I need a solution for formatting an IP Address or MAC Address. I see that some records correctly format the IP address or the MAC address, but I need one record returned with the correctly formatted IP address and MAC address so that I can identify Internet traffic from a device. Is there a solution for getting these items formatted?
↧
IP Address Format
↧
Kiwi Syslog Server free ed. not receiving SNMP Traps version 2c
Hello Everybody.
I'm having troubles receiving SNMP Traps v 2c on Kiwi Syslog Server Free edition.
Although it is described in the feature list that this is supported (also in the documentation), i can receive version 1 but not 2c.
Using Wireshark to listen to the traffic i can clearly see SNMP traps version 2 incoming, but nothing appears on syslog server.
Can anyone help?
I asked support@ and sent many mails, but didn't get any answer to the problem, they just said to post my question here because this is a free product.
Thank you very much.
↧
↧
test message working on "log to file", not working on "display"
Hi,
I have a "log to file" action and it works normally, but another "display" action doesn't work, I selected display number "Display 01" and selected it in the visualization, but even if the test returns me a green tick, the visualization is empty.
I followed the troubleshooting but it didn't help, any idea?
↧
Kiwi Syslog 9.4 Release Candidate is Now Available!
The engineering effort on Kiwi Syslog Server (KSS) v9.4 Release Candidate has been completed. RC is the last step before general availability and is a chance for existing customers to get the newest functionality before it is available to everyone else.
You will find the latest version on your customer portal in the Release Candidate section.
Here is the content of this RC version:
- Moving to a new web server
This change brings a lot of new functionality "for free". Examples:- SSL (https) support for Web Access
- Process health monitoring
- TCP port sharing
- And much more! (See UltiDev Web Server Pro pages for details.)
- Active Directory authentication for web access
- Alerting for Message Queue Monitor
Be notified when the number of messages in the message queue crosses certain threshold. This indicates there might be performance problems and gives you chance to take an action before messages get dropped. - Bug Fixes / resolved cases:
AD support for Kiwi web access | |
3 questions regarding Kiwi Syslog Web Access | |
AD support for Kiwi web access | |
Kiwi Syslog accounts - AD tie in? | |
active directory authentication | |
AD/LDAP Support for Web Console | |
Kiwi Syslog Web User authentication via AD/LDAP | |
Broken Support link | |
Utra Dev Cassini Web Server Service | |
After web access installation, Cassini Web service stops | |
Feature Request - Support Newer UltiDev Cassini Server | |
WebAdmin: HTTPS for Web Front End | |
SSL for Web Access | |
https for Kiwi web interface | |
Alerting for Message Que Monitor | |
Availability of Buffer statistics for alerting and reporting | |
Milliseconds in Syslog in Descending Order! | |
Feature Request - Email Summarization | |
Database maintenance settings in Kiwi Syslog Webaccess doesn´t work | |
Reducing number of syslogs on web access | |
Question | |
Radio button missing text on Archive Schedule Destination tab | |
Wrong version displayed when cancelling licensing | |
sounds not playing on alert | |
"play a sound once" does not work | |
Service crash after ORACLE ODBC configuration | |
Status on 9.3.4 | |
Problem Creating Table for Oracle 11g Release 11.2.0.3.0 | |
Ability to see full list of devices |
RC builds are made available to existing customers prior to the formal release. These are used to get customer feedback in production environments and are fully supported.
↧
Syslog stops logging with no notification
I discovered this morning (only because I didn't receive the nightly report) that two of our Syslog servers stopped logging yesterday afternoon. The nightly archiving and cleanup jobs did not run. The service did not crash. The drive has 63 GB of free space. There are no entries under the Application or System logs in Windows. Under the Errorlog I see this for all of the reporting nodes ("ip.address.#" is placeholder for the actual values in the logs):
2015-05-28 15:38:59 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:38:59 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:38:59 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address1.txt
2015-05-28 15:39:00 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:00 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:00 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1..txt
2015-05-28 15:39:02 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:02 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:02 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.2.txt
2015-05-28 15:39:03 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:03 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:03 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\ESX\ip.address.3.txt
2015-05-28 15:39:03 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:03 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:03 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt
2015-05-28 15:39:06 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:06 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:06 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt
2015-05-28 15:39:07 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:07 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:07 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\ESX\ip.address.4.txt
2015-05-28 15:39:08 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:08 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:08 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt
2015-05-28 15:39:11 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:11 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:11 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt
2015-05-28 15:39:16 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:16 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\Firewalls\ip.address.1.txt
2015-05-28 15:39:16 Log to file action - Error: Win32File Object [45600] Unknown error.
2015-05-28 15:39:16 Log to file action - Error: FlushCacheLines <Encoding_Failed> - File: E:\Syslogs\ESX\ip.address.5.txt
The log stops there. When I restart the service I see these additional entries in the Error log:
2015-05-29 07:17:16 Unable to open InterApp listening socket on TCP port 3300
2015-05-29 07:17:16 Unable to open UDP socket on port 514
2015-05-29 07:19:08 Service running, but Service/Manager comm link is not connecting.
2015-05-29 07:19:28 Unable to connect to Service socket on TCP port 3300
2015-05-29 07:19:38 Service running, but Service/Manager comm link is not connecting.
Any ideas?
↧
↧
Kiwi Syslog Service hanging
1st time starting a discussion.
1st time working with Kiwi Syslog.
Let me know if I'm in the wrong place.
I am very new to Syslog Servers.
I'm a Route/Switch type guy.
We are using Kiwi Syslog to get Call Manager Call Traces for troubleshooting.
This Instance of Kiwi Syslog was working fine as a Guest VMware Server on a Host Server.
We used the app Veeam to move the Kiwi Syslog VMware Guest Server to another Host.
This issue started after the copy/move of the Kiwi Syslog
No IP addresses were changed, it's on the same network as before.
It starts up, logs are being received, and then they stop.
If you try to start the service, it tells you it's already running.
At the bottom of the Kiwi Syslog Service Manager, you can see the MPH indicator has stopped.
Looking at the correct folder I can see the logs are no longer being received.
If I stop the service and start the service it starts.
There is a script that tells it to restart every morning at 4am, and it will do this.
Below is the error event seen when it stopped last time.
Windows Server 2012 R2
64 -bit OS
Has anyone seen this type of issue before?
Any help would be greatly appreciated,
Mhaley
↧
'How much traffic can Kiwi Syslog Server handle?'
according to the FAQ.. Our software is built and tested to support more than two million messages an hour without tuning. (That would support more than 500 machines each sending one message a second.)
This blog says to split out your busiest syslog source...
But what do you do when a single source exceeds 600-1000 messages per second? eg., upstream syslog aggregator or firewalls
↧
Promo Download
I just downloaded the free 14 day trial of the syslog server yesterday. I am having one small problem in viewing this software. When I try to log on to the web access service, I am denied, and I know I am not typing in the wrong username or password. I have an approx. 8-12 length character password, and after entering it, the password line writes in its own characters. What I mean is that instead of the 8-12 length character password being entered, the screen freezes, makes the password some 30 characters long, and then denies me. Any help with this issue would be greatly appreciated.
↧
Kiwi Syslog 9.5 Release Candidate is now Available!
The Release Candidate for Kiwi Syslog Server 9.5 is now ready! The new Kiwi Syslog version is packed with great new features and improvements. RC is the last step before general availability, and it is a chance for existing customers to get the newest functionality before it is available to everyone else. You can download it from the LATEST DOWNLOADS FOR YOUR PRODUCTS section of the customer portal. Change filter to "Release Candidate" and click on download button next to Kiwi Syslog RC version.
This release contains various improvements such as
- SNMP v3 Trap support
- SNMP Trap Forwarding
- Trap fields to VarBinds Elements in Output
- Logging to Papertrail cloud
- IPv6 Support
- Statistics email reports based on different interval
- Ability to create more than five web console users
RC builds are made available to existing customers prior to the formal release. These are used to get customer feedback in production environments and are fully supported. If you have any questions I encourage you to leverage the KSS forum on thwack.
Now go and download new version now!
↧
↧
Collect DHCP events from Windows DHCP server
Hello,
Could you please tell me how to transfer all DHCP events (from a standard Windows 2012 DHCP server) to syslog ?
Thanks in advance for your help
↧
SYSLOG to SQL
Brand new KIWI 9.1 eval user... succeeded in getting my SYSLOG fed to a SQL table, but need to parse the msgtext field. I'm not a script writer, but hope there is a way to do this without scripting??? I've attached an exerpt from what ends up in the SQL table. The delimiter for the MSGText field is Binary 09 which I believe is a tab? Also, a screen shot of how my rules are currently set up (and feeding but not parsing...)
The actual log entry would look like this with the underlined bold part being the msgtext to be parsed.......
2010-11-05 13:22:11 Local4.Info 10.0.1.11 Nov 5 13:22:11 iprism: WEB<009>http<009>1288988531<009>P<009>10.31.40.248<009>CKHS_Students<009>cksduser\vollmer3861m<009>287<009>http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif?labels=NewsAndReference<009>internet services<009>0<009>HTTPGET<009>200<009>image/gif
Any thoughts would be greatly appreciated!
Thanks all...
↧
test message working on "log to file", not working on "display"
Hi,
I have a "log to file" action and it works normally, but another "display" action doesn't work, I selected display number "Display 01" and selected it in the visualization, but even if the test returns me a green tick, the visualization is empty.
I followed the troubleshooting but it didn't help, any idea?
↧
Kiwi Syslog - replace string on alert
Hi All,
I would like to create an alert (using Kiwi Syslog server) on a syslog message if an OSPF adjacency goes down, but I prefer to add (or replace) the neighbor (in this example 172.31.0.136) with a custom string.
Nov 18 10:27:40: %OSPF-5-ADJCHG: Process 1, Nbr 172.31.0.136 on GigabitEthernet1/0/23 from FULL to DOWN, Neighbor Down: Interface down or detached
Any ideas if it's possibile and how?
Many thanks!
Luca
↧
↧
Mail error: SMTP protocol error. 504 5.7.4 Unrecognized authentication type
I'm having trouble configuring email alerts. I'm trying to send alerts to my Office 365 email address. Can someone see if I've input one of these settings incorrectly? I'm using my full Office 365 email for each of the blacked out sections in the screen shot below. For "SMTP Password," I'm using my Office 365 password.
↧
Administrator Password Missed; Other way to login
Hi,
I have recently been handed over Kiwi Syslog server to manage which has both Fat Client and Web Server. Fat Client is directly logged in however Web console could not be logged in. When I checked regarding the password of "Administrator", I have been informed that resource handling it has left long ago and there is no one to tell.
Is there a way we can reset the password of Administrator or create a new user from Syslog Fat Client. I cant raise the request with Support as we do not have active maintanence.
Thanks,
Syed
↧
Event Log Forwarder - Where is the Audit Failure Type?
Hi There,
I'm trialing Kiwi Syslog and I'm having trouble with the Log Forwarder and Security Event Log. When I click on the Security Log I don't see Audit Success or Audit Failure as an event type. It just has Error, Warning and Information. If I manually edit the CFG file and add <int>16</int> it works, but then it gets overwritten if I make a change. Am I doing something wrong? How can I see Audit Failure as an Event Type?
Thanks,
↧
Send log to Kiwi vs Save in a log file
Hi there,
I'm trying to figure out which way is better? Correct me if I'm wrong.
Currently, I want to change log level from critical to notification. I tried to avoid fill up log storage in the swtich (e.g. 3850)
1. Kiwi: I need to change console log level in order to send notification logs to kiwi, which all the notification logs would store locally in the switch then.
2. Log file (logging logfile logfile-name severity-level [ size bytes ]): I can just change saving log file level to notification, and still store critical logs locally in the switch.
If I'm right about the concept, wouldn't it be better to store syslogs in a log file instead of sending to kiwi?
Thank you!!
Best,
Lionel
↧
↧
Kiwi Syslogd_Service.exe stopping unexpectantly
we are experiencing the below events:
Event ID: 1000
Faulting application name: Syslogd_Service.exe, version: 9.6.3.3, time stamp: 0x5a0da76b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x065685f4
Faulting process id: 0x%9
Faulting application start time: 0x%10
Faulting application path: %11
Faulting module path: %12
Report Id: %13
Faulting package full name: %14
Faulting package-relative application ID: %15
Event ID: 1026
Application: Syslogd_Service.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000096, exception address 065685F4
Stack:
the service can be manually started successfully, however it stops with the above errors on a seemingly random basis (at least once a day).
EDIT 17:38 19/04/18 - I discovered that the service fails when a scheduled job (to archive) the syslog files is activated - but not when manually ran.
↧
no log shows on Kiwi Syslog Web Access
I am having kiwi syslog 9.5 installed.
I choose to install as service and also installed the web access.
The syslog console opened fine and I see logs on displayed and also to file.
However, with the web access, it shows nothing (what so ever). I checked the Setup on Console Manager and see that under Rules i have 2 exact same option for "Log to Syslog Web Access". Everything under that options checked.
But I still see no log on web access.
1) I tried to uncheck all the "Log to Syslog Web Access".
2) Closed the Console Manager and reopened it
3) Checked mark one of the 2 optioins "Log to Syslog Web Access" and everything below it.
4) Opened and log in to web access -> Still see nothing.
any idea?
↧
Mail error: SMTP protocol error. 504 5.7.4 Unrecognized authentication type
I'm having trouble configuring email alerts. I'm trying to send alerts to my Office 365 email address. Can someone see if I've input one of these settings incorrectly? I'm using my full Office 365 email for each of the blacked out sections in the screen shot below. For "SMTP Password," I'm using my Office 365 password.
↧