Mail Error Type Mismatch

February 13, 2013, 8:36 pm

≫ Next: How can i make report of nodes synched with syslog server???

≪ Previous: How to Split Log Files by IP Address and Date in Kiwi Syslog Server

I was wondering if any one has come across this error before, I am unable to find the cause

Errorlog.txt

2013-02-14 12:27:04 Mail error: Type mismatch

2013-02-14 12:27:04 Requeuing 2 e-mail messages. Will retry in 1 minute.

SendMailLog.txt

02-14-2013 12:27:04 PI SMTP Server: smtp.X.X.X.X

02-14-2013 12:27:04 PI SMTP Port:

02-14-2013 12:27:04 PI SMTP Timeout: 30

02-14-2013 12:27:04 PI Message to: X@email.com

02-14-2013 12:27:04 PI Message from: y@email.com

02-14-2013 12:27:04 PI Subject: Syslog message from HOST

02-14-2013 12:27:04 PI Date: Thu, 14 Feb 2013 12:27:04 +1000

02-14-2013 12:27:04 PI Mail error: Type mismatch

I think it is resulting in delay in receiving emails and retransmissions

↧

How can i make report of nodes synched with syslog server???

February 18, 2013, 3:22 am

≫ Next: Requesting assistance on Syslog application

≪ Previous: Mail Error Type Mismatch

I want to make a report which shows the devices of a region synched with the syslog server. How can i do that kindly tell me if anyone knows????

↧

Requesting assistance on Syslog application

January 10, 2014, 1:49 pm

≫ Next: Email statistics buggy since v9.4

≪ Previous: How can i make report of nodes synched with syslog server???

Hi Everyone,

I’m Sunil working for Hewlett Packard India.

Currently, I’m facing an issue with a Kiwi Syslog application v.9x which is licensed and installed on a production environment for network monitoring. The application has failed to initialize and will not start.

I’m sharing the screenshot of the error messages, and requesting someone to please guide me in resolving the problem. As I’m not the expert in the application seeking guidance from the community.

Assistance on the following issue will be helpful and greatly appreciated.

Thank you.

Regards,

Sunil PN

↧

Email statistics buggy since v9.4

September 17, 2013, 8:48 am

≫ Next: Kiwi Grid Run-Time Error '0'

≪ Previous: Requesting assistance on Syslog application

I've just upgraded to v9.4, and discovered an issue...

I'm using the email statistics functionnality for a long time and it worked correctly till v9.3.4.

I've set the "for every" option to 24 hours, and the mail is always being sent at midnight (12:00 AM + some minutes/seconds).

Now, I'm still receiving the mail correctly, but its content is partially reset at midnight.

Here is a sample mail:

---

/// Kiwi Syslog Server Statistics ///

---------------------------------------------------

24 hour period ending on: Tue, 17 Sep 2013 00:02:56

Syslog Server started on: Wed, 11 Sep 2013 11:33:10

Syslog Server uptime: 5 days, 12 hours, 27 minutes

---------------------------------------------------

+ Messages received - Total: 3046381

+ Messages received - Last 24 hours: 776286

+ Messages received - Since Midnight: 197

+ Messages received - Last hour: 7545

+ Message queue overflow - Last hour: 0

+ Messages received - This hour: 3441

+ Message queue overflow - This hour: 0

+ Messages per hour - Average: 32202

+ Messages forwarded: 0

+ Messages logged to disk: 212

+ Errors - Logging to disk: 0

+ Errors - Invalid priority tag: 0

+ Errors - No priority tag: 0

+ Errors - Oversize message: 0

+ Disk space remaining on drive D: 107889 MB

---------------------------------------------------

Breakdown of Syslog messages by sending host

+--------------------------+------------+------------+

| Top 25 Hosts | Messages | Percentage |

+--------------------------+------------+------------+

| router | 197 | 100,00% |

| | 0 | 0,00% |

+--------------------------+------------+------------+

Breakdown of Syslog messages by severity

+--------------------+------------+------------+

| Message Level | Messages | Percentage |

+--------------------+------------+------------+

| 0 - Emerg | 0 | 0,00% |

| 1 - Alert | 0 | 0,00% |

| 2 - Critical | 0 | 0,00% |

| 3 - Error | 0 | 0,00% |

| 4 - Warning | 0 | 0,00% |

| 5 - Notice | 0 | 0,00% |

| 6 - Info | 197 | 100,00% |

| 7 - Debug | 0 | 0,00% |

+--------------------+------------+------------+

Custom statistics

-----------------

CustomStats01: 0

CustomStats02: 0

CustomStats03: 0

CustomStats04: 0

CustomStats05: 0

CustomStats06: 0

CustomStats07: 0

CustomStats08: 0

CustomStats09: 0

CustomStats10: 0

CustomStats11: 0

CustomStats12: 0

CustomStats13: 0

CustomStats14: 0

CustomStats15: 0

CustomStats16: 0

End of Report.

---

The first summary part seems to be OK.

But the Top 25 hosts and the severity dispatching are reset at 00:00, instead of showing datas for the past day !

Therefore, the 197 messages are only those received since midnight, as the mail was sent at 00:02:56

So, either there's an unwanted clearing of counters (at 00:00 instead of after the mail was sent), or there should be a more precise scheduling option (every XX hours, that's not precise at all !) where for example it could be possible to specify the time of sending (00:00 or 23:59)...

I was using those datas for statistics, but they're now completely unuseful !!!

For me, this is clearly a bug that appeared in v9.4...

What's your opinion ?

In that case, can you correct it, please ?

↧

Kiwi Grid Run-Time Error '0'

April 30, 2014, 11:26 am

≫ Next: When will Kiwi support SNMP v3? Need a solution to receive and forward traps.

≪ Previous: Email statistics buggy since v9.4

Installed Kiwi Syslog 9.2.1 on Windows 7 pro SP1 VM ESXI server. After the installation was complete and rebooted the computer. This error comes up when i log in.

I have searched, but have not found any solutions for this error.

↧

When will Kiwi support SNMP v3? Need a solution to receive and forward traps.

May 6, 2014, 1:01 pm

≫ Next: Kiwi Syslog Web Access Problem

≪ Previous: Kiwi Grid Run-Time Error '0'

When will Kiwi support SNMP v3? Need a solution to receive and forward traps.

Thanks...

↧

Kiwi Syslog Web Access Problem

June 1, 2010, 10:39 am

≫ Next: How to detect clients that stop sending Syslog messages to the server

≪ Previous: When will Kiwi support SNMP v3? Need a solution to receive and forward traps.

Hello,

I've got a registered version of Kiwi Syslog Server.

I've got the "Log To Syslog Web Access" Filters set up.

But I don't have any log in the web access.

The only little clue I have is when I do a Syslog_Diagnostics I've got this :

SolarWinds.KiwiSyslog.WebAccess.Data

====================================
Component not started.

And this error :

2010-06-01 20:26:46 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file is larger than the configured maximum database size. This setting takes effect on the first concurrent database connection only. [ Required Max Database Size (in MB; 0 if unknown) = 0 ]

Any Ideas ?

↧

How to detect clients that stop sending Syslog messages to the server

January 29, 2013, 7:28 am

≫ Next: Hourly log file rotation (Kiwi Syslog)

≪ Previous: Kiwi Syslog Web Access Problem

How do you detect specific clients that have not sent syslog messages to the server in a specified amount of time?

↧

Hourly log file rotation (Kiwi Syslog)

April 17, 2014, 6:21 pm

≫ Next: Kiwi Syslog Forwarder windows 2008R2 Invalid Subscription

≪ Previous: How to detect clients that stop sending Syslog messages to the server

Hello,

I''ve tried searching the forum but was unable to find an answer to this specific issue. I just setup Kiwi Syslogd (paid) and have been testing logging from some firewalls. While I have no problem creating the log files and directory structure, log files are being created about every minute. I thought I'd modified this behavior by enabling Log File Rotation (under the Log to File action) with Total number of log files set to "2" and Maximum log file age set to "1 hour", but I am still seeing a log file being created every minute and I do not understand why. Yes I am using AutoSplit Values within the pathname btw (I saw this mentioned in another post), but I'm not sure why this would still generate a file each minute. I'm clearly lost so thank you in advance for pointing me in the right direction.

-l4d

↧

Kiwi Syslog Forwarder windows 2008R2 Invalid Subscription

January 10, 2014, 7:40 am

≫ Next: How to Resolve IP Addresses into Hostnames in Kiwi Syslog Server

≪ Previous: Hourly log file rotation (Kiwi Syslog)

I am setting up the Kiwi Log Forwarder for windows 2008R2 If i select all the logs ( the logical thing to do in my opinion) I get an "Invalid Subscription error"

What is the fix for this as 23 event logs does not cover the list of secondary logs in windows 2008R2

Thank you

↧

How to Resolve IP Addresses into Hostnames in Kiwi Syslog Server

May 31, 2013, 9:50 am

≫ Next: How to forward glassfish log to Kiwi syslog server

≪ Previous: Kiwi Syslog Forwarder windows 2008R2 Invalid Subscription

SolarWinds's own Justin Finley just recorded a video tutorial that shows how to resolve IP addresses into hostnames in Kiwi Syslog Server.

External link to Jing: DNS Resolution - justinfinley's library

Video Guide:

0:00 Watching traffic come in with unresolved IP addresses
0:10 Turning on IP address resolution (this affects what appears in the "Hostname" column)
0:20 Turning on in-message IP address resolution (this is optional, can be slow, and affects what appears in the "Message" column)
0:27 A quick glance at the DNS server settings (which DNS server to use, whether NetBIOS is to be used, etc.)
0:29 A quick glance at the DNS cache settings
0:30 Turning on resolution of frequently-uses IPs from a local hosts file (this is very fast, but ignores changes to DNS servers)
0:35 How to edit the hosts file
1:30 Watching traffic come in with properly resolved IP addresses

Remember to "LIKE" this if you find it useful - that helps others find it too!

↧

How to forward glassfish log to Kiwi syslog server

January 30, 2014, 7:28 am

≫ Next: Will syslog actually be able to read message content such as email and imessage etc

≪ Previous: How to Resolve IP Addresses into Hostnames in Kiwi Syslog Server

Hi Guys,

I am new at this and I need some assistance on how to configure glassfish 3.1.2 to forward its log to my Kiwi syslog server in windows. Does anyone have any experience on this?

↧

Will syslog actually be able to read message content such as email and imessage etc

April 18, 2014, 8:34 am

≫ Next: Kiwi Syslog generates error logs on Local Server

≪ Previous: How to forward glassfish log to Kiwi syslog server

Will syslog actually be able to read message content such as email and imessage etc

↧

Kiwi Syslog generates error logs on Local Server

September 21, 2012, 6:52 am

≫ Next: Syslogd_Service.exe crash - out of stack space

≪ Previous: Will syslog actually be able to read message content such as email and imessage etc

Hallow

I have noticed that the following error logs are generated on the server where we have installed Kivi Syslog server v9.3.2. Operating system is Windows 2003 Server x32. As a database we use MS SQL 2008 R2

Event Type:	Failure Audit
Event Source:	Security
Event Category:	Object Access
Event ID:	560
Date:		9/17/2012
Time:		6:14:18 PM
User:		NT AUTHORITY\NETWORK SERVICE
Computer:	KIWISERVER

Description:

Object Open:

Object Server:	Security
Object Type:	Key
Object Name:	\REGISTRY\MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM
Handle ID:	-
Operation ID:	{0,1015230540}
Process ID:	3724
Image File Name:	C:\WINDOWS\system32\wbem\wmiprvse.exe
Primary User Name:	NETWORK SERVICE
Primary Domain:	NT AUTHORITY
Primary Logon ID:	(0x0,0x3E4)
Client User Name:	-
Client Domain:	-
Client Logon ID:	-
Accesses:	DELETE
		READ_CONTROL
		WRITE_DAC
		WRITE_OWNER
		Query key value
		Set key value
		Create sub-key
		Enumerate sub-keys
		Notify about changes to keys
		Create Link

Privileges:	-
Restricted Sid Count:	0
Access Mask:	0xF003F

Could you please help me to understand what this error mean?

Thank you

↧

Syslogd_Service.exe crash - out of stack space

March 15, 2012, 4:28 pm

≫ Next: Log Forwarder for Windows (available to all Kiwi customers on maint)

≪ Previous: Kiwi Syslog generates error logs on Local Server

I am evaluating Kiwi Syslogd to front-end and filter syslog traffic since we are having performance problems and service crashes using the NPM Syslog Service. Here is the hardware platform:

HP DL385G7
2x AMD Opteron 6174 2.2GHz 12-core processors
32GB memory
RAID-1 for OS/Syslog
Windows Server 2008 R2 x64 Enterprise SP1

I installed Kiwi Syslogd and it ran for about an hour before it crashed with this failure:

Log Name:      Application
Source:        Application Error
Date:          3/15/2012 10:42:42 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      *********
Description:
Faulting application name: Syslogd_Service.exe, version: 9.2.0.1, time stamp: 0x4d069c0f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000a
Faulting process id: 0x91d0
Faulting application start time: 0x01cd02c944ab6d53
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Service.exe
Faulting module path: unknown
Report Id: 43e40d87-6ec6-11e1-a52f-3cd92b024752
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-03-15T17:42:42.000000000Z" />
    <EventRecordID>2945</EventRecordID>
    <Channel>Application</Channel>
    <Computer>************</Computer>
    <Security />
</System>
<EventData>
    <Data>Syslogd_Service.exe</Data>
    <Data>9.2.0.1</Data>
    <Data>4d069c0f</Data>
    <Data>unknown</Data>
    <Data>0.0.0.0</Data>
    <Data>00000000</Data>
    <Data>c0000005</Data>
    <Data>0000000a</Data>
    <Data>91d0</Data>
    <Data>01cd02c944ab6d53</Data>
    <Data>C:\Program Files (x86)\Syslogd\Syslogd_Service.exe</Data>
    <Data>unknown</Data>
    <Data>43e40d87-6ec6-11e1-a52f-3cd92b024752</Data>
</EventData>
</Event>

---------------------------

The following was in the Syslogd Errorlog.txt:

2012-03-15 09:32:52    Command line license key accepted.
2012-03-15 10:42:41    *** INTERNAL PROGRAM ERROR - Please contact http://www.kiwisyslog.com/support/ ***
2012-03-15 10:42:41    Service Version 9.2.1 | Error Number: 28 | Description: Out of stack space | Module Name: Syslogdsvc.frm | Procedure Name: SyslogSocket_DataArrival | Line Number: 260 | Date and time: 3/15/2012 10:42:41 AM
---------------------------

I have opened SolarWinds case #323438 regarding this.

↧

Log Forwarder for Windows (available to all Kiwi customers on maint)

October 19, 2009, 10:39 am

≫ Next: Kiwi Syslog Server Web Interface Very Slow

≪ Previous: Syslogd_Service.exe crash - out of stack space

What it does:

Log Forwarder for Windows allows you to forward Windows events as Syslog to your Kiwi Syslog Server

Works on Windows XP, 2003, Vista, and 2008 (32-bit or 64-bit)
Provides .MSI version for silent installs, allowing use with remote software distribution systems (e.g., Microsoft SMS)
Enables definition of filters that describe which events are forwarded

How to get it:

If you download the Kiwi Syslog Server 9.0 from your customer portal, you will see there is an additional Log Forwarder executable included with your download. The Log Forwarder for Windows was developed by the Kiwi Syslog team. It is available at no cost to Kiwi Syslog customers current on maintenance.

Try it out and let us know what you think!

↧

Kiwi Syslog Server Web Interface Very Slow

November 10, 2011, 3:23 pm

≫ Next: Kiwi Syslog Web Access

≪ Previous: Log Forwarder for Windows (available to all Kiwi customers on maint)

I just setup an evaluation installation of the Kiwi Syslog Server and it's Web Access component. I have one relatively high volume system logging to it.

When I search for specific logs using filters in the Web Access, it takes a very long time fetching the events. If this is the case with only one system logging to it I am concerned about performance if I have a bunch more systems log to it.

Is this typical behavior for Kiwi Web Access?

↧

Kiwi Syslog Web Access

October 21, 2013, 8:54 pm

≫ Next: kiwi vs orion syslog

≪ Previous: Kiwi Syslog Server Web Interface Very Slow

Hi, I am new to Kiwi Syslog and I keep coming up with the attached error when installing the web access component.

I have upgraded Syslog Server to 9.4.1 and can't seem to get this going. I don't know if it was ever working to begin with.

When I try and go to http://localhost:8088 I get an error that "The resource cannot be found".

Is there any pre requisites that need to be pre installed on the server for web access to run? We have it running on Windows Server 2008 R2 Ent. SP1

↧

kiwi vs orion syslog

August 17, 2009, 10:05 am

≫ Next: Multiples Syslog message in 1 e-mail

≪ Previous: Kiwi Syslog Web Access

What is the differencse between the two? Do i need both running? Can i have both running on the same box? Currently i have both installed on the same box. the orion syslog is running but the kiwi gives error messages like "Unable to open UDP socket on port 514" or "Registered action was found in settings and disabled"

↧

Multiples Syslog message in 1 e-mail

November 19, 2013, 12:09 pm

≫ Next: Perl script to parse SNMP trap and set VarCustom01

≪ Previous: kiwi vs orion syslog

Is it possible with the latest Kiwi Syslog server (I am still using 8.3.30 but have maintenance) to regroup all the syslog messages matching a rule and received in the last programmable delay (2 min for example) to be combine in one e-mail alert?

For example, if I create a rule on VPN login/logout, I can see multiple messages in the syslog for each new/close session. It would be very interesting to have all those syslog entries in one e-mail.

↧