Hi Folks, I am starting to evaulate Kiwi Syslog Server and one of the main requirements will be how we provision HA (High Availability)

I have seen some posts regarding the use of LB's (Load Balancers) but these posts are pretty old and don't go into that much detail.

I'm hoping that someone can point me in thr right direction.

If we use 2 LB's in a cluster (probably Netscalers) all clients will connect to the LB VIP.

I'm "guessing at this stage" that the LB's will send all trafiic to one of 2 Kiwi Syslog servers (lets call them Kiwi A and Kiwi B where Kiwi A is the current live server)

We are resilient against the loss of a LB (as theye are operating in a HA Cluster)

If we lose Kiwi A, traffic will be redirected to Kiwi B.

Thoughts/Comments

If we lose a LB, we will probably lose syslog records - I don't think its possible to avoid this (even if we use TCP)?

If we lose Kiwi A, syslog records will be redirected to Kiwi B by the LB (again, I think we could lose some syslog records)

If we need old logfiles on Kiwi A (that isn't now available) - I guess we can't unless Kiwi A writes to a CIFS share (that Kiwi B also writes to) ???

If we don't have access to a direct CIFS share, could we use Windows DFS (so that Kiwi A is replicating to Kiwi B and vice-versa) - again, I think we will miss records.

So basically, if we lose Kiwi A, and the LB starts writing to Kiwi B, Kiwi B will have the replicated records (via DFS from Kiwi A)

Kiwi B should pretty much have almost all of the records available (would need to test this against busy input devices)

Before we go down this road and start testing, It would be great if anyone has any information/feedback/comments  they could provide.

Many Thanks.

Hi,

We have a Linux box running the SDN services and acting as a Gateway. The vendor who provided this Linux box says that the have a restriction that it can forward the Syslog messages to only one Syslog server / collector.

We are currently in a situation that we are looking for a syslog server which can receive the syslog messages from this Linux box and then forward them to other syslog servers/collectors.

Is it possible to use the Kiwi Syslog server as a syslog forwarder. ?

How can we design Kiwi syslog server in High availability , Does it required cluster setup (or) Load balancer setting, or any in built  product HA capabilities available

according to the FAQ.. Our software is built and tested to support more than two million messages an hour without tuning.   (That would support more than 500 machines each sending one message a second.)

Hi all !

past weekend we were unable to login to to Kiwi Syslog webaccess as a result of the follow error message:

" Session initialization error
An error occurred while initializing this session.
The session has been abandoned.

Event database initialization failure.
The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ] "

I have taken a look at the errorlog of Kiwi and noticed that there are three messages regarding this error:

2010-11-15 11:51:35 SolarWinds.KiwiSyslog.WebAccess.Data error: General exception. System.Runtime.InteropServices.SEHException: External component has thrown an exception. at System.Data.SqlServerCe.NativeMethods.ExecuteQueryPlan(IntPtr pTx, IntPtr pQpServices, IntPtr pQpCommand, IntPtr pQpPlan, IntPtr prgBinding, Int32 cDbBinding, IntPtr pData, Int32& recordsAffected, ResultSetOptions& cursorCapabilities, IntPtr& pSeCursor, Int32& fIsBaseTableCursor, IntPtr pError) at System.Data.SqlServerCe.SqlCeCommand.ExecuteCommandText(IntPtr& pCursor, Boolean& isBaseTableCursor) at System.Data.SqlServerCe.SqlCeCommand.ExecuteCommand(CommandBehavior behavior, String method, ResultSetOptions options) at System.Data.SqlServerCe.SqlCeCommand.ExecuteNonQuery() at SolarWinds.KiwiSyslog.WebAccess.Data.Logger.KiwiSyslogEventUpdate(Object state)

2010-12-04 20:58:48 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ]

2010-12-04 21:22:04 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ]

I start/stopped the webserver service without any success on saturday.
This morning i tried to access the page again and I got correctly redirected to http://10.x.x.x:8088/gateway.aspx.
At the moment the login is possible but I'm concerned that my database file may be corrupted!

Do you have any suggestions for me?

Thanks in advance!

Dan

As you all may recall, it's been 7 months since Kiwi Syslog v9.5 was posted (see Kiwi Syslog 9.5 is now Available! ).  I am very much looking forward to a major release (i.e. v10).  What would this new version contain?  I have a few things in my wish-list...

• Increased the of number of syslog messages and snmp traps that can Kiwi can handle. According to a posting on Geek Speak (How many messages can Kiwi Syslog manage?), Kiwi can handle between 400 and 600 messages per second.  I'd like to see that go all the way up to 2,000 messages (or more).
• Rules Wizard (for the novice and those of us with diminished brain-cells due to age. 
• Full web-based management option.  I don't know about other Thwackers, but I prefer not to use Win32 (via RDP) whenever possible.
• Additional Polling Engine option for Kiwi.  This, so we can have multiple servers handle syslog messages and snmp traps.

I am sure that other Thwackers have many other items in their respective wish-list for Kiwi.  I'd like to hear from you.  And, of course, I'd like to hear from the Kiwi PM, to tell us what's in the Roadmap for the next Kiwi release.  Have a great day, everyone!!! 

There are 3 things that you need to consider when migrating Kiwi Syslog Server:

1. Configuration - to back them up, simply open the Kiwi Syslog Server Manager and click "File -> Export Settings to INI" .
2. Logs - Manually copy Syslog messages log files. Under Setup, look for all Log to file - action and take note of the path and file name.
3. License - Deactivate the license from the old server using License Manager Tool first so that you can transfer the license to the new server. Please take note that Activation Key will be different once the license is deactivated. You can refer to the following video for more detail information:
   • http://knowledgebase.solarwinds.com/kb/questions/1915/How+Do+I+Use+License+Manager%3F

We are filtering incoming messages in our Kiwi server to catch specific error conditions, successfully wrote a filter to meet our needs, wrote a trap to forward the message to our Orion server, but we want to have the original ip address (preferably the server name) in the message forwarded to the Orion server, not the ip address of the Kiwi server.  In the trap the "Forward SNMP Trap without changing" and "Retain original source address of the SNMP Trap" are set.  Are their any other Kiwi settings or actions that can be done to get the originating server address forwarded to the Orion server, not the address of the Kiwi server?  

The latest version of Kiwi Syslog Server 9.6.5.3 still uses SQL Compact 3.5 SP2 which is an automatic failure on our security scans because of its EOL status.  I asked Solarwinds tech support for some guidance (Case #00172414) on replacing SQL Compact 3.5 with version 4 to which they replied, "SQL Compact is part of the UltiDev Web Server and we don't have control over that, which is a third party application we use." 

I've tried removing and reinstalling Kiwi with SQL Server Compact 4 pre-installed, but the install wizard wouldn't detect version 4 and insisted on installing 3.5 SP2.  I'll try tinkering with the install and checking the vendor who makes the web server but I gotta ask, "Has anyone out there been able to swap out SQL Compact 3.5 SP2 for version 4 or something higher?"

Thanks...

my company has the kiwi syslog server v 9.6.6.1 and today my kiwi automaticaly stopped. i received in application event viewer message

Application: Syslogd_Service.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.IndexOutOfRangeException

Stack:

   at SolarWinds.SyslogServer.Engine.NetworkingDeamon.ProcessTcpMessage(System.Net.Sockets.TcpListener, System.Text.Encoding, System.Collections.Generic.List`1<System.String>)

   at SolarWinds.SyslogServer.Engine.NetworkingDeamon+<>c__DisplayClass11.<ReinitTcp>b__d()

   at SolarWinds.SyslogServer.Engine.Implementation.WatcherThread.<.ctor>b__0()

   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)

   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)

   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)

   at System.Threading.ThreadHelper.ThreadStart()

and

Faulting application name: Syslogd_Service.exe, version: 9.6.6.1, time stamp: 0x5c013768

Faulting module name: KERNELBASE.dll, version: 6.3.9600.19178, time stamp: 0x5bc10573

Exception code: 0xe0434352

Fault offset: 0x00015ef8

Faulting process id: 0x%9

Faulting application start time: 0x%10

Faulting application path: %11

Faulting module path: %12

Report Id: %13

Faulting package full name: %14

Faulting package-relative application ID: %15

what i do?

What it does:

Log Forwarder for Windows allows you to forward Windows events as Syslog to your Kiwi Syslog Server

• Works on Windows XP, 2003, Vista, and 2008 (32-bit or 64-bit)
• Provides .MSI version for silent installs, allowing use with remote software distribution systems (e.g., Microsoft SMS)
• Enables definition of filters that describe which events are forwarded

How to get it:

If you download the Kiwi Syslog Server 9.0 from your customer portal, you will see there is an additional Log Forwarder executable included with your download.   The Log Forwarder for Windows was developed by the Kiwi Syslog team.  It is available at no cost to Kiwi Syslog customers current on maintenance.

Try it out and let us know what you think!

Hi,

Then syslogd service runs fine on our windows server 2016 DC.

But if we open the console, it hangs. Memory and CPU load are ok.

Any idea what I can check ?

Best Regards,

Wouter Jinssen

Siemens

Hi all,

Is there a way that I am able to have Kiwi Syslog read from or import from a text file or CSV file that may be generated by a program that does not support Syslog?

Thanks.

I just installed kiwi syslog 9.5, I would like to have log actions to a sql database. I have created the table but the syslog server won't log the traffic to the database,when I click the test button the syslogd service stops. It does this every time, how do I make this syslog server log to the database?

Kiwi Syslog server, SQL2008R2 using a OBCC SQL connector.

Any thoughts?

I cannot find instructions anywhere for the recommended method of upgrading.  Do I just run the setup?  What about the log forwarder?  The upgrade docs must be here somewhere and I just apparently am a failure when it comes to finding them.

Thanks.

Debbi

Hi,

I use Kiwi Syslog Server on Windows Server 2016.

I got an error on Kiwi Syslog Server due to conflict with Windows Update several times.

1) Performed on April 26, 2017

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.5.2

The following patchs were installed by Windows Update successfully.

KB4015217

KB890830

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

2) Performed on May 19, 2017

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.1

The following patchs were installed by Windows Update successfully.

KB3150513

KB4019472

KB890830

KB4013418

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'XceedZip.dll' or one of its dependencies not correctly registered: a file is missing or invalid.

---------------------------

[Resolution]

Both cases, I uninstalled and re-installed Kiwi Syslog Server.

Please refer:

https://support.solarwinds.com/Success_Center/Kiwi_Syslog_Server/KSS_error_Component_XceedZip_dll_or_one_of_its_dependencies_not_correctly_registered_a_file_is_missing_or_invalid

3) Performed on June 21, 2017

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.1

The following patchs were installed by Windows Update successfully.

(KB3186568)

(KB4023834)

(KB4022715)

(KB890830)

(KB3150513)

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'XceedZip.dll' or one of its dependencies not correctly registered: a file is missing or invalid.

---------------------------

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

==================================

4) Performed on April 3, 2018

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.3

The following patchs were installed by Windows Update successfully.

KB4089510

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

==================================

==================================

5) Performed on June 29, 2018

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.3

The following patchs were installed by Windows Update successfully.

KB4284833

2018-06 x64 ベース システム用 Windows Server 2016 の累積更新プログラム (KB4284833)

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

==================================

メッセージ編集者: JTC Osaka After Windows Update(2018-June), KSS can not start again.

=========================================================

6)

Performed on Nov 22, 2018

*Environment

- Windows Server 2016

- Kiwi Syslog Server version 9.6.3

The following patchs were installed by Windows Update successfully.

--------------------------

2018-11 x64 ベース システム用 Windows Server 2016 更新プログラム (KB4465659)

2018-11 x64 ベース システム用 Windows Server 2016 の累積更新プログラム (KB4467691)

悪意のあるソフトウェアの削除ツール x64 - 2018 年 11 月 (KB890830)

--------------------------

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

メッセージ編集者: JTC Osaka  2018/11/29 15:31

==================================================================

7)

Performed on March 4, 2019

*Environment

- Windows Server 2012 R2

- Kiwi Syslog Server version 9.6.6.1

The following patchs were installed by Windows Update successfully.

--------------------------

- 2019-02 x64 用 Windows 8.1 および Server 2012 R2 の .NET Framework 3.5、4.5.2、4.6、4.6.1、4.6.2、4.7、4.7.1、4.7.2 用セキュリティおよび品質ロールアップ (KB4487080)

- 2019-02 x64 ベース システム用 Windows Server 2012 R2 向けセキュリティ マンスリー品質ロールアップ (KB4487000)

- 悪意のあるソフトウェアの削除ツール x64 - 2019 年 2 月 (KB890830)

--------------------------

Then KSS is unable to load and presents the following error:

---------------------------

Syslogd

---------------------------

Component 'ipdaem160.ocx' or one of its dependencies not correctly registered: a file is missing or invalid

---------------------------

[Resolution]

I uninstalled and re-installed Kiwi Syslog Server.

メッセージ編集者: JTC Osaka 2019/03/04 10:44

*Kiwi Syslog Server V.9.1.0
*Windows 2008 SP1 and SP2 64bit

Our client encountered a Kiwi Syslog WebAccess installation error.

The error message is as follows:
=============================================
The installer has encountered an unexpected error
installing this package. This may indicate a problem
with this package.The error code is 2869.
=============================================
*Kiwi Syslog Server service runs correctly.

*The client stopped Anti-Virus service before the installation.

Are there some information to resolve the problem?

Dear All,

I try to configure kiwi 9.4 syslog server for mikrotik but failed. Would you please help to provide a step by step configuration method?

Does anyone know of a way to import/export rules to/from KiWi Syslog Server via command line or other means?

We have a very heavily utilized LEM with a "farm" of KiWi syslog servers sitting behind a load balancer.  When ever we change the rule on one KiWi server, we need to manually export the rule and import it to the KiWi servers.

We would like to find a way to script this, but we cannot find any relevant CLI options in the admin guide.  If anyone has done this or has a suggestion, it would be greatly appreciated.

If this is not possible, then would anyone find interest in a supporting a feature request to have a centralized management console for large deployments of KiWi syslog servers?

Thanks!