Can you point the log file to a UNC path or mapped drive? I want to be able to log to external storage. Every time I update the log path settings it defaults back to the original path. Can this be done?
↧
Log to file - UNC path or mapped drive?
↧
Parsing Kiwi Syslog Data
All,
I am trying to parse data that is received with Kiwi Syslog and then forward that parsed data to another syslog server that is viewed by other technicians. The issue I am having is that the server that sends the data is sending to much information that is not needed to the destination syslog server. I see that Kiwi Syslog does have the ability to do some parsing via VBscript. I was hoping someone could post a script that I could try that would parse the following data.
02-08-2019 14:25:19 User.Warning 172.16.0.145 Feb 8 20:25:19 Server1.penfield.edu ERAServer[743]: {"event_type":"Threat_Event","ipv4":"172.17.21.137","hostname":"Computer1.microsoft.com","source_uuid":"ecef5ff4-0535-42e2-9985-41110278b0db","occured":"08-Feb-2019 19:16:43","severity":"Warning","threat_type":"potentially unwanted application","threat_name":"JS/Spigot.B","scanner_id":"Real-time file system protection","scan_id":"virlog.dat","engine_version":"18843 (20190208)","object_type":"file","object_uri":"file:///C:/Users/JDoe/AppData/Local/Temp/scoped_dir6204_15059/CRX_INSTALL/background.js","action_taken":"cleaned by deleting","threat_handled":true,"need_restart":false,"circumstances":"Event occurred on a newly created file.","firstseen":"08-Feb-2019 19:16:43","hash":"B19897AB34E780D9F53E6AC8BE78BE26094693FD"}
The only data I need to pass to the other syslog server from Kiwi server is the following data,
"hostname":"Computer1.microsoft.com"
"threat_name":"JS/Spigot.B"
"object_uri":"file:///C:/Users/Jdoe/AppData/Local/Temp/scoped_dir6204_15059/CRX_INSTALL/background.js"
"scanner_id":"Real-time file system protection"
The parts marked in red do change. Is this possible?
Thanks,
Mike
↧
↧
Syslog configure to pull Exchange server message tracaking log
looking for a guide to configure syslog server with Exchange server to pull exchange message tracking logs into syslog server.
↧
Does KiwiSyslog server read syslogs from a file from the disk of local machine?
I want Kiwi Syslog component to read log files from disk. How can I configure it?
↧
Syslog server not receiving messages in TCP/SSL mode
Hello,
I have installed kiwi syslog server 9.6.3.3 eval version and trying to configure syslog in TCP SSL mode.
First, these are the steps I following to configure the server:
a) created a self signed certificate using java keytool.
b) imported into windows certificates personal and trusted roots folder.
c) selected the imported certificate in kiwi setup configuration.
After following the above steps , I got below error in Event log file.
2017-11-29 16:40:06 Unable to bind secure TCP listener to port 6514 There might be a problem with the certificate provided.
After googling for this error, I got below link and used IIS server to create a self-signed certificate
Re: Kiwi Syslog Server does not display secure ASA syslogs
After configuring certificate which is generated from IIS, I started getting below error.
2017-11-30 12:37:30 Source: C:\Windows\SysWow64\mswinsck.ocx Error: Socket is non-blocking and the specified operation will block
But , I was able to receive messages in SSL mode using java code running in same box where syslog server is installed. If I try to run same java code from any box other than kiwi server, it is not receiving messages.
Observed similar behavior for TCP mode as well.
How to check syslog server is configured correctly or not? Is there any way to do that?.
Thanks in Advance!!
↧
↧
TCP Syslog Does Not Work in Latest Version
I use kiwi syslog server a lot for testing syslog. It seems like in the latest version there are issues with TCP. I'm verifying with the Kiwi Syslog Message Generator. Seems like with syslog server version 9.4.1 TCP connects and works, but in latest version 9.6.3 it does not connect for some reason. When I try to connect TCP with message generator it says "TCP session remotely disconnected" using the same tool the same exact way, it works with version 9.4.1. I'm using the syslog message generator tool on the same machine as the syslog server. Is this a known issue, or am I missing something? Any suggestions or help would be much appreciated. Thank you very much.
↧
Kiwi Syslog not receiving any message
Hello,
I just installed Syslog on a Windows 8 VM (ESXi 5.5).
However... I don't received any message from the router (Cisco RV042G) I want to log.
I tried the generic troubleshhoting :
• Check network connectivity by pinging from the sending device to the Syslog Server machine => OK
• Check only one instance of Kiwi Syslog Server is running (Ctrl-Shift-Esc to get the task-list) => OK, only one
• Disable any personal firewall software such as ZoneAlarm or BlackIce => Disabled
• Use a sniffer to check if messages from the routing are reaching the PC => Yes, I can see them
• Check DNS resolution is working as expected by pinging a hostname from the Command Prompt => OK
• Check that there is a "Display" action setup for the facility and level you are expecting to receive messages on. => OK
• Send a test message to yourself by pressing Ctrl+T => Displayed
• Download a copy of the Free Syslog Server Message Generator (SyslogGen) from: www.kiwisyslog.com/downloads => Done
• Install SyslogGen and set it to send a message every second to the address 127.0.0.1 (local host). => Not displayed, and I don't see them in a local packet capture.
• Try sending messages with SyslogGen from another machine to the host running the Syslog Server => Not displayed, but see them on a packet capture (on Syslog PC)
Do you have any idea about the cause of this issue ?
Thanks in advance for your help.
↧
'How much traffic can Kiwi Syslog Server handle?'
according to the FAQ.. Our software is built and tested to support more than two million messages an hour without tuning. (That would support more than 500 machines each sending one message a second.)
This blog says to split out your busiest syslog source...
But what do you do when a single source exceeds 600-1000 messages per second? eg., upstream syslog aggregator or firewalls
↧
kiwi syslog server 9.6.6.1 service automaticaly stopped
my company has the kiwi syslog server v 9.6.6.1 and today my kiwi automaticaly stopped. i received in application event viewer message
Application: Syslogd_Service.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IndexOutOfRangeException
Stack:
at SolarWinds.SyslogServer.Engine.NetworkingDeamon.ProcessTcpMessage(System.Net.Sockets.TcpListener, System.Text.Encoding, System.Collections.Generic.List`1<System.String>)
at SolarWinds.SyslogServer.Engine.NetworkingDeamon+<>c__DisplayClass11.<ReinitTcp>b__d()
at SolarWinds.SyslogServer.Engine.Implementation.WatcherThread.<.ctor>b__0()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
and
Faulting application name: Syslogd_Service.exe, version: 9.6.6.1, time stamp: 0x5c013768
Faulting module name: KERNELBASE.dll, version: 6.3.9600.19178, time stamp: 0x5bc10573
Exception code: 0xe0434352
Fault offset: 0x00015ef8
Faulting process id: 0x%9
Faulting application start time: 0x%10
Faulting application path: %11
Faulting module path: %12
Report Id: %13
Faulting package full name: %14
Faulting package-relative application ID: %15
what i do?
↧
↧
Kiwi Syslog Manager 9.6.6.1 is failing to open
Hello Team,
I tried to install Kiwi server on newly build WIndows 2016. The service starts successfully but console fails to start with below error. Is there something I need to do additional? Haven't seen this error with previous installs.
THE FOLLOWING INTERNAL PROGRAM ERROR HAS OCCURRED:
Manager Version = 9.6.6.1
Error Number: -2146234304
Description: Automation error
Module Name: Syslogd.frm
Procedure Name: Startup
Line Number: 2250
Date and time: 5/14/2019 2:08:00 AM
Thanks
Pradeep
↧
Kiwi SyslogServer 9.2.0 (Eval) and WebAccess Error
Hi,
WebAccessdoes notwork for meinthetrial version.I getthe followingerrormessage.
"An error occurred while initializing this session.
The session has been abandoned.
Kiwi Syslog WebAccess requires Kiwi Syslog Server to be online, but it is offline."
The serviceshave beencheckedandarestarted.
Can youprovidethisupdate (9.2.1) forthetrialversionis available, otherwiseIcannottestWebAccess.Thisisourdecision to buybutveryimportant.
Regards
Jochen
↧
Can not receive message from Cisco switch 3750
Hello guys,
I setup kiwi syslog server and could receive message from other devices, such cisco switch 2960, 5510, and windows server. But can not get any message from 3750. I enclosed 3750 configuration as below. Please help to take a look and where am I wrong. Thank you.
logging trap notifications
logging facility local5
logging 192.168.0.51
↧
log forwarder error
i installed log forwarder 2.1.0 on my windows server 2008. i set my kiwi syslog server, i configured subscription for sending system logs from my server. when i click to test button, the test is ok, but in event viewer i receive in log solariwinds.net i receive message
Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
also, my kiwisyslogserver does not receives messages. where is problem
↧
↧
Can we use the Kiwi Syslog as a syslog forwarder.?
Hi,
We have a Linux box running the SDN services and acting as a Gateway. The vendor who provided this Linux box says that the have a restriction that it can forward the Syslog messages to only one Syslog server / collector.
We are currently in a situation that we are looking for a syslog server which can receive the syslog messages from this Linux box and then forward them to other syslog servers/collectors.
Is it possible to use the Kiwi Syslog server as a syslog forwarder. ?
↧
How to open old log files with Syslog Web Access?
I have logs saved to separate files every day. At the end of the quarter, I will need to look thru the logs to collect statistics for the report.
Is there a way for me to use Syslog Web Access to look thru the old log files and filter out information that I need?
I am using Syslog v9.5
↧
Kiwi Syslog Service hanging
1st time starting a discussion.
1st time working with Kiwi Syslog.
Let me know if I'm in the wrong place.
I am very new to Syslog Servers.
I'm a Route/Switch type guy.
We are using Kiwi Syslog to get Call Manager Call Traces for troubleshooting.
This Instance of Kiwi Syslog was working fine as a Guest VMware Server on a Host Server.
We used the app Veeam to move the Kiwi Syslog VMware Guest Server to another Host.
This issue started after the copy/move of the Kiwi Syslog
No IP addresses were changed, it's on the same network as before.
It starts up, logs are being received, and then they stop.
If you try to start the service, it tells you it's already running.
At the bottom of the Kiwi Syslog Service Manager, you can see the MPH indicator has stopped.
Looking at the correct folder I can see the logs are no longer being received.
If I stop the service and start the service it starts.
There is a script that tells it to restart every morning at 4am, and it will do this.
Below is the error event seen when it stopped last time.
Windows Server 2012 R2
64 -bit OS
Has anyone seen this type of issue before?
Any help would be greatly appreciated,
Mhaley
↧
SolarWinds.SyslogServer.Engine.log
Hi, I was hoping someone can explain the log files ('SolarWinds.SyslogServer.Engine.log') created in the Syslogd folder to me. What purpose do they serve? Are they safe to delete? Can I set them to be created in a different directory?
Thank you.
↧
↧
Forward Event Viewer subscriptions with Event Log Forwarder for Windows
Has anyone been able to forward subscribed events (from other machines) to Kiwi Syslog server using Event Log Forwarder for Windows? I am trying to setup a single point to collect events to be forwarded to our syslog server.
I setup a test and subscribed to events from another machine to be placed in the Windows Logs -> Application. I see the forwarded events in Windows Event Viewer, but when viewing the "preview of matching event records" (Event Log Forwarder for Windows) I only see the events sources from the computer running the event log forwarder. (see the attached screenshot)
Thanks!
Jeremy
↧
sys log server errors "FormatMessage failed with 1815" help please!!
Good day Community,
I am experiencing an urgent issue. The sys log server forwarder is forwarding the following message to the KIWI sys log server. The actual security logs are showing the correct information, however the message below is being showed. I thought it was the server, but wen I added another sever to forward security logs, I am getting the same message as shown below.
Can anyone who have encountered this message or know how to resolve this issue. The security logs are on the server and I can view them using event viewer properly and audit logs are reflecting fine.
I would really appreciate your humble assistance or comments.
Apr 08 14:36:34 CASSIOPEIA1.carimed.local MSWinEventLog 5 Security 495 Wed Apr 08 14:36:33 2015
4624 Microsoft-Windows-Security-Auditing N/A Audit Success CASSIOPEIA1.carimed.local 12544
The description for Event ID 4624 from source Microsoft-Windows-Security-Auditing cannot be
found. Either the component that raises this event is not installed on your local computer or
the installation is corrupted. You can install or repair the component on the local computer.If
the event originated on another computer, the display information had to be saved with the
event.The following information was included with the event: S-1-0-0. FormatMessage failed with
error 1815, The specified resource language ID cannot be found in the image file.
↧
unable to bind snmp listner to any adaptor on specified port 162
Installed Kiwi syslog 9.5 in Windows 2012 R2 server(in Virtual Machine). We need to configure SNMP listner in Kiwi syslog , to recieve SNMP logs from application.
SNMP trap service is stopped & Windows Firewall is stopped.
Error : unable to bind snmp listner to any adaptor on specified port 162.
↧