I am setting up a kiwi syslog server. Running into a problem with the filtering not working the way I would expect. I have used Kiwi but that was several years ago. I have setup a display for a specific switch and have tried several different filter possibilities but still getting syslog messages on the display that dont belong to the switch I am trying to watch.
I have tried a ip address - simple filter with the ip address of the switch "10.1.1.2". On the cisco switch, I have used the command logging source-interface vlan 254 which should send out the syslog messages using the ip address in the simple filter I setup. I have also tried the hostname option with the hostname of the switch "Switch1" but same problem.
It has got to be something simple but so far I havent found the problem. Since this is the free version, I know I cant call Solar Winds support.
The CPU on my Kiwi Syslog Server is Pegged. Here is the Diagnostic info file from the server.
Kiwi Syslog Server [Registered] Version 9.0.3
/// Kiwi Syslog Server Statistics /// --------------------------------------------------- 24 hour period ending on: Wed, 08 Sep 2010 14:44:34 Syslog Server started on: Wed, 08 Sep 2010 13:37:39 Syslog Server uptime: 1 hour, 7 minutes ---------------------------------------------------
+ Messages received - Total: 1098753 + Messages received - Last 24 hours: 1098753 + Messages received - Since Midnight: 1098753 + Messages received - Last hour: 996804 + Message queue overflow - Last hour: 416654 + Messages received - This hour: 101949 + Message queue overflow - This hour: 12336 + Messages per hour - Average: 996804
+ Messages forwarded: 769810 + Messages logged to disk: 1194581
DNS Cache size 20000 DNS Cache entries 2 Entries in queue 0 DNS Cache hits 0 DNS Cache misses 0 DNS Cache TTL 1440 minutes Total DNS Lookups 0 Successful cache hits 0%
I downloaded the the Free Kiwi syslog server ver 9.2.1, installed it on a Windows 2008 R2 64 bit server. The Kiwi Sysog Web access screen shows "Evaluation Expired" on the top right after the install. I thought it was free product!
I see alerts showing up on Kiwi Syslog Service Manager, but not on the Kiwi Syslog Web access.
Does anyone know if the Kiwi Sysog Web access screen is not showing because of the "Evaluation Expired" sign on the top right? If so, can someone give me some ideas to fix it.
I recently had my Kiwi Syslog server DBCache folder filled with over 20GB of cache files.
This was resolved by purging the cache with the "Purge Database Cache" button on the Kiwi menu, however I would love to do this daily or on a schedule when needed.
Is there an easy way to do this or is there an .exe file in the Syslogd folder that I can call on a schedule to perform this task ?
I would like to configure Syslog to save the log in a seperate file every day. Is that doable or is this is a paid version feature only, not sure, please advise.
I recently installed Kiwi Syslog on a Windows Server 2008 machine, however I had to uninstalled the program as the customer wants to be on the D:\ . But now I am not able to install the program on D:\ or even back
on C:\ as I get the error message "an unlicensed version is detected" hence the installation cannot proceed any longer.
Can anyone help? Where can I delete the old files so i am able to install the software again? I need to install this quite urgently, I have the license with me but I did not activate the license in my previous installation since it was not installed on the right drive.
I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.
I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.
I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.
I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.
My first post, i wish to share you some tips i found.
My main goal was to have access to the kiwi web site working with SSL...
But looking at Cassinni Web Server, it wasn't possible.
After searching more on this forum I found a post about a Rewriting Module with Apache ; so why dont we do it with IIS ?
Here we go !
Setup
- Win 2008 R2 , IIS 7 (with auth modules etc ...) , at least a working SSL certificate for the HTTPS listener (this post will not cover how PKI works, certs installation etc .... sorry).
- We will use the ARR 2.0 module x64 for IIS... See References at bottom for DL link, install it.
- A running Kiwi Syslog Server and the Web Access working on port 8088. Access via a browser works on this port.
Goal
- Enable the rewrite/proxy module in IIS
- Create a new IIS Web Site with HTTPS Listener on TCP Port 8090
- Create a rule to rewrite requests from 8090 to 8088
Now you can access from an "admin desktop" to this new SSL web site ...
Configure your firewalls to forbid access on port 8088 to this server (or/and configure the internal Windows Firewall of this server to allow only Localhost connection on 8088).
I'm using Kiwi syslog server 9 on Windows 2008 R2 server (VMware virtual machine). On 17.8.2012. physical server has stopped responding and customer had to restart it manually. Since then Kiwi syslog server doesn't work. When I try to access it, server's CPU raises to 100%, it is stuck like that for few minutes and then it displays error message in Kiwi grid pop up window saying 'Run-time error '0''.
Kiwi syslog service also can't be started, when I try to start it, it says it couldn't be started in timely fashion.
I've tried to delete/rename files in c:\program files\solarwinds\kiwi web access\html\app_data but with no success. I've renamed event.sdf to Old_event.sdf and made a copy of Event-blank.sdf and then renamed it to event.sdf.
I've raised a support ticket but with no results till now.
past weekend we were unable to login to to Kiwi Syslog webaccess as a result of the follow error message:
" Session initialization error An error occurred while initializing this session. The session has been abandoned.
Event database initialization failure. The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ] "
I have taken a look at the errorlog of Kiwi and noticed that there are three messages regarding this error:
2010-11-15 11:51:35 SolarWinds.KiwiSyslog.WebAccess.Data error: General exception. System.Runtime.InteropServices.SEHException: External component has thrown an exception. at System.Data.SqlServerCe.NativeMethods.ExecuteQueryPlan(IntPtr pTx, IntPtr pQpServices, IntPtr pQpCommand, IntPtr pQpPlan, IntPtr prgBinding, Int32 cDbBinding, IntPtr pData, Int32& recordsAffected, ResultSetOptions& cursorCapabilities, IntPtr& pSeCursor, Int32& fIsBaseTableCursor, IntPtr pError) at System.Data.SqlServerCe.SqlCeCommand.ExecuteCommandText(IntPtr& pCursor, Boolean& isBaseTableCursor) at System.Data.SqlServerCe.SqlCeCommand.ExecuteCommand(CommandBehavior behavior, String method, ResultSetOptions options) at System.Data.SqlServerCe.SqlCeCommand.ExecuteNonQuery() at SolarWinds.KiwiSyslog.WebAccess.Data.Logger.KiwiSyslogEventUpdate(Object state)
2010-12-04 20:58:48 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ]
2010-12-04 21:22:04 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ]
I start/stopped the webserver service without any success on saturday. This morning i tried to access the page again and I got correctly redirected to http://10.x.x.x:8088/gateway.aspx. At the moment the login is possible but I'm concerned that my database file may be corrupted!
I am setting up a kiwi syslog server. Running into a problem with the filtering not working the way I would expect. I have used Kiwi but that was several years ago. I have setup a display for a specific switch and have tried several different filter possibilities but still getting syslog messages on the display that dont belong to the switch I am trying to watch.
I have tried a ip address - simple filter with the ip address of the switch "10.1.1.2". On the cisco switch, I have used the command logging source-interface vlan 254 which should send out the syslog messages using the ip address in the simple filter I setup. I have also tried the hostname option with the hostname of the switch "Switch1" but same problem.
It has got to be something simple but so far I havent found the problem. Since this is the free version, I know I cant call Solar Winds support.
I recently installed Kiwi Syslog on a Windows Server 2008 machine, however I had to uninstalled the program as the customer wants to be on the D:\ . But now I am not able to install the program on D:\ or even back
on C:\ as I get the error message "an unlicensed version is detected" hence the installation cannot proceed any longer.
Can anyone help? Where can I delete the old files so i am able to install the software again? I need to install this quite urgently, I have the license with me but I did not activate the license in my previous installation since it was not installed on the right drive.
It is a noticeable that Kiwi Syslog Server does not support log collection in SDEE format sent by Cisco IPS appliances and modules, like IPS 4270.
CISCO IOS IPS supports sending syslog messages, however Cisco IPS appliances only support sending messages in SDEE format, which make their collection impossible.
We are wondering if it's in the scope for Kiwi Syslog Server to support SDEE format in its coming versions.
We are using licensed copy of Kiwi Syslog server with it's Log Forwarder for windows.
I am interested if I configure two log servers on the Log Forwarder for Windows and enable both of them will log forwarder send logs to both syslog servers at the same time?
We need logs to be sent to the Kiwi Syslog server and to another syslog server simultaneously.
We were able to configure the log forwarder itself and added both syslog servers but we see different number of matches on the firewall and this is the reason why I am asking this question.
We are have an issue getting SNMP trap inputs to work on Kiwi v9. We have installed Kiwi on both a WinXP (with SNMP trap service) and Win2k3 Virtual Machine. When collecting syslogs it works fine. However when we configure the SNMP inputs under setup, we get a message stating that it "cannot open snmp listener on port 162"
There was no other SNMP software installed as it suggested that the port is already bound to an interface. We then installed the Solarwinds Engineer's toolset on the VM and used the trap receiver. Once alarms were generated this worked well while Kiwi is still unable to receive the traps.
Finally, we used a standalone laptop and loaded Kiwi. Using the same address as the VM we were able to receive the SNMP traps from the device under test. The platform that Kiwi was loaded onto was WinXP with Trap service installed.
Any ideas anyone? Any assistance will be greatly appreciated. I saw in the forum something about UDP Spoofing being unable to work as well and I was wondering if it had any connection.
