How many messages per hour can the syslog server reliably handle per hour or per second before dropping / skipping / missing messages and failing to trigger alerts?
↧
How many messages per hour can Kiwi Syslog handle without dropping messages?
↧
Windows failed logins tracking
Hi folks,
We currently have v9.5 running on a Windows 2012 R2 VM which is the loghost for our environment of approx. 60 systems. We use AD for authentication and I'm attempting to configure the logger to alert on multiple failed logins, however, nothing appears to be getting to the loghost from the DC, other than the previously configured items. I have been able to configure this successfully for our Linux VM's but no luck on the Windows side. My assumption is, the problem is between the keyboard and monitor
I've configured the Event Log Forwarder to send all things Microsoft Security to the loghost but having no luck. Has anyone done this successfully? What have I missed?
Thanks in advance.
Buddy
↧
↧
kiwi syslog server fail to send mail ( SMPT error) an [10060] connection time out
i am using a syslog server to recive logs from my firewall , i am trying to send the logs from my syslog server to my private email but i ceep getting the error : SMTP protocol error 535 5.7.3 authentication unsuccessful [BN4PR13CA0020.namprd 13.prod.outlook.com
i get this error when using TLS as security.
but when i use SSL as security i get this error : mail error: [10060] connection time out.
pleas help me , this is an exam thing for my school.
↧
Kiwi Syslog advantages over PRTG syslog
Hi guys, my boss has asked me to consider moving our syslogging services to PRTG syslog. I am very happy with Kiwi Syslog and don't want to migrate.
I want to come up with a list of reasons why this is not a good idea i.e. what things KiwiSyslog does better.
Can someone who is familiar with both of these packages assist me.
Thanks kindly for any help.
↧
unity400f syslog configuration
Hi everyone,
please let me know how to configure unity device in kiwi syslog web access
Thanks in advance
↧
↧
Spoof Network Packet - Using Npcap isntead of Winpcap
I have a licensed version of Kiwi 9.6 installed on a Windows 2016 Server. I was specifically hoping to use the "Spoof Network Packet" feature to forward packets to a downstream server. The help file says the server needs to be licensed (Done!) and that WinPcap must be installed. The problem is, WinPcap is deprecated for some time now, and not compatible (or at least not suggested) with Windows 2016. I use Npcap, which is the recommended way to go for W2016. I have even installed Npcap with WinPcap compatibility (a requirement of Wireshark) and that works correctly (with Wireshark). Unfortunately, with regards to the Kiwi server, something is still missing. The tick box is now available, but I cannot select a network adapter. Saving this config as is results in no data being sent.
↧
Syslog message duplicated
I have an issue wherein syslog messages from one host are being duplicated. We have a Secure Tunnel client running at one site, with network devices set up to send syslog messages to this client. No syslog messages from any other network device at this site are duplicated. I have verified that this appears to be a Secure Tunnel issue by configuring the offending network device to send syslog messages directly to the Kiwi Syslog Server. When this is done, only one syslog message is logged. When I reconfigure the network device to log to the Secure Tunnel client, two identical syslog messages are logged. I have also verified that there is only one syslog configuration line in the network device (i.e. that it is not configured to send syslogs both directly to the Syslog Server and to the SecureTunnel client.) This is eating up twice as much filespace, obviously... any help would be appreciated.
↧
Kiwi Syslogd_Service.exe stopping unexpectantly
we are experiencing the below events:
Event ID: 1000
Faulting application name: Syslogd_Service.exe, version: 9.6.3.3, time stamp: 0x5a0da76b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x065685f4
Faulting process id: 0x%9
Faulting application start time: 0x%10
Faulting application path: %11
Faulting module path: %12
Report Id: %13
Faulting package full name: %14
Faulting package-relative application ID: %15
Event ID: 1026
Application: Syslogd_Service.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000096, exception address 065685F4
Stack:
the service can be manually started successfully, however it stops with the above errors on a seemingly random basis (at least once a day).
EDIT 17:38 19/04/18 - I discovered that the service fails when a scheduled job (to archive) the syslog files is activated - but not when manually ran.
↧
SSL support for Kiwi Syslog server
Hi All,
Few months back we bought Kiwi Syslog Server license version because of the SSL feature only. I enabled the option Secured TCP option. But unfortunately it is unable to bind the port itself.
It says "invalid certificate provided". We use the same SSL certificate for other products with no issues. If use the same port for TCP or UDP only then it is working fine. I could not find what is the exact issue.
I contacted the SolarWinds customer portal few months back. They are not able tell what is exactly going on. Can you some one help me in fixing the problem?
Regards,
Abdun
↧
↧
How to delete old records from Kiwi Syslog Web Access?
How to delete records from the Kiwi Syslog Web Access?
Thanks.
↧
Kiwi Syslog Service Keeps crashing
We have been experiencing an issue with our Kiwi Syslog Service crashing about every other day. We are running version 9 and have a pretty standard setup where we are pushing syslogs from all of our devices in our network. We have quite a bit of stuff logging to our Syslog server and are easily breaching the 200000 maximum message count throughout the day and getting email's. We up'ed that and seem to be doing better however the syslog service continues to fail and will at times restart itself based off of the services recovery failure to restart the service but this is happening way to often.
Has anyone else seen this problem and if so, what kinds of things did you try/do? Is this box just getting pegged so hard that it's causing the service to malfunction and trip up? I'm not a Windows guy but is this issue even Windows related? The only other application we have running on this server is CatTools and it runs clean with no service issues. The systems team has taken a look at the server and believe this to be related only to the Kiwi application itself.
Next Steps: I'm thinking of removing and rebuilding the Kiwi 9 application from scratch to see if this corrects the issue but wanted some direction from the forum if anyone has any good ideas/suggestions.
Thankyou in advance!
↧
Windows Events 6005, 6006, 6008, 6009 and 1074 not logging in kiwi syslog server
Hello Everyone,
First time poster here. I am trying to track event log service status and power downs. I cannot get the windows machines to forward event logs 6005, 6006, 6008, 6009 and 1074.
I have event log forwarder configured correctly, at least the log preview shows the correct logs being forwarded. I do have a custom filter built just for these event IDs but I also have a catch all file that is not filtered. I am checking in both the web access and the syslog server itself. Neither of them receive these event logs from the windows machines. I haven't noticed any other events not being forwarded. All of my other filters are producing the information correctly.
Any tips on how to collect these logs?
Windows 2012R2 and Windows 7 Enviorment
Using Kiwi Syslog Server 9.6 and Event log Forwarder
↧
Web Access not showing current logs
i have web access enabled, and it is showing logs, just not the current logs.
E:\Program Files\Syslogd\Logs\ is showing txt files for the current date, but what is being displayed in the web console is the oldest file
The service manager is showing live data being captured
how can i get the web access to also show the live data being captured?
↧
↧
Spoof Network Packet - Using Npcap isntead of Winpcap
I have a licensed version of Kiwi 9.6 installed on a Windows 2016 Server. I was specifically hoping to use the "Spoof Network Packet" feature to forward packets to a downstream server. The help file says the server needs to be licensed (Done!) and that WinPcap must be installed. The problem is, WinPcap is deprecated for some time now, and not compatible (or at least not suggested) with Windows 2016. I use Npcap, which is the recommended way to go for W2016. I have even installed Npcap with WinPcap compatibility (a requirement of Wireshark) and that works correctly (with Wireshark). Unfortunately, with regards to the Kiwi server, something is still missing. The tick box is now available, but I cannot select a network adapter. Saving this config as is results in no data being sent.
↧
Kiwi Syslog Server limitations
Hi everyone,
I wonder if Kiwi Syslog Server has any limitation on how many servers that it can collect the logs from or how many servers can send the logs to the syslog server?
I know the Web Access has 4GB db limitation. What is the best practice for this limitation when you have more than 10 servers sending the logs to syslog server? I don't want to see only 1 or 2 day logs every day from Web Access. I hope at least 4GB db limitation can store like a month logs of all 10+ servers. I am trying first with the windows event logs (using the free tool Solwarwinds Event Log Forwarder)
Is there any limitation that i should be aware with Kiwi Syslog Server and Event Forwarder tool?
Another question:
Does Solarwinds Event Log Forwarder can work with other vendor syslog server? If so, which vendor and which syslog server product is that?
Thanks in advance!
↧
Is there any limitation of usage for the Free Version
Currently we're using the free version only to get logs from one device (firewall). Since we're a company, is it ok to just use the Free Version for as long as we need it for that one device, or do we actually have to buy the commercial license? Is there any term of usage that describes this?
↧
Kiwi Syslog Service Manager could not receive log from Solarwinds Log Forwarder
Server OS: Windows server 2016
Client OS: Windows 10 pro build 1511
Kiwi syslog service manager: Licensed 9.6
Kiwi syslog message generator: v2.2
Solarwinds event log forwarder: v1.2
Firewall status: both server and client are off.
I'm trying to use Solarwinds event log forwarder to forward client's event logs to server's syslog manager through TCP, but nothing shows up (Ports and IP address are done correctly). Activating license was my last resort, but result doesn't change.
I then tried using Kiwi syslog message generator, message finally received by syslog manager but after every one message was sent, TCP connection is constantly being cut off. Tried sending messages using UDP too, turns out UDP does nothing at all, no message no nothing (Again, ports are fine). Tried this method Kiwi Syslog Server service is halting regularly - SolarWinds Worldwide, LLC. Help and Support , doesn't work. Tried reinstalling syslog manager, no luck.
I tried to install Splunk on the server pc, and I managed to connect successfully with client's pc through TCP, which means there were no issues with the ports and connection.
Any help would be appreciated!
↧
↧
Kiwy syslog "Service running, but Service/Manager comm link is not connecting" on a virtual machine
Hi eveyone
I have a problem with my syslog server, it send he following messages:
Service running, but Service/Manager comm link is not connecting.
Unable to connect to Service socket on TCP port 3300
The server is installed on a windows 7 virtual machine on an vmware enviroment, I already verified the TCP port and it belongs to the syslog server, also the windows firewall is down
Do you have any ideas?
Regards
↧
Kiwi SyslogServer 9.6.6.1 is failing to stay up with TCP traffic on port 514
Hello Experts,
We have two instances of Kiwi 9.6.6.1(enterprise licensed) which are failing to stay up with TCP traffic over port 514. It fails with an unhandled exception "System.IndexOutofRangeException". If I try to send the normal burst messages using SyslogGen it works but for actual traffic it crashes. Tried to bind IP and disable UDP as well without luck.
We have DNS lookup disabled to achieve necessary speed. Our environment is Windows 2016.
Any suggestions would be of great help.
Thanks
Pradeep
↧
Can you push subscription and server configs?
I'm in the middle of deploying the syslog forwarder across our network. I'm hoping to save time I can push the install followed by the syslog server and subscription information. Is that possible?
↧