Will syslog actually be able to read message content such as email and imessage etc
↧
Will syslog actually be able to read message content such as email and imessage etc
↧
KiwiSyslog Evaluation - Log4Net and XML
Hello,
I've started evaluating KiwiSyslog Server.
We will be using KiwiSyslog Server (gui and webclient) to listen to UDP traffic broadcasted by our applicaitons by the Log4Net Library.
I was able to receive the traffic in the following default form which is not what I'm looking for.
Contacted Sales Support and they told me to search the forums (nothing relevant found) and post a thread here if I still need assistance.
Will be glad for some assistance because This SysLog server does exactly what we need but the output formatting is too RAW.
The default fields look like this:
Date, Time, Priority, Hostname, Message.
I'm not interested in these fields except Message which contains all relevant information.
The problem is the "Message" field is in "Log4Net" format which is basicly a kind of XML.
I"ve tried writing custom scripts but wasn't able to succeed.
I would be glad for some assistance in parsing this output and using these fields.
Here is an example of the "Message" syntax:
<log4net:eventlogger="Logger"timestamp="Timestamp"level="Level"thread="Thread"domain="Domain"username="Username">
<log4net:message>Message</log4net:message>
<log4net:properties>
<log4net:dataname="DataName"value="DataValue"/>
</log4net:properties>
<log4net:locationInfoclass="Class"method="Method"file="File"line="Line"/>
</log4net:event>
In the above format, the boldblack text are the fields the value in these attributes/keys should be.
Thanks in advance,
Idan.
↧
↧
Kiwi Syslog 9.4 Release Candidate is Now Available!
The engineering effort on Kiwi Syslog Server (KSS) v9.4 Release Candidate has been completed. RC is the last step before general availability and is a chance for existing customers to get the newest functionality before it is available to everyone else.
You will find the latest version on your customer portal in the Release Candidate section.
Here is the content of this RC version:
- Moving to a new web server
This change brings a lot of new functionality "for free". Examples:- SSL (https) support for Web Access
- Process health monitoring
- TCP port sharing
- And much more! (See UltiDev Web Server Pro pages for details.)
- Active Directory authentication for web access
- Alerting for Message Queue Monitor
Be notified when the number of messages in the message queue crosses certain threshold. This indicates there might be performance problems and gives you chance to take an action before messages get dropped. - Bug Fixes / resolved cases:
AD support for Kiwi web access | |
3 questions regarding Kiwi Syslog Web Access | |
AD support for Kiwi web access | |
Kiwi Syslog accounts - AD tie in? | |
active directory authentication | |
AD/LDAP Support for Web Console | |
Kiwi Syslog Web User authentication via AD/LDAP | |
Broken Support link | |
Utra Dev Cassini Web Server Service | |
After web access installation, Cassini Web service stops | |
Feature Request - Support Newer UltiDev Cassini Server | |
WebAdmin: HTTPS for Web Front End | |
SSL for Web Access | |
https for Kiwi web interface | |
Alerting for Message Que Monitor | |
Availability of Buffer statistics for alerting and reporting | |
Milliseconds in Syslog in Descending Order! | |
Feature Request - Email Summarization | |
Database maintenance settings in Kiwi Syslog Webaccess doesn´t work | |
Reducing number of syslogs on web access | |
Question | |
Radio button missing text on Archive Schedule Destination tab | |
Wrong version displayed when cancelling licensing | |
sounds not playing on alert | |
"play a sound once" does not work | |
Service crash after ORACLE ODBC configuration | |
Status on 9.3.4 | |
Problem Creating Table for Oracle 11g Release 11.2.0.3.0 | |
Ability to see full list of devices |
RC builds are made available to existing customers prior to the formal release. These are used to get customer feedback in production environments and are fully supported.
↧
Kiwi Syslog and Log Forwarder
Greetings,
We're evaluating the above product but can't seem to get the forwarder to work under win 2003 sp2....is it compatible, supported,...??!
Many thanks in advance.
↧
Reliability of Kiwi sysloger when "Forward to remote host "action is specified
Hi,
I am evaluating Kiwi sysloger. I am wondering about the reliability of msg delivery when "Forward to remote host" action is specified.
I saw in the help section that there exists a KRDP protocol which can resend the logs msgs that didnt reach the remote host (lets say another syslog server running in linux box).
It would be great if someone can point me to the documents which will describe various possible option to ensure reliable delivery of msgs. And also if the answer is to use KRDP then what are the required changes in the remote host to enable reliable communication?
↧
↧
Kiwi Syslog not displaying Cisco ASA 5505 syslogs
I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.
I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.
I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.
I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.
Any ideas?
↧
Log Forwarder for Windows (available to all Kiwi customers on maint)
What it does:
Log Forwarder for Windows allows you to forward Windows events as Syslog to your Kiwi Syslog Server
- Works on Windows XP, 2003, Vista, and 2008 (32-bit or 64-bit)
- Provides .MSI version for silent installs, allowing use with remote software distribution systems (e.g., Microsoft SMS)
- Enables definition of filters that describe which events are forwarded
How to get it:
If you download the Kiwi Syslog Server 9.0 from your customer portal, you will see there is an additional Log Forwarder executable included with your download. The Log Forwarder for Windows was developed by the Kiwi Syslog team. It is available at no cost to Kiwi Syslog customers current on maintenance.
Try it out and let us know what you think!
↧
Kiwi syslog IPv6 support roadmap
Does Kiwi syslog support IPv6 at future version?
↧
Doc, KB and Getting Started
↧
↧
Syslog and Log Forwarder
Greetings all,
Just posted this in the wrong forum, I believe, trying here.
We're evaluating Kiwi Syslog Server and the Log Forwarder but can't seem to get LF to work under win 2003 sp2, works flawlessly under 2008 R2.
Any ideas? I've checked the firewall(s), re-installed, etc. Test messages get generated and recorded in event manager but never get to the syslog server.
Thanks in advance.
↧
Error 1053 when starting Kiwi Syslog Server
Hi,
When trying to start the Kiwi Syslog Server we are receiving the following error: Error 1053: The service did not respond to the start or control reqest in a timely fashion.
We also get the following messages in Event Viewer:
A timeout was reached (30000 milliseconds) while waiting for the Kiwi Syslog Server service to connect.
We are using the free version and had it running quite happily for 2 months before this issue occured. I can't find what may have changed on the day it started to fail. The tool is running on a Win7 Enterprise machine. I have tried the changes suggested here: http://knowledgebase.solarwinds.com/kb/questions/4386/Kiwi+Syslog+Server+Service+Startup+Failure+in+Versions+9.3.3+and+9.3.4 but they didn't work. I have also read the following but the service for me doesn't start no matter what account is used: http://thwack.solarwinds.com/thread/45470
Any suggestions would be greatly appreciated!
↧
Syslogd_Service.exe crash - out of stack space
I am evaluating Kiwi Syslogd to front-end and filter syslog traffic since we are having performance problems and service crashes using the NPM Syslog Service. Here is the hardware platform:
HP DL385G7
2x AMD Opteron 6174 2.2GHz 12-core processors
32GB memory
RAID-1 for OS/Syslog
Windows Server 2008 R2 x64 Enterprise SP1
I installed Kiwi Syslogd and it ran for about an hour before it crashed with this failure:
Log Name: Application
Source: Application Error
Date: 3/15/2012 10:42:42 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: *********
Description:
Faulting application name: Syslogd_Service.exe, version: 9.2.0.1, time stamp: 0x4d069c0f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000a
Faulting process id: 0x91d0
Faulting application start time: 0x01cd02c944ab6d53
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Service.exe
Faulting module path: unknown
Report Id: 43e40d87-6ec6-11e1-a52f-3cd92b024752
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-03-15T17:42:42.000000000Z" />
<EventRecordID>2945</EventRecordID>
<Channel>Application</Channel>
<Computer>************</Computer>
<Security />
</System>
<EventData>
<Data>Syslogd_Service.exe</Data>
<Data>9.2.0.1</Data>
<Data>4d069c0f</Data>
<Data>unknown</Data>
<Data>0.0.0.0</Data>
<Data>00000000</Data>
<Data>c0000005</Data>
<Data>0000000a</Data>
<Data>91d0</Data>
<Data>01cd02c944ab6d53</Data>
<Data>C:\Program Files (x86)\Syslogd\Syslogd_Service.exe</Data>
<Data>unknown</Data>
<Data>43e40d87-6ec6-11e1-a52f-3cd92b024752</Data>
</EventData>
</Event>
---------------------------
The following was in the Syslogd Errorlog.txt:
2012-03-15 09:32:52 Command line license key accepted.
2012-03-15 10:42:41 *** INTERNAL PROGRAM ERROR - Please contact http://www.kiwisyslog.com/support/ ***
2012-03-15 10:42:41 Service Version 9.2.1 | Error Number: 28 | Description: Out of stack space | Module Name: Syslogdsvc.frm | Procedure Name: SyslogSocket_DataArrival | Line Number: 260 | Date and time: 3/15/2012 10:42:41 AM
---------------------------
I have opened SolarWinds case #323438 regarding this.
↧
Kiwi Syslog failed to start - error code 1053 - System local account
Hi people !
I am testing Kiwi Syslog Server Service edition with Evaluation Version....
I am running Kiwi on a 2008r2 SP1 (R2 is x64).
I am trying to run the Kiwi daemon with the system local account ; but i have the error 1053 poping:
" The service did not respond to the start or control request in a timely fashion "
I tried to adjust the timeout Value in the Registry to 60 (30 by default) ; no way the kiwi syslog Service don't start.
I created the debugging value to see what happening on startup, but i have only :
2011-11-21 18:50:19 Start-up file Initialized.
2011-11-21 18:50:19 Performing NT Service setup for Kiwi Syslog Server
2011-11-21 18:50:19 Service Starting - NTServiceSetup
--
When i am using the administrator account of the server ; the service starts quickly ...here is the debug log :
2011-11-21 19:03:44 Start-up file Initialized.
2011-11-21 19:03:44 Performing NT Service setup for Kiwi Syslog Server
2011-11-21 19:03:44 Service Starting - NTServiceSetup
2011-11-21 19:03:44 Service startup triggered. Parameters:
2011-11-21 19:03:45 Startup entered
2011-11-21 19:03:45 About to initialise sockets
2011-11-21 19:03:45 Listening on InterApp TCP port 3300
2011-11-21 19:03:45 Listening on UDP port 514
2011-11-21 19:03:46 Message check timer started
2011-11-21 19:03:46 Startup completed
But for security reason i can't use an admin Account, i need to use the local system account.
--
I ran procmon to see what's wrong ; no errors about File/Registry denied access.
When using Local system account, the process stops here :
--
When using an Admin account , the process starts, and "hits" an .INI file (KRDP_Sessions.ini) :
--
Can you have any information on this ?
Regards,
↧
↧
Reliability of Kiwi sysloger when "Forward to remote host "action is specified
Hi,
I am evaluating Kiwi sysloger. I am wondering about the reliability of msg delivery when "Forward to remote host" action is specified.
I saw in the help section that there exists a KRDP protocol which can resend the logs msgs that didnt reach the remote host (lets say another syslog server running in linux box).
It would be great if someone can point me to the documents which will describe various possible option to ensure reliable delivery of msgs. And also if the answer is to use KRDP then what are the required changes in the remote host to enable reliable communication?
↧
Kiwi Syslog not displaying Cisco ASA 5505 syslogs
I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.
I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.
I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.
I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.
Any ideas?
↧
Kiwi Syslog Forwarder windows 2008R2 Invalid Subscription
I am setting up the Kiwi Log Forwarder for windows 2008R2 If i select all the logs ( the logical thing to do in my opinion) I get an "Invalid Subscription error" 
What is the fix for this as 23 event logs does not cover the list of secondary logs in windows 2008R2
Thank you
↧
Kiwi Syslog and Log Forwarder
Greetings,
We're evaluating the above product but can't seem to get the forwarder to work under win 2003 sp2....is it compatible, supported,...??!
Many thanks in advance.
↧
↧
Does Kiwi Syslog server 9.4 support SNMP v3?
Does Kiwi Syslog server 9.4 support SNMP v3?
↧
Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)
PROBLEM - pfSense syslogs for firewall event is split into two lines when it is sent to Kiwi syslog app.
Is there a way to edit configuration or parsing script to parse the pfSense event as one similar to what the Splunk app can do see link http://www.basementpctech.com/content/pfsense-log-analysis-splunk
I understand that this is a PFsense tcpdump/issue, but I have already tried changing link http://redmine.pfsense.org/issues/1938 without any luck, it just don't work, tried all combinations of changes without any luck.
Pfsense version = 2.0.1-RELEASE, (amd64) , built on Mon Dec 12 18:16:13 EST 2011 ,FreeBSD 8.1-RELEASE-p6
I would really appreciate any help with this, as I have already exhasted searching for a working soloution using Kiwi Syslog, and the only thing holding me back from purchasing this application.
Appreciate any help on this..........
Example from Kiwi Syslog
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:50:56:9d:53:fc [|bootp]
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 10.x.x.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:56:9d:53:fc, length 313, xid 0xf7d8ecbb, secs 3328, Flags[bcast]
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 00:00:08.003040 rule 1/0(match): block in on em0: (tos 0x0, ttl 128, id 12646, offset 0, flags [none], proto UDP (17), length 341)
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:xx:56:9d:53:fc [|bootp]
↧
Syslogd_Service.exe crash - out of stack space
I am evaluating Kiwi Syslogd to front-end and filter syslog traffic since we are having performance problems and service crashes using the NPM Syslog Service. Here is the hardware platform:
HP DL385G7
2x AMD Opteron 6174 2.2GHz 12-core processors
32GB memory
RAID-1 for OS/Syslog
Windows Server 2008 R2 x64 Enterprise SP1
I installed Kiwi Syslogd and it ran for about an hour before it crashed with this failure:
Log Name: Application
Source: Application Error
Date: 3/15/2012 10:42:42 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: *********
Description:
Faulting application name: Syslogd_Service.exe, version: 9.2.0.1, time stamp: 0x4d069c0f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000a
Faulting process id: 0x91d0
Faulting application start time: 0x01cd02c944ab6d53
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Service.exe
Faulting module path: unknown
Report Id: 43e40d87-6ec6-11e1-a52f-3cd92b024752
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-03-15T17:42:42.000000000Z" />
<EventRecordID>2945</EventRecordID>
<Channel>Application</Channel>
<Computer>************</Computer>
<Security />
</System>
<EventData>
<Data>Syslogd_Service.exe</Data>
<Data>9.2.0.1</Data>
<Data>4d069c0f</Data>
<Data>unknown</Data>
<Data>0.0.0.0</Data>
<Data>00000000</Data>
<Data>c0000005</Data>
<Data>0000000a</Data>
<Data>91d0</Data>
<Data>01cd02c944ab6d53</Data>
<Data>C:\Program Files (x86)\Syslogd\Syslogd_Service.exe</Data>
<Data>unknown</Data>
<Data>43e40d87-6ec6-11e1-a52f-3cd92b024752</Data>
</EventData>
</Event>
---------------------------
The following was in the Syslogd Errorlog.txt:
2012-03-15 09:32:52 Command line license key accepted.
2012-03-15 10:42:41 *** INTERNAL PROGRAM ERROR - Please contact http://www.kiwisyslog.com/support/ ***
2012-03-15 10:42:41 Service Version 9.2.1 | Error Number: 28 | Description: Out of stack space | Module Name: Syslogdsvc.frm | Procedure Name: SyslogSocket_DataArrival | Line Number: 260 | Date and time: 3/15/2012 10:42:41 AM
---------------------------
I have opened SolarWinds case #323438 regarding this.
↧