Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

Kiwi Syslog Service hanging

May 26, 2017, 11:45 am
$
0
0

1st time starting a discussion.

1st time working with Kiwi Syslog.

Let me know if I'm in the wrong place.

 

I am very new to Syslog Servers.

I'm a Route/Switch type guy.

 

We are using Kiwi Syslog to get Call Manager Call Traces for troubleshooting.

This Instance of Kiwi Syslog was working fine as a Guest VMware Server on a Host Server.

We used the app Veeam to move the Kiwi Syslog VMware Guest Server to another Host.

This issue started after the copy/move of the Kiwi Syslog

 

No IP addresses were changed, it's on the same network as before.

It starts up, logs are being received, and then they stop.

If you try to start the service, it tells you it's already running.

 

At the bottom of the Kiwi Syslog Service Manager, you can see the MPH indicator has stopped.

Looking at the correct folder I can see the logs are no longer being  received.

If I stop the service and start the service it starts.

There is a script that tells it to restart every morning at 4am, and it will do this.

 

Below is the error event seen when it stopped last time.

 

Windows Server 2012 R2

64 -bit OS

 

Has anyone seen this type of issue before?

 

Any help would be greatly appreciated,

 

Mhaley

Search

Kiwi Syslog Server - Status Code 500

November 1, 2011, 6:01 am
$
0
0

Hi community. I ve searched about my problem but only found topics related about Orin software. I am getting an exception in Kiwi Syslog Web Access. Status Code 500. Any one have experienced this issue ? Thanks a lot.

Exception of type  'System.Web.HttpUnhandledException' was thrown.

Status Code: 500

System.Web.HttpUnhandledException:  Exception of type 'System.Web.HttpUnhandledException' was thrown. --->  System.ArgumentOutOfRangeException: 'capacity' must be  non-negative.
Parameter name: capacity
at  System.Collections.ArrayList..ctor(Int32 capacity)
at  RadGridUserSettings.GetSerializedSettings()
at _Event.Render(HtmlTextWriter  writer)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer,  Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter  writer, ICollection children)
at  System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at  System.Web.UI.Page.Render(HtmlTextWriter writer)
at  _Event.Render(HtmlTextWriter writer)
at  System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer,  Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter  writer, ICollection children)
at  System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at  System.Web.UI.Page.Render(HtmlTextWriter writer)
at  _Event.Render(HtmlTextWriter writer)
at  System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,  Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace  ---
at System.Web.UI.Page.HandleError(Exception e)
at  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,  Boolean includeStagesAfterAsyncPoint)
at  System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean  includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at  System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at  System.Web.UI.Page.ProcessRequest(HttpContext context)
at  ASP.events_aspx.ProcessRequest(HttpContext context)
at  System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&  completedSynchronously)

Resource: http://localhost:8088/Events.aspx
Referrer: http://localhost:8088/Gateway.aspx

Click here to return to the previous  page    Click here to return to the login  page

How to deactivate kiwi syslog server licence without the licence manager

July 15, 2013, 4:52 am
$
0
0

Hello,

 

I have an issue with the migration of my kiwi syslog product.

 

I have got a new server and I want to migrate my kiwi syslog version on this new server (after deactivating it on the old one).

 

When I read the documentation it is said to install the licence manager tool.

But when I use it, the tool says "No licensed solarwinds products on your machine".

 

But my two products are well registered and I can see the licenses on my online account.

 

Is it possible to deactivate them manually ?

 

Thanks for your helpsyslog

Kiwi Syslog Server service starts then stops

August 29, 2011, 2:29 pm
$
0
0

When attempting to start the Kiwi Syslog Server service (on Windows 2008 R2), I get the message "The Kiwi Syslog Server service on [my server name] started and then stopped.  Some services stop automatically if they are not in use by other services or programs."  Any ideas what could be causing this?

Syslog 9.1 log to sql database error

October 11, 2010, 2:10 pm
$
0
0

Hello all,

I keep getting the below errors when trying to send info to our SQL database.

2010-10-10 16:49:39     DBLogger.ClearQueue aborted with error: Incorrect syntax near '2222:43:netmgtd:10-Oct-2010 16:49:37.018014:rca_ocp.c:295:INFO:25.2.4:GUI: Account admin from 10.X.X.XX logged in to 10.X.X.X'. - SQL statement has been removed from the database cache. [Syslogd_TaskEngine.exe 2.5.151] (801) INSERT INTO Syslogd (MsgDate,MsgTime,MsgPriority,MsgHostname,MsgText) VALUES ('2010-10-10','16:49:38','User.Info','10.X.X.XXX','2222:43:netmgtd:10-Oct-2010 16:49:37.018014:rca_ocp.c:295:INFO:25.2.4:GUI: Account admin from 10.X.X.XX logged in to 10.X.X.XXX. ') : C:\Program Files\Syslogd\DBCache\ca7ad33fa4e635d00d4106908427f600 [Line:0]

I have setup the the log to database using the built in sql file format as well as creating one from scratch.  What I don't get is that every time I use the debug command, the table gets updated properly without any errors.  But when I apply my settings the log file gets filled with errors.  I know it is complaining about quotes someplace, but in the view none of the statements have any quotes in them.  

 

Any help would be greatly appreciated.

 

Thank you,

Giuseppe

Discarding Traps in Kiwi

January 8, 2016, 12:53 pm
$
0
0

I'm setting up Kiwi and I'd like to specify certain traps to discard. The problem is my rule is't working. Can anyone see why? Screenshots below show the rule called "Discard rule," the filter which is any message with "snmpd" and the actions which are to show it on display 24 and stop processing. When I to a test it works but with new messages that come in aren't getting processed by it.

 

rules.JPGfilter.JPGaction screen.JPGaction stop.JPG

Can't copy and past more than one log entry in Free version

May 24, 2019, 6:11 am
$
0
0

Hi everyone:

 


I'm quite a newbie to this. I am trying to do some logging of a device in Syslog server, and every time I Select all from the log window, and select "Copy Selected Item", when I go to paste those into any other program, only one log entry line gets pasted. Is this intentional behavior or is something wrong?

 

Is there a list of limitations somewhere for the Free version. There's a ton of documenation here, but if there is a list of limitations, I can't find it.

 

Thanks.

Administrator Password Missed; Other way to login

April 17, 2015, 2:56 am
$
0
0

Hi,

 

I have recently been handed over Kiwi Syslog server to manage which has both Fat Client and Web Server. Fat Client is directly logged in however Web console could not be logged in. When I checked regarding the password of "Administrator", I have been informed that resource handling it has left long ago and there is no one to tell.

 

Is there a way we can reset the password of Administrator or create a new user from Syslog Fat Client. I cant raise the request with Support as we do not have active maintanence.

 

Thanks,

Syed

Search

How to search all log files

June 10, 2016, 3:02 pm
$
0
0

Hi everyone,

 

Can someone confirm that both the Kiwi Syslog Service Manager console and the Kiwi Syslog Web Access will only display messages for current log files.  Therefore, a find or filter will only bring up hits for the most current log files, correct?

 

Assuming that is the case, I found a thread that mentions WinGREP as a freeware to search all log files on your hard drive.  Wouldn't it be helpful for this capability to be integrated into Kiwi Syslog Server?

 

For example, I am importing all Windows Security events from all domain controllers into Kiwi Syslog Server.  I want to be able to search for a username and the phrase "user account is locked out" for as far back as I have logs.  How do I do this easily?

 

Thanks,

Tony

Mail error: SMTP protocol error. 504 5.7.4 Unrecognized authentication type

December 21, 2016, 10:11 am
$
0
0

I'm having trouble configuring email alerts. I'm trying to send alerts to my Office 365 email address. Can someone see if I've input one of these settings incorrectly? I'm using my full Office 365 email for each of the blacked out sections in the screen shot below. For "SMTP Password," I'm using my Office 365 password.

KiwiError1.PNG

Kiwi Syslog Server

August 23, 2017, 7:01 pm
$
0
0

Does anyone familiar with Kiwi syslog server? I understand that it comes with SQL CE. If my requirement is to keep log historical for a year duration, do I need to buy a full MS SQL Server database for that? How big the size of the HDD would that be..

How to Migrate Kiwi Syslog Server

January 14, 2015, 10:55 am
$
0
0

There are 3 things that you need to consider when migrating Kiwi Syslog Server:


  1. Configuration - to back them up, simply open the Kiwi Syslog Server Manager and click "File -> Export Settings to INI" .
  2. Logs - Manually copy Syslog messages log files. Under Setup, look for all Log to file - action and take note of the path and file name.
  3. License - Deactivate the license from the old server using License Manager Tool first so that you can transfer the license to the new server. Please take note that Activation Key will be different once the license is deactivated. You can refer to the following video for more detail information:

Parsing Kiwi Syslog Data

February 8, 2019, 1:02 pm
$
0
0

All,

 

I am trying to parse data that is received with Kiwi Syslog and then forward that parsed data to another syslog server that is viewed by other technicians. The issue I am having is that the server that sends the data is sending to much information that is not needed to the destination syslog server. I see that Kiwi Syslog does have the ability to do some parsing via VBscript. I was hoping someone could post a script that I could try that would parse the following data.

 

02-08-2019 14:25:19 User.Warning 172.16.0.145 Feb  8 20:25:19 Server1.penfield.edu ERAServer[743]: {"event_type":"Threat_Event","ipv4":"172.17.21.137","hostname":"Computer1.microsoft.com","source_uuid":"ecef5ff4-0535-42e2-9985-41110278b0db","occured":"08-Feb-2019 19:16:43","severity":"Warning","threat_type":"potentially unwanted application","threat_name":"JS/Spigot.B","scanner_id":"Real-time file system protection","scan_id":"virlog.dat","engine_version":"18843 (20190208)","object_type":"file","object_uri":"file:///C:/Users/JDoe/AppData/Local/Temp/scoped_dir6204_15059/CRX_INSTALL/background.js","action_taken":"cleaned by deleting","threat_handled":true,"need_restart":false,"circumstances":"Event occurred on a newly created file.","firstseen":"08-Feb-2019 19:16:43","hash":"B19897AB34E780D9F53E6AC8BE78BE26094693FD"}

 

The only data I need to pass to the other syslog server from Kiwi server is the following data,

 

"hostname":"Computer1.microsoft.com"

"threat_name":"JS/Spigot.B"

"object_uri":"file:///C:/Users/Jdoe/AppData/Local/Temp/scoped_dir6204_15059/CRX_INSTALL/background.js"

"scanner_id":"Real-time file system protection"

 

The parts marked in red do change. Is this possible?

 

Thanks,

Mike

Administrator Password Missed; Other way to login

April 17, 2015, 2:56 am
$
0
0

Hi,

 

I have recently been handed over Kiwi Syslog server to manage which has both Fat Client and Web Server. Fat Client is directly logged in however Web console could not be logged in. When I checked regarding the password of "Administrator", I have been informed that resource handling it has left long ago and there is no one to tell.

 

Is there a way we can reset the password of Administrator or create a new user from Syslog Fat Client. I cant raise the request with Support as we do not have active maintanence.

 

Thanks,

Syed

Domain Admin login event log forwarding?

October 2, 2017, 11:54 am
$
0
0

Hello,

 

    I'm currently trying to get the logs of where (what IP) and when (date and time) the Domain Administrator account information is used to log into one of three specific machines (2 DC's, and a Finance server). I'm having some trouble defining the subscription in the Kiwi Log Forwarder - Specifically, what boxes do I need to tick off and what event ID number do I need to include? I have the IP's for the three servers that I want AD to send the Admin login logs from. Thanks!

Search

Forward syslog events to QRadar

January 13, 2016, 11:55 am
$
0
0

I'm trying to forward events from Kiwi Syslog to QRadar SIEM. 

 

In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected "Retain the original source address of the message"; clicked the Test button to verify the configuration and got a gree checkmark.

 

The test event was the only event received by the QRadar.  None of the events I'm forwarding have been received as incoming logs on QRadar.

 

I've tried this with and without adding the Kiwi Syslog servers as log sources in QRadar.

 

Do I need to install a universal DSM on the Kiwi Syslog servers?

Administrator Password Missed; Other way to login

April 17, 2015, 2:56 am
$
0
0

Hi,

 

I have recently been handed over Kiwi Syslog server to manage which has both Fat Client and Web Server. Fat Client is directly logged in however Web console could not be logged in. When I checked regarding the password of "Administrator", I have been informed that resource handling it has left long ago and there is no one to tell.

 

Is there a way we can reset the password of Administrator or create a new user from Syslog Fat Client. I cant raise the request with Support as we do not have active maintanence.

 

Thanks,

Syed

How to create filter in kiwi syslog web access to filter only windows logon events

April 21, 2015, 9:23 pm
$
0
0

Dear All,

I want to create filter in syslog server to view the windows logon and logoff (event logs).

 

Please help me to create the filter.

Problem with filtering in Kiwi Syslog

December 12, 2011, 1:15 pm
$
0
0

I am setting up a kiwi syslog server.  Running into a problem with the filtering not working the way I would expect.  I have used Kiwi but that was several years ago.  I have setup a display for a specific switch and have tried several different filter possibilities but still getting syslog messages on the display that dont belong to the switch I am trying to watch. 

I have tried a ip address - simple filter with the ip address of the switch "10.1.1.2".  On the cisco switch, I have used the command logging source-interface vlan 254 which should send out the syslog messages using the ip address in the simple filter I setup.  I have also tried the hostname option with the hostname of the switch "Switch1" but same problem.

It has got to be something simple but so far I havent found the problem.  Since this is the free version, I know I cant call Solar Winds support.

Any suggestions are appreciated.


Ron

Kiwi Syslog "Check for update..." error

August 29, 2017, 12:29 pm
$
0
0

We are new to Kiwi Syslog and are just getting things configured.  We are on version 9.6.1.6.  One thing I immediately noticed is that running the "Check for update..." results in the following error: "An error occurred while checking for available software updates.  Check internet connectivity or proxy server settings.". 

 

We have no proxy server enabled.  From the server with Kiwi Syslog, I have Internet connectivity via a browser with no problems. 

 

From Kiwi's error log, I see the following line associated with the failed update: "Info: An error occurred while checking for available software updates.  Moved Temporarily [20152] - Resource: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/currentkiwisyslogversion.xml".  If I paste that URL into a browser, it returns the following:

 

<?xml version="1.0"?>

-<KiwiSyslogServerVersionManifest Version="1">

<CurrentVersion Version="9.6.1" Link="http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip" DateReleased="2017-05-01"> New in 9.6.1 update ------------------------------ * Kiwi Syslog Server no longer creates large SolarWinds.SyslogServer.Engine.log fileswhich consume significant disk space. * Kiwi Syslog Server diagnostic information shows the correct buffer usage for all types of messages * If you do not see a "Download Update" button below, copy and paste the following link into your browser to download: http://downloads.solarwinds.com/solarwinds/Release/Kiwi/Syslog/Kiwi-Syslog-Server-9.6.1.zip</CurrentVersion>

</KiwiSyslogServerVersionManifest>

 

I can then paste the .zip link it references into a browser and get the zip file to download (although it appears to be the same version we already have). 

 

Has anyone experienced the same issue or know how to fix it?

 

Thanks!

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>