023834)

(KB4022715)

(KB890830)

(KB3150513)

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'XceedZip.dll' or one of its dependencies not correctly registered: a file is missing or invalid.

---------------------------

 

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

 

==================================

4) Performed on April 3, 2018

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.3

 

The following patchs were installed by Windows Update successfully.

KB4089510

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

 

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

 

 

==================================

 

==================================

5) Performed on June 29, 2018

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.3

 

The following patchs were installed by Windows Update successfully.

KB4284833

2018-06 x64 ベース システム用 Windows Server 2016 の累積更新プログラム (KB4284833)

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

 

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

 

==================================

 

メッセージ編集者: JTC Osaka After Windows Update(2018-June), KSS can not start again.

 

 

=========================================================

6)

Performed on Nov 22, 2018

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.3

 

The following patchs were installed by Windows Update successfully.

--------------------------

2018-11 x64 ベース システム用 Windows Server 2016 更新プログラム (KB4465659)

2018-11 x64 ベース システム用 Windows Server 2016 の累積更新プログラム (KB4467691)

悪意のあるソフトウェアの削除ツール x64 - 2018 年 11 月 (KB890830)

--------------------------

 

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

 

 

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

 

メッセージ編集者: JTC Osaka  2018/11/29 15:31

 

==================================================================

7)

Performed on March 4, 2019

*Environment

- Windows Server 2012 R2

- Kiwi Syslog Server version 9.6.6.1

 

The following patchs were installed by Windows Update successfully.

--------------------------

- 2019-02 x64 用 Windows 8.1 および Server 2012 R2 の .NET Framework 3.5、4.5.2、4.6、4.6.1、4.6.2、4.7、4.7.1、4.7.2 用セキュリティおよび品質ロールアップ (KB4487080)

- 2019-02 x64 ベース システム用 Windows Server 2012 R2 向けセキュリティ マンスリー品質ロールアップ (KB4487000)

- 悪意のあるソフトウェアの削除ツール x64 - 2019 年 2 月 (KB890830)

--------------------------

 

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'ipdaem160.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

Error message:

 

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

 

メッセージ編集者: JTC Osaka 2019/03/04 10:44

How to create Service Now Ticket using Kiwi Syslog Server or LEM ?

September 12, 2017, 6:43 am
$
0
0

Hi,

 

We are looking into installing Kiwi Syslog Server or LEM for our log monitoring needs.

 

Currently comparing Kiwi Syslog Server and LEM and trying to find if one or both of them has feature that helps us to create service now ticket when we receive certain logs. We'd appreciate any information on this.

 

Regards,

Manish

Web Access not showing current logs

March 6, 2018, 10:04 am
$
0
0

i have web access enabled, and it is showing logs, just not the current logs.

E:\Program Files\Syslogd\Logs\ is showing txt files for the current date, but what is being displayed in the web console is the oldest file

The service manager is showing live data being captured

 

how can i get the web access to also show the live data being captured?

Kiwi SyslogServer 9.6.6.1 is failing to stay up with TCP traffic on port 514

April 8, 2019, 11:55 pm
$
0
0

Hello Experts,

 

We have two instances of Kiwi 9.6.6.1(enterprise licensed) which are failing to stay up with TCP traffic over port 514. It fails with an unhandled exception "System.IndexOutofRangeException". If I try to send the normal burst messages using SyslogGen it works but for actual traffic it crashes. Tried to bind IP and disable UDP as well without luck.

 

We have DNS lookup disabled to achieve necessary speed. Our environment is Windows 2016.

 

Any suggestions would be of great help.

 

Thanks

Pradeep

SolarWinds Event Log Forwarder for Windows

December 12, 2017, 1:19 pm
$
0
0

I do not know if this is the correct place to post this question.

I am using Kiwi Syslog Server, and I have SolarWinds Event Log Forwarder for Windows installed on a computer.The forwarder will send  test messages, but it is not sending the logs to the log server. Any suggestions?

 

Dejacpp...

Search

Kiwi Syslogd_Service.exe stopping unexpectantly

April 19, 2018, 1:06 am
$
0
0

we are experiencing the below events:

 

Event ID: 1000

Faulting application name: Syslogd_Service.exe, version: 9.6.3.3, time stamp: 0x5a0da76b

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000096

Fault offset: 0x065685f4

Faulting process id: 0x%9

Faulting application start time: 0x%10

Faulting application path: %11

Faulting module path: %12

Report Id: %13

Faulting package full name: %14

Faulting package-relative application ID: %15

 

Event ID: 1026

Application: Syslogd_Service.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: exception code c0000096, exception address 065685F4

Stack:

 

the service can be manually started successfully, however it stops with the above errors on a seemingly random basis (at least once a day).

 

EDIT 17:38 19/04/18 - I discovered that the service fails when a scheduled job (to archive) the syslog files is activated - but not when manually ran.

Event Log Forwarder - Where is the Audit Failure Type?

March 18, 2015, 5:40 pm
$
0
0

Hi There,

 

I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log.  When I click on the Security Log I don't see Audit Success or Audit Failure as an event type.  It just has Error, Warning and Information.  If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change.  Am I doing something wrong?  How can I see Audit Failure as an Event Type?

 

Thanks,

Kiwi Syslog not receiving SNMP Traps

September 10, 2015, 6:14 am
$
0
0

Hi all.

 

I have just installed Kiwi Syslog Server 9.5 on a test machine to evaluate its suitability for a project I'm working on. It's currently still running in 14-day Evaluation mode.

 

We can't seem to get it to receive SNMP traps at all. No matter what we do, netstat shows nothing listening on UDP port 162. SNMPv1 traps are being sent to the server, and we can see them in Wireshark arriving at the server, but Kiwi isn't listening for them.

 

In desparation, we tried enabling the Windows SNMP Trap service (although we understand this isn't required?) and this 'absorbed' the traps, but nothing appeared in Kiwi.

 

The test machine is running Windows 7 (32-bit) with the Windows Firewall switched off.

 

Should the 14-day Evaluation be able to receive SNMP traps?

 

Thanks in advance for any advice!

Syslog Web Access not working

January 28, 2014, 3:53 am
$
0
0

My syslog server was working fine until a few days ago the console its self seems to be working ok however the web access is not working.  It says page can’t be displayed when I try to troubleshoot the problem I get the following error message. There is an internet connection and I have tried different browsers.  any suggestions? Thanks

 

SysLog error.jpg

Log Forwarder windows opens upon login

May 28, 2015, 12:42 pm
$
0
0

Anyone know how to disable the Log Forwarder software from opening on the desktop upon login. Each time I login, the Log Forwarder configuration window opens and I have to click exit to close. Would like to have it running without window popping up each time.

 

V/R

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>