Spoof Network Packet - Using Npcap isntead of Winpcap

December 12, 2018, 2:20 pm

≫ Next: Maximum number of TCP connections has been reached. Not accepting connection.

≪ Previous: SolarWinds Event Log Forwarder for Windows

I have a licensed version of Kiwi 9.6 installed on a Windows 2016 Server. I was specifically hoping to use the "Spoof Network Packet" feature to forward packets to a downstream server. The help file says the server needs to be licensed (Done!) and that WinPcap must be installed. The problem is, WinPcap is deprecated for some time now, and not compatible (or at least not suggested) with Windows 2016. I use Npcap, which is the recommended way to go for W2016. I have even installed Npcap with WinPcap compatibility (a requirement of Wireshark) and that works correctly (with Wireshark). Unfortunately, with regards to the Kiwi server, something is still missing. The tick box is now available, but I cannot select a network adapter. Saving this config as is results in no data being sent.

↧

Maximum number of TCP connections has been reached. Not accepting connection.

July 9, 2014, 7:38 am

≫ Next: Kiwi Syslog Service hanging

≪ Previous: Spoof Network Packet - Using Npcap isntead of Winpcap

KiWi Syslogd error: Maximum number of TCP connections has been reached. Not accepting connection.

Why? Thanks..

↧

Kiwi Syslog Service hanging

May 26, 2017, 11:45 am

≫ Next: KIWI syslog service manager vs. syslog webaccess

≪ Previous: Maximum number of TCP connections has been reached. Not accepting connection.

1st time starting a discussion.

1st time working with Kiwi Syslog.

Let me know if I'm in the wrong place.

I am very new to Syslog Servers.

I'm a Route/Switch type guy.

We are using Kiwi Syslog to get Call Manager Call Traces for troubleshooting.

This Instance of Kiwi Syslog was working fine as a Guest VMware Server on a Host Server.

We used the app Veeam to move the Kiwi Syslog VMware Guest Server to another Host.

This issue started after the copy/move of the Kiwi Syslog

No IP addresses were changed, it's on the same network as before.

It starts up, logs are being received, and then they stop.

If you try to start the service, it tells you it's already running.

At the bottom of the Kiwi Syslog Service Manager, you can see the MPH indicator has stopped.

Looking at the correct folder I can see the logs are no longer being received.

If I stop the service and start the service it starts.

There is a script that tells it to restart every morning at 4am, and it will do this.

Below is the error event seen when it stopped last time.

Windows Server 2012 R2

64 -bit OS

Has anyone seen this type of issue before?

Any help would be greatly appreciated,

Mhaley

↧

KIWI syslog service manager vs. syslog webaccess

February 12, 2013, 8:11 am

≫ Next: Kiwi syslog migration

≪ Previous: Kiwi Syslog Service hanging

Hello group!

Is there a difference between what we see in the KIWI Syslog Service Manager and what we see in the KIWI Syslog Web Access? We currently have one of our appliances sending SNMP traps to KIWI, however I am trying to run a script that is looking for a particular attribute in the SNMP trap which is cldcClientIPAddress.0

What is strange is, I see this information in the KIWI Syslog Web Access monitor but I do not see it in the KIWI Syslog Service Manager. I have gone through all of the options within the service manager and cannot figure this one out.

Any assistance would be appreciated!

GMF

↧

Kiwi syslog migration

April 10, 2019, 2:05 am

≫ Next: Does Kiwi Syslog Server Support Receiving Syslog over TCP via RFC3195

≪ Previous: KIWI syslog service manager vs. syslog webaccess

We have upgraded our kiwi syslog server to a new server with a new version of the OS.

I need to migrate the settings of the previous server to the new server, but I am unable to find a migration tool or guide on how to migrate the settings.

I dont need to migrate the files (logs) only the settings.

Can anyone help or advise, or point me to a guide?

↧

Does Kiwi Syslog Server Support Receiving Syslog over TCP via RFC3195

September 24, 2014, 2:45 pm

≫ Next: Web Access not showing current logs

≪ Previous: Kiwi syslog migration

We are currently trying to migrate all UDP senders of syslog to TCP. Our fortigate security appliances only support the RFC 3195 standard for syslog over TCP. syslog-ng does not support this and rsyslog says that they support RFC 3195, but it is not working. Please, any assistance with this request would be appreciated. Running syslog with UDP is no longer an option.

Thanks in advance.

↧

Web Access not showing current logs

March 6, 2018, 10:04 am

≫ Next: kiwi syslog service crashes

≪ Previous: Does Kiwi Syslog Server Support Receiving Syslog over TCP via RFC3195

i have web access enabled, and it is showing logs, just not the current logs.

E:\Program Files\Syslogd\Logs\ is showing txt files for the current date, but what is being displayed in the web console is the oldest file

The service manager is showing live data being captured

how can i get the web access to also show the live data being captured?

↧

kiwi syslog service crashes

October 22, 2014, 4:10 am

≫ Next: Monitor Cisco Firewall and Router "Bad Password" Attempt Failures

≪ Previous: Web Access not showing current logs

I successfully installed Kiwi Syslog server (latest version) and successfully received 18.8 million logs in 5 – 6 hours and after that the application crashes and every time I re-start the service it keeps crashing. I too would like to know if this issue has been resolvable? and if so how was it done. We are required to log these messages because of audit regulations and we have multiple firewalls logging to this one server. If Kiwi cannot keep up kindly let us know or suggest any other option.

following are the system events:

Faulting application name: Syslogd_Service.exe, version: 9.4.0.1, time stamp: 0x5256d794

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7

Exception code: 0xc0000005

Fault offset: 0x000552a2

Faulting process id: 0x49c

Faulting application start time: 0x01cfedd553cc3c0b

Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Service.exe

Faulting module path: C:\Windows\SysWOW64\ntdll.dll

Report Id: 98b25655-59c8-11e4-8349-005056bb1e35

Fault bucket , type 0

Event Name: APPCRASH

Response: Not available

Cab Id: 0

Problem signature:

P1: Syslogd_Service.exe

P2: 9.4.0.1

P3: 5256d794

P4: ntdll.dll

P5: 6.1.7601.18247

P6: 521ea8e7

P7: c0000005

P8: 000552a2

P9:

P10:

Attached files:

These files may be available here:

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Syslogd_Service._dae90f6dff5377cb3818b3577cc016b8e269a5_1190477d

Analysis symbol:

Rechecking for solution: 0

Report Id: 98b25655-59c8-11e4-8349-005056bb1e35

Fault bucket , type 0

Event Name: APPCRASH

Response: Not available

Cab Id: 0

Problem signature:

P1: Syslogd_Service.exe

P2: 9.4.0.1

P3: 5256d794

P4: ntdll.dll

P5: 6.1.7601.18247

P6: 521ea8e7

P7: c0000005

P8: 000552a2

P9:

P10:

Attached files:

These files may be available here:

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Syslogd_Service._dae90f6dff5377cb3818b3577cc016b8e269a5_1190477d

Analysis symbol:

Rechecking for solution: 0

Report Id: 98b25655-59c8-11e4-8349-005056bb1e35

Report Status: 0

↧

Monitor Cisco Firewall and Router "Bad Password" Attempt Failures

March 11, 2013, 10:48 am

≫ Next: Syslog stops logging with no notification

≪ Previous: kiwi syslog service crashes

I am setting up Cisco Routers and assorted firewall with Kiwi to listen and alert on Bad Passwords with little success. I have also allowed SNMP. Has anyone have success with doing this and have any examples of the Cisco devices. We are using an assorted number of Cisco Routers, Switches, ASA firewalls, and VPN 3000 series gear.

logging trap errors

logging source-interface Ethernet0/0

logging 172.16.7.57

snmp-server community readmib RO

snmp-server enable traps snmp

snmp-server enable traps syslog

snmp-server host 172.16.7.57 traps writemib

↧

Syslog stops logging with no notification

May 29, 2015, 4:18 am

≫ Next: Forwarding SharePoint logs to Kiwi Syslog Server

≪ Previous: Monitor Cisco Firewall and Router "Bad Password" Attempt Failures

I discovered this morning (only because I didn't receive the nightly report) that two of our Syslog servers stopped logging yesterday afternoon. The nightly archiving and cleanup jobs did not run. The service did not crash. The drive has 63 GB of free space. There are no entries under the Application or System logs in Windows. Under the Errorlog I see this for all of the reporting nodes ("ip.address.#" is placeholder for the actual values in the logs):

2015-05-28 15:38:59 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:38:59 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address1.txt

2015-05-28 15:39:00 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:00 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1..txt

2015-05-28 15:39:02 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:02 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.2.txt

2015-05-28 15:39:03 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:03 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\ESX\ip.address.3.txt

2015-05-28 15:39:03 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:03 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt

2015-05-28 15:39:06 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:06 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt

2015-05-28 15:39:07 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:07 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\ESX\ip.address.4.txt

2015-05-28 15:39:08 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:08 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt

2015-05-28 15:39:11 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:11 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt

2015-05-28 15:39:16 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:16 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt

2015-05-28 15:39:16 Log to file action - Error: Win32File Object [45600] Unknown error.

2015-05-28 15:39:16 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\ESX\ip.address.5.txt

The log stops there. When I restart the service I see these additional entries in the Error log:

2015-05-29 07:17:16 Unable to open InterApp listening socket on TCP port 3300

2015-05-29 07:17:16 Unable to open UDP socket on port 514

2015-05-29 07:19:08 Service running, but Service/Manager comm link is not connecting.

2015-05-29 07:19:28 Unable to connect to Service socket on TCP port 3300

2015-05-29 07:19:38 Service running, but Service/Manager comm link is not connecting.

Any ideas?

↧

Forwarding SharePoint logs to Kiwi Syslog Server

September 19, 2019, 1:20 am

≫ Next: Kiwi Syslog Manager 9.6.6.1 is failing to open

≪ Previous: Syslog stops logging with no notification

I am using SolarWinds Event Log Forwarder to forward mainly security and application logs from different server to a Kiwi Syslog Server (v9.5)

Management flagged out to me that one of the server which stored Microsoft SharePoint logs is full and discuss on forwarding SharePoint logs to the Syslog Server.

I am not getting much success using the Event Log Forwarder as the logs forwarded are unrelated so I suspect that the configuration needs to be done on the SharePoint itself to forward the logs. I have no experience with SharePoint

Anybody with experience with SharePoint that is able to help me on how to forward logs to the Syslog Server will be greatly appreciated.

↧

Kiwi Syslog Manager 9.6.6.1 is failing to open

May 14, 2019, 2:10 am

≫ Next: When is Kiwi Syslog v10 coming out?

≪ Previous: Forwarding SharePoint logs to Kiwi Syslog Server

Hello Team,

I tried to install Kiwi server on newly build WIndows 2016. The service starts successfully but console fails to start with below error. Is there something I need to do additional? Haven't seen this error with previous installs.

THE FOLLOWING INTERNAL PROGRAM ERROR HAS OCCURRED:

Manager Version = 9.6.6.1

Error Number: -2146234304

Description: Automation error

Module Name: Syslogd.frm

Procedure Name: Startup

Line Number: 2250

Date and time: 5/14/2019 2:08:00 AM

Thanks

Pradeep

↧

When is Kiwi Syslog v10 coming out?

March 11, 2016, 6:15 am

≫ Next: How to create Service Now Ticket using Kiwi Syslog Server or LEM ?

≪ Previous: Kiwi Syslog Manager 9.6.6.1 is failing to open

As you all may recall, it's been 7 months since Kiwi Syslog v9.5 was posted (see Kiwi Syslog 9.5 is now Available! ). I am very much looking forward to a major release (i.e. v10). What would this new version contain? I have a few things in my wish-list...

Increased the of number of syslog messages and snmp traps that can Kiwi can handle. According to a posting on Geek Speak (How many messages can Kiwi Syslog manage?), Kiwi can handle between 400 and 600 messages per second. I'd like to see that go all the way up to 2,000 messages (or more).
Rules Wizard (for the novice and those of us with diminished brain-cells due to age.
Full web-based management option. I don't know about other Thwackers, but I prefer not to use Win32 (via RDP) whenever possible.
Additional Polling Engine option for Kiwi. This, so we can have multiple servers handle syslog messages and snmp traps.

I am sure that other Thwackers have many other items in their respective wish-list for Kiwi. I'd like to hear from you. And, of course, I'd like to hear from the Kiwi PM, to tell us what's in the Roadmap for the next Kiwi release. Have a great day, everyone!!!

↧

How to create Service Now Ticket using Kiwi Syslog Server or LEM ?

September 12, 2017, 6:43 am

≫ Next: Kiwi Syslog Web Access Problem

≪ Previous: When is Kiwi Syslog v10 coming out?

Hi,

We are looking into installing Kiwi Syslog Server or LEM for our log monitoring needs.

Currently comparing Kiwi Syslog Server and LEM and trying to find if one or both of them has feature that helps us to create service now ticket when we receive certain logs. We'd appreciate any information on this.

Regards,

Manish

↧

Kiwi Syslog Web Access Problem

June 1, 2010, 10:39 am

≫ Next: Kiwi not forwarding to Solarwinds server

≪ Previous: How to create Service Now Ticket using Kiwi Syslog Server or LEM ?

Hello,

I've got a registered version of Kiwi Syslog Server.

I've got the "Log To Syslog Web Access" Filters set up.

But I don't have any log in the web access.

The only little clue I have is when I do a Syslog_Diagnostics I've got this :

SolarWinds.KiwiSyslog.WebAccess.Data

====================================
Component not started.

And this error :

2010-06-01 20:26:46 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file is larger than the configured maximum database size. This setting takes effect on the first concurrent database connection only. [ Required Max Database Size (in MB; 0 if unknown) = 0 ]

Any Ideas ?

↧

Kiwi not forwarding to Solarwinds server

April 1, 2016, 5:25 am

≫ Next: kiwi syslog filter brocken:Only filters Priority field NO others

≪ Previous: Kiwi Syslog Web Access Problem

I have configured kiwi to forward certain syslog messages to our SW server, but they never arrive. If I select the test option, this arrives on the SW server, so I know the rule is working. I can only assume it is the filter, but Ive tried all combinations in an attempt to forward a message, but never see any. Rather than trying to select a specific meagre, how could I forward all syslog messages to SW?

↧

kiwi syslog filter brocken:Only filters Priority field NO others

January 12, 2015, 8:16 am

≫ Next: Log Forwarder for Windows (available to all Kiwi customers on maint)

≪ Previous: Kiwi not forwarding to Solarwinds server

hello

the filter display mechanism is broken. the tool ONLY filters on the priority field , all other fields are ignored

running V 9.4.1

this is the NON web view

even though filters are screening the message area, the tool does not match. only matches are made in the Priority field

as you can see, the first line should match the filter that is selected , yet it is ignored and only matches the priority field

↧

Log Forwarder for Windows (available to all Kiwi customers on maint)

October 19, 2009, 10:39 am

≫ Next: "SWL Initialize : Automation error"

≪ Previous: kiwi syslog filter brocken:Only filters Priority field NO others

What it does:

Log Forwarder for Windows allows you to forward Windows events as Syslog to your Kiwi Syslog Server

Works on Windows XP, 2003, Vista, and 2008 (32-bit or 64-bit)
Provides .MSI version for silent installs, allowing use with remote software distribution systems (e.g., Microsoft SMS)
Enables definition of filters that describe which events are forwarded

How to get it:

If you download the Kiwi Syslog Server 9.0 from your customer portal, you will see there is an additional Log Forwarder executable included with your download. The Log Forwarder for Windows was developed by the Kiwi Syslog team. It is available at no cost to Kiwi Syslog customers current on maintenance.

Try it out and let us know what you think!

↧

"SWL Initialize : Automation error"

June 20, 2016, 9:41 am

≫ Next: Bad format from MAC Address

≪ Previous: Log Forwarder for Windows (available to all Kiwi customers on maint)

"SWL Initialize : Automation error"

↧

Bad format from MAC Address

July 19, 2016, 3:03 am

≫ Next: IP Address Format

≪ Previous: "SWL Initialize : Automation error"

Hello ITs,

We are getting SNMP traps from differents WLC 2504 (Cisco Wifi Controller) to our Kiwi Syslog Server (version 9.5.1.59) deployed on Windows Server 2012 64bits. The following problem it was discovered when we saw all MAC-addresses appears in bad format (see file attached below). We need to change the file format from cldcClientIPAddress.0 to Hex String. How can I change this field from "Messange Text"? I captured the SNMP trap and appears in well format.

Thanks you and best regards.

↧