Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

DBCache folder accumulation (log to database action)

June 30, 2015, 1:08 pm
$
0
0

I am consistently getting warnings from SAM that the DB Cache folder the kiwi syslog (\\${IP}\c$\Program Files (x86)\Syslogd\DBCache) contains files. The warning in SAM indicates that the log to database action is falling behind or failing. I do not see anything in the documentation regarding this warning. Does anybody know how this affects the kiwi syslog and how concerned I should be? I would like to add more devices to send syslog information but am concerned kiwi will have more of these files in the DBCache. Currently I am seeing about 47K MPH in Kiwi. Has anybody else seen this message from SAM, or have any suggestions for possible solutions?

 

Thanks,
Caleb

 

Kiwi Syslog Server 9.4.2 installed on Windows 2008 R2 Standard, 8 GB ram, 200 GB HD.

Using the log to database action to Microsoft SQL Server 2008 R2, 8 GB ram, 100 GB HD

SAM 6.1.1 Application component File Count: DBCache Folder for Kiwi Syslog Server

Search

Trying to filter on a hostname that is an IP Address in Kiwi Syslog server.

September 30, 2015, 4:05 am
$
0
0

I am trying to filter on the hostname which happens to be an IP address. Kiwi syslog server gives me a red X whenever I attempt to test the filter. I can't convert it using DNS so I have to use the IP address. It keep telling me to put quotes around it but when I do it still doesn't work. I am trying to filter so I can dump this host in a separate LOG file. Any ideas?

Purging Data from SQL Database

March 22, 2010, 10:09 am
$
0
0

Hi,

We are evaulting Kiwi Syslog Server v9.0.  We are using the software with a CISCO ASA firewall and writing all events to an external SQL 2005 server.

I need a way to purge older data from the SQL 2005 server.

I do not see any options with the Syslog Server to purge records.

Is there a script that can be used?

Thanks

Uninstall Syslog service.

October 3, 2015, 4:31 am
$
0
0

Hi,

 

I'm trying to uninstall the 14 day trial of syslog server (9.4.1) eval. installed on Windows Server 2003.

 

There is no uninstall service on the management menu drop down. as per the instructions.

 

"Using the Service Manager, uninstall the service

Use the Manage | Uninstall the Syslogd service menu."

 

Some help required please.

 

Simon.

How many messages per hour can Kiwi Syslog handle without dropping messages?

June 2, 2015, 1:13 pm
$
0
0

How many messages per hour can the syslog server reliably handle per hour or per second before dropping / skipping / missing messages and failing to trigger alerts?

Auto Purge Kiwi Database

February 24, 2011, 4:21 pm
$
0
0

I recently had my Kiwi Syslog server DBCache folder filled with over 20GB of cache files.

This was resolved by purging the cache with the "Purge Database Cache" button on the Kiwi menu, however I would love to do this daily or on a schedule when needed.


Is there an easy way to do this or is there an .exe file in the Syslogd folder that I can call on a schedule to perform this task ?

 

Thanks,

How to export Kiwi syslogs

November 1, 2012, 12:40 pm
$
0
0

Is there any way for me to export Kiwi Syslogs.  I want to be able to export the syslogs from a licensed Kiwi server into another database for viewing.  Specifically the NPM database.  I would think that there would have been something to do this already since both are SolarWinds products, but I am unable to find it.
  I want to be able to take the logs off the Kiwi server and view them elsewhere, without viewing through Kiwi.  I want to view them through NPM, but I guess I can get by viewing them through something like Access.  Is there a way (even if it isn't easy) to do this?

Limiting Size of Log file

August 1, 2016, 10:46 pm
$
0
0

Hi,

 

We are using the Kiwi Syslog Web Access as a syslog for all the network and security devices. Due to this we are unable to fetch events for any specific filters applied on the Kiwi Syslog Web Access.

We alternatively go to the location: \Program Files (x86)\Syslogd\Logs and try to open the logs in text editor like notepad++.

 

The problem is:

1. That file size is too large (~700 MB) and we are unable to open via the text editor. Is there any way to limit the size.

2. On the Web Access, when a filter is applied, the software crashes with the error:

 

Exception of type 'System.Web.HttpUnhandledException' was thrown.

Status Code: 500

 

System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.Web.HttpException: Maximum request length exceeded.
  at System.Web.HttpRequest.GetEntireRawContent()
  at System.Web.HttpRequest.FillInFormCollection()
  at System.Web.HttpRequest.get_Form()
  at System.Web.HttpRequest.get_HasForm()
  at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull)
  at System.Web.UI.Page.DeterminePostBackMode()
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  --- End of inner exception stack trace ---
  at System.Web.UI.Page.HandleError(Exception e)
  at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
  at System.Web.UI.Page.ProcessRequest()
  at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
  at System.Web.UI.Page.ProcessRequest(HttpContext context)
  at ASP.events_aspx.ProcessRequest(HttpContext context)
  at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
  at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Resource: http://10.240.22.194:8088/Events.aspx
Referrer: http://10.240.22.194:8088/Events.aspx

 

Click here to return to the previous page    Click here to return to the login page

 

 

Please suggest.

Details: Kiwi Syslog Web Access ver 1.5.1

 

Thanks,

Richard

Search

Can't setup syslog with a Cisco ASA 5505

July 13, 2016, 10:01 am
$
0
0

I have never used Syslogs before but was asked to setup one.

I am having trouble setting it up with my Cisco ASA 5505 security Device.

I can ping FROM the server to the Cisco ASA

I can ping FROM the ASA to the Server.

 

 

 

Things I have done.

 

  1. I have downloaded the Solarwind Kiwi Sylog server.
  2. I installed it as a service.
  3. I tested the Kiwi Syslog server using it's built in testing tool and I received messages. They came in on 127.0.0.1.
  4. In Kiwi Sys Log server I added the IP address of the Cisco ASA.
    1. File - Setup - Input - 192.168.200.1 (Server address)
  5. Inputs - UDP
    1. Made sure Port was set to 514
  6. Logged into the Cisco ADSM management.
  7. Went to:
    1. Configuration - Device Management - Logging
  8. Under Logging setup I selected "Enable"
  9. Logging filters
    1. I enabled Sys Log and selected "Severity:Warnings" for all event classes.
  10. Clicked on "Sys Log Server" from the menu. I added:
    1. Interface: Data (inside which the Sys Log is connected to)
    2. IP Address ( IP address of the Syslog server)
    3. UDP Port 514
    4. EMBLEM and Secure is set to "NO"
  11. Click on "Syslog Setup" on the ASA in the menu structure
    1. Include Timestamp in syslogs
  12. I applied the settings to the ASA and then committed the changes to flash.

 

Any ideas on why the syslog server isn't displaying the info?

 

Thanks so much in advance!

Kiwi Syslog Display Showing Kernel.Error

July 27, 2016, 7:04 am
$
0
0

Dear all,

 

Recently we have deploied a Kiwi Syslog, after a couple of days it starting to show Kernel.Error in the Priority Column.

 

Does anybody faced similar issue, if so, how did you solve it ?

Kiwi-Error.jpg

Kiwy syslog "Service running, but Service/Manager comm link is not connecting" on a virtual machine

March 14, 2017, 2:14 am
$
0
0

Hi eveyone

 

I have a problem with my syslog server, it send he following messages:

 

Service running, but Service/Manager comm link is not connecting.

Unable to connect to Service socket on TCP port 3300

 

The server is installed on a windows 7 virtual machine on an vmware enviroment, I already verified the TCP port  and it belongs to the syslog server, also the windows firewall is down

 

Do you have any ideas?

 

Regards

log forwarder error

February 23, 2018, 6:15 am
$
0
0

i installed log forwarder 2.1.0 on my windows server 2008. i set my kiwi syslog server, i configured subscription for sending system logs from my server. when i click to test button, the test is ok, but in event viewer i receive in log solariwinds.net i receive message

 

Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.

 

also, my kiwisyslogserver does not receives messages. where is problem

Kiwi Syslog Service Manager could not receive log from Solarwinds Log Forwarder

March 26, 2019, 12:28 am
$
0
0

Server OS: Windows server 2016

Client OS: Windows 10 pro build 1511

Kiwi syslog service manager: Licensed 9.6

Kiwi syslog message generator: v2.2

Solarwinds event log forwarder: v1.2

Firewall status: both server and client are off.

 

I'm trying to use Solarwinds event log forwarder to forward client's event logs to server's syslog manager through TCP, but nothing shows up (Ports and IP address are done correctly). Activating license was my last resort, but result doesn't change.

 

I then tried using Kiwi syslog message generator, message finally received by syslog manager but after every one message was sent, TCP connection is constantly being cut off. Tried sending messages using UDP too, turns out UDP does nothing at all, no message no nothing (Again, ports are fine).  Tried this method Kiwi Syslog Server service is halting regularly - SolarWinds Worldwide, LLC. Help and Support , doesn't work. Tried reinstalling syslog manager, no luck.

 

I tried to install Splunk on the server pc, and I managed to connect successfully with client's pc through TCP, which means there were no issues with the ports and connection.

 

Any help would be appreciated!

Log Forwarder for Windows (available to all Kiwi customers on maint)

October 19, 2009, 10:39 am
$
0
0

What it does:

Log Forwarder for Windows allows you to forward Windows events as Syslog to your Kiwi Syslog Server

  • Works on Windows XP, 2003, Vista, and 2008 (32-bit or 64-bit)
  • Provides .MSI version for silent installs, allowing use with remote software distribution systems (e.g., Microsoft SMS)
  • Enables definition of filters that describe which events are forwarded

How to get it:

If you download the Kiwi Syslog Server 9.0 from your customer portal, you will see there is an additional Log Forwarder executable included with your download.   The Log Forwarder for Windows was developed by the Kiwi Syslog team.  It is available at no cost to Kiwi Syslog customers current on maintenance.

Try it out and let us know what you think!

Kiwi Syslog Server - Status Code 500

November 1, 2011, 6:01 am
$
0
0

Hi community. I ve searched about my problem but only found topics related about Orin software. I am getting an exception in Kiwi Syslog Web Access. Status Code 500. Any one have experienced this issue ? Thanks a lot.

Exception of type  'System.Web.HttpUnhandledException' was thrown.

Status Code: 500

System.Web.HttpUnhandledException:  Exception of type 'System.Web.HttpUnhandledException' was thrown. --->  System.ArgumentOutOfRangeException: 'capacity' must be  non-negative.
Parameter name: capacity
at  System.Collections.ArrayList..ctor(Int32 capacity)
at  RadGridUserSettings.GetSerializedSettings()
at _Event.Render(HtmlTextWriter  writer)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer,  Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter  writer, ICollection children)
at  System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at  System.Web.UI.Page.Render(HtmlTextWriter writer)
at  _Event.Render(HtmlTextWriter writer)
at  System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer,  Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter  writer, ICollection children)
at  System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at  System.Web.UI.Page.Render(HtmlTextWriter writer)
at  _Event.Render(HtmlTextWriter writer)
at  System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,  Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace  ---
at System.Web.UI.Page.HandleError(Exception e)
at  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,  Boolean includeStagesAfterAsyncPoint)
at  System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean  includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at  System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at  System.Web.UI.Page.ProcessRequest(HttpContext context)
at  ASP.events_aspx.ProcessRequest(HttpContext context)
at  System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&  completedSynchronously)

Resource: http://localhost:8088/Events.aspx
Referrer: http://localhost:8088/Gateway.aspx

Click here to return to the previous  page    Click here to return to the login  page

Search

TCP Syslog Does Not Work in Latest Version

March 8, 2018, 1:07 pm
$
0
0

I use kiwi syslog server a lot for testing syslog.  It seems like in the latest version there are issues with TCP.  I'm verifying with the Kiwi Syslog Message Generator.  Seems like with syslog server version 9.4.1 TCP connects and works, but in latest version 9.6.3 it does not connect for some reason. When I try to connect TCP with message generator it says "TCP session remotely disconnected" using the same tool the same exact way, it works with version 9.4.1. I'm using the syslog message generator tool on the same machine as the syslog server.  Is this a known issue, or am I missing something?  Any suggestions or help would be much appreciated.  Thank you very much.

Hourly log file rotation (Kiwi Syslog)

April 17, 2014, 6:21 pm
$
0
0

Hello,

 

     I''ve tried searching the forum but was unable to find an answer to this specific issue. I just setup Kiwi Syslogd (paid) and have been testing logging from some firewalls. While I have no problem creating the log files and directory structure, log files are being created about every minute. I thought I'd modified this behavior by enabling Log File Rotation (under the Log to File action) with Total number of log files set to "2" and Maximum log file age set to "1 hour", but I am still seeing a log file being created every minute and I do not understand why. Yes I am using AutoSplit Values within the pathname btw (I saw this mentioned in another post), but I'm not sure why this would still generate a file each minute. I'm clearly lost so thank you in advance for pointing me in the right direction.

 

-l4d

 

 

4-17-2014 9-18-22 PM.png

Forward syslog events to QRadar

January 13, 2016, 11:55 am
$
0
0

I'm trying to forward events from Kiwi Syslog to QRadar SIEM. 

 

In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected "Retain the original source address of the message"; clicked the Test button to verify the configuration and got a gree checkmark.

 

The test event was the only event received by the QRadar.  None of the events I'm forwarding have been received as incoming logs on QRadar.

 

I've tried this with and without adding the Kiwi Syslog servers as log sources in QRadar.

 

Do I need to install a universal DSM on the Kiwi Syslog servers?

Kiwi Syslog Viewe Message Pattern Syntax

November 19, 2013, 11:07 am
$
0
0

Hello Thwackers!!!

 

Quick question... I want to filter using excludes in the Syslog Viewer.  To be clear, I don't want to eliminate the messages from Syslog - I just want to filter inside the viewer for them.

 

For example, I can include only messages with this IP by putting %192.1.3.4% in the "Message Pattern" box.

 

I can EXCLUDE messages with this IP by putting !%192.1.3.4% in the "Message Pattern" box.

 

What I want to do is exclude an IP AND exclude a partial user name.  So in english:  I want only messages that do NOT include the IP address of 192.1.3.4 and also do NOT include any user with 'anon' in the name.

 

Can this be done?

 

I have tried to no avail:

 

!%192.1.3.4%.!%anon*%

!%192.1.3.4%.!%anon?%

!%192.1.3.4% & !%anon*%

!%192.1.3.4% && !%anon*%

 

..and other combinations of the above...

 

Thanks in advance!!!

Problem with filtering in Kiwi Syslog

December 12, 2011, 1:15 pm
$
0
0

I am setting up a kiwi syslog server.  Running into a problem with the filtering not working the way I would expect.  I have used Kiwi but that was several years ago.  I have setup a display for a specific switch and have tried several different filter possibilities but still getting syslog messages on the display that dont belong to the switch I am trying to watch. 

I have tried a ip address - simple filter with the ip address of the switch "10.1.1.2".  On the cisco switch, I have used the command logging source-interface vlan 254 which should send out the syslog messages using the ip address in the simple filter I setup.  I have also tried the hostname option with the hostname of the switch "Switch1" but same problem.

It has got to be something simple but so far I havent found the problem.  Since this is the free version, I know I cant call Solar Winds support.

Any suggestions are appreciated.


Ron

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>