Hi There,
I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?
Thanks,
Is there any way for me to export Kiwi Syslogs. I want to be able to export the syslogs from a licensed Kiwi server into another database for viewing. Specifically the NPM database. I would think that there would have been something to do this already since both are SolarWinds products, but I am unable to find it.
I want to be able to take the logs off the Kiwi server and view them elsewhere, without viewing through Kiwi. I want to view them through NPM, but I guess I can get by viewing them through something like Access. Is there a way (even if it isn't easy) to do this?
Dear all,
I would like to know how to backup a Kiwi Syslog Server. We are installing this in VM, but the environment only has NetBackup.
I know that I can export the data out as log file for backup, but how about backup when log are still in the Kiwi Syslog Server database?
I am not able to find any reference in the Admin guide.
Best Regards,
Rayson Wong
Hi guys,
I recently installed Kiwi Syslog on a Windows Server 2008 machine, however I had to uninstalled the program as the customer wants to be on the D:\ . But now I am not able to install the program on D:\ or even back
on C:\ as I get the error message "an unlicensed version is detected" hence the installation cannot proceed any longer.
Can anyone help? Where can I delete the old files so i am able to install the software again? I need to install this quite urgently, I have the license with me but I did not activate the license in my previous installation since it was not installed on the right drive.
Please help.
Thanks.
Dear All Experts,
I am running Kiwi Syslog server for log events collection of different servers and currently i am in testing mode. the problem currently i am facing is that all the spurce server logs are displaying in the same page simultaneously. Logs of each server are not categorized and neither i found any search option in the dashboard where i can search the logs for the specific server. All logs are mixed.
What i want that is there any method to categorize the logs of each server at the dashboard i.e exchange server logs are displaying in exchange server logs option, domain controllers or esxi hosts are displaying in their respective sections to easy trace the errors and logs. Right now all logs and errors are mixing with each others.
Seeking the help in this regards.
Waiting for the response from experts here.
Thanks.
I am trying to connect to kiwi syslog server in secure TCP mode. From my client side (c# code) I try to connect to kiwi syslog sever using TLS 1.2 protocol. But SSL Handshake from server is set to TLS 1.0
I installed kiwi server in Windows 7 SP1 and enabled TLS 1.2 in the system by modifying the system registry.
SSL handshakes captured using Network monitor are given below
Client HandShake
Server HandShake
Client side code( c#)
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var tcpClient = new TcpClient(hostname, port);
var tcpClientStream = tcpClient.GetStream();
var sslStream = new SslStream(tcpClientStream, false, ValidateServerCertificate)
{
ReadTimeout = timeout,
WriteTimeout = timeout
};
sslStream.AuthenticateAsClient(hostname, new X509CertificateCollection(), System.Security.Authentication.SslProtocols.Tls12, false);
I do not know if this is the correct place to post this question.
I am using Kiwi Syslog Server, and I have SolarWinds Event Log Forwarder for Windows installed on a computer.The forwarder will send test messages, but it is not sending the logs to the log server. Any suggestions?
Dejacpp...
Hi There,
I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?
Thanks,
I would like to get a verification for the stated tool, is it a freeware tool that I can use with a limitation features or is just 14 days trial version tool?
i installed log forwarder 2.1.0 on my windows server 2008. i set my kiwi syslog server, i configured subscription for sending system logs from my server. when i click to test button, the test is ok, but in event viewer i receive in log solariwinds.net i receive message
Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
also, my kiwisyslogserver does not receives messages. where is problem
Kiwi Syslog Web Access failed the database maintenance.
- Eventlog.txt:
=======================
STATUS: SolarWinds.KiwiSyslog.WebAccess.Data: SQLCE database maintenance started @2011/02/16 14:36:30
SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to perform maintenance procedure. System.Data.SqlServerCe.SqlCeError: The database file is larger than the configured maximum database size. This setting takes effect on the first concurrent database connection only. [ Required Max Database Size (in MB; 0 if unknown) = 3992 ]
STATUS: SolarWinds.KiwiSyslog.WebAccess.Data: SQLCE database maintenance failed.
=======================
Then, I would like to delete the old events by SQL Server Management Studio.
But I can not connect to the Event.sdf database because I don't know the password.
What is the password to connect to the Event.sdf?
* I read "How to delete old records from Kiwi Syslog Web Access??" post.
Hi,
We are using the Kiwi Syslog Web Access as a syslog for all the network and security devices. Due to this we are unable to fetch events for any specific filters applied on the Kiwi Syslog Web Access.
We alternatively go to the location: \Program Files (x86)\Syslogd\Logs and try to open the logs in text editor like notepad++.
The problem is:
1. That file size is too large (~700 MB) and we are unable to open via the text editor. Is there any way to limit the size.
2. On the Web Access, when a filter is applied, the software crashes with the error:
Exception of type 'System.Web.HttpUnhandledException' was thrown.
Status Code: 500
System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.Web.HttpException: Maximum request length exceeded.
at System.Web.HttpRequest.GetEntireRawContent()
at System.Web.HttpRequest.FillInFormCollection()
at System.Web.HttpRequest.get_Form()
at System.Web.HttpRequest.get_HasForm()
at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull)
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace ---
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.events_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Resource: http://10.240.22.194:8088/Events.aspx
Referrer: http://10.240.22.194:8088/Events.aspx
Click here to return to the previous page Click here to return to the login page
Please suggest.
Details: Kiwi Syslog Web Access ver 1.5.1
Thanks,
Richard
Hi everyone,
I wonder if Kiwi Syslog Server has any limitation on how many servers that it can collect the logs from or how many servers can send the logs to the syslog server?
I know the Web Access has 4GB db limitation. What is the best practice for this limitation when you have more than 10 servers sending the logs to syslog server? I don't want to see only 1 or 2 day logs every day from Web Access. I hope at least 4GB db limitation can store like a month logs of all 10+ servers. I am trying first with the windows event logs (using the free tool Solwarwinds Event Log Forwarder)
Is there any limitation that i should be aware with Kiwi Syslog Server and Event Forwarder tool?
Another question:
Does Solarwinds Event Log Forwarder can work with other vendor syslog server? If so, which vendor and which syslog server product is that?
Thanks in advance!
Hello,
i need to create more than the 100 possible rules.I found the documentation regarding the registry entry "MaxRuleCount" (http://www.kiwisyslog.com/help/syslog/index.html?rules_maximumrulecount.htm) However, i don't have the mentioned registry entry and also creating it did not help. Any ideas?
Thx, Robert
How to delete records from the Kiwi Syslog Web Access?
Thanks.
I just setup a trial version of the Kiwi Syslog Server for some testing & evaluation and have two questions thus far...
I'm trying to forward events from Kiwi Syslog to QRadar SIEM.
In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected "Retain the original source address of the message"; clicked the Test button to verify the configuration and got a gree checkmark.
The test event was the only event received by the QRadar. None of the events I'm forwarding have been received as incoming logs on QRadar.
I've tried this with and without adding the Kiwi Syslog servers as log sources in QRadar.
Do I need to install a universal DSM on the Kiwi Syslog servers?
Hi everyone,
I wonder if Kiwi Syslog Server has any limitation on how many servers that it can collect the logs from or how many servers can send the logs to the syslog server?
I know the Web Access has 4GB db limitation. What is the best practice for this limitation when you have more than 10 servers sending the logs to syslog server? I don't want to see only 1 or 2 day logs every day from Web Access. I hope at least 4GB db limitation can store like a month logs of all 10+ servers. I am trying first with the windows event logs (using the free tool Solwarwinds Event Log Forwarder)
Is there any limitation that i should be aware with Kiwi Syslog Server and Event Forwarder tool?
Another question:
Does Solarwinds Event Log Forwarder can work with other vendor syslog server? If so, which vendor and which syslog server product is that?
Thanks in advance!
We are new to Kiwi Syslog and are just getting things configured. We are on version 9.6.1.6. One thing I immediately noticed is that running the "Check for update..." results in the following error: "An error occurred while checking for available software updates. Check internet connectivity or proxy server settings.".
We have no proxy server enabled. From the server with Kiwi Syslog, I have Internet connectivity via a browser with no problems.
From Kiwi's error log, I see the following line associated with the failed update: "Info: An error occurred while checking for available software updates. Moved Temporarily [20152] - Resource: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml". If I paste that URL into a browser, it returns the following:
<?xml version="1.0"?>
-<KiwiSyslogServerVersionManifest Version="1">
<CurrentVersion Version="9.6.1" Link="http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip" DateReleased="2017-05-01"> New in 9.6.1 update ------------------------------ * Kiwi Syslog Server no longer creates large SolarWinds.SyslogServer.Engine.log fileswhich consume significant disk space. * Kiwi Syslog Server diagnostic information shows the correct buffer usage for all types of messages * If you do not see a "Download Update" button below, copy and paste the following link into your browser to download: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip</CurrentVersion>
</KiwiSyslogServerVersionManifest>
I can then paste the .zip link it references into a browser and get the zip file to download (although it appears to be the same version we already have).
Has anyone experienced the same issue or know how to fix it?
Thanks!
Hi Folks,
I'm looking at what we need to monitor to ensure that Kiwi Syslog Server is actually running OK.
The obvious metrics are :-
- "Kiwi Syslog Server" service is "Running"
- Process Syslogd_Service exists
- Is searching for "error" in the errorlog.txt a valid check?
We also plan to email an alert if we receive less than X messages in 60 mins, but if Kiwi Syslog Server is not running correctly,
we won't get this message!
Do we really? need to check if no logfiles have been updated in say the last 5 minutes ? (if log files are generally created at least every minute)
Any thoughts on how we can determine that KSS is actually running OK?
Many Thanks,