Kiwi Syslog failed to start - error code 1053 - System local account

November 21, 2011, 10:22 am

≫ Next: New - Kiwi Filtering

≪ Previous: Kiwi Syslog Server High CPU Utilization - Messages Seem to be behind

Hi people !

I am testing Kiwi Syslog Server Service edition with Evaluation Version....

I am running Kiwi on a 2008r2 SP1 (R2 is x64).

I am trying to run the Kiwi daemon with the system local account ; but i have the error 1053 poping:

" The service did not respond to the start or control request in a timely fashion "

I tried to adjust the timeout Value in the Registry to 60 (30 by default) ; no way the kiwi syslog Service don't start.

I created the debugging value to see what happening on startup, but i have only :

2011-11-21 18:50:19    Start-up file Initialized.
2011-11-21 18:50:19    Performing NT Service setup for Kiwi Syslog Server
2011-11-21 18:50:19    Service Starting - NTServiceSetup

When i am using the administrator account of the server ; the service starts quickly ...here is the debug log :

2011-11-21 19:03:44    Start-up file Initialized.
2011-11-21 19:03:44    Performing NT Service setup for Kiwi Syslog Server
2011-11-21 19:03:44    Service Starting - NTServiceSetup
2011-11-21 19:03:44    Service startup triggered. Parameters:
2011-11-21 19:03:45    Startup entered
2011-11-21 19:03:45    About to initialise sockets
2011-11-21 19:03:45    Listening on InterApp TCP port 3300
2011-11-21 19:03:45    Listening on UDP port 514
2011-11-21 19:03:46    Message check timer started
2011-11-21 19:03:46    Startup completed

But for security reason i can't use an admin Account, i need to use the local system account.

I ran procmon to see what's wrong ; no errors about File/Registry denied access.

When using Local system account, the process stops here :

When using an Admin account , the process starts, and "hits" an .INI file (KRDP_Sessions.ini) :

Can you have any information on this ?

Regards,

↧

New - Kiwi Filtering

July 31, 2014, 9:11 pm

≫ Next: How to delete old records from Kiwi Syslog Web Access?

≪ Previous: Kiwi Syslog failed to start - error code 1053 - System local account

New to Kiwi,

Trying to filter a single IP.

Using Hostname "10.10.0.201" (with case sensitive/without substring).

Messages are already being recorded and displayed in a CatchAll Rule filter but aren't being picked up by a separate rule with a single filter displaying to a different display screen.

Any suggestions are appreciated.

↧

How to delete old records from Kiwi Syslog Web Access?

September 4, 2009, 8:18 am

≫ Next: Error: "Trial version of activeskin control" after upgrading to current Kiwi Syslog version 9.4.0

≪ Previous: New - Kiwi Filtering

How to delete records from the Kiwi Syslog Web Access?

Thanks.

↧

Error: "Trial version of activeskin control" after upgrading to current Kiwi Syslog version 9.4.0

September 12, 2013, 5:15 am

≫ Next: Log Forwarder for Windows (available to all Kiwi customers on maint)

≪ Previous: How to delete old records from Kiwi Syslog Web Access?

After upgrade, when I start the Kiwi Syslog app I get a box that comes up and says "Trial version of ActiveSkin control" and I need to click OK. Anyone else see this?

Debbi

↧

Log Forwarder for Windows (available to all Kiwi customers on maint)

October 19, 2009, 10:39 am

≫ Next: Kiwi syslog - 2011-03-18 10:54:01Licensed action was found in settings and disabled.

≪ Previous: Error: "Trial version of activeskin control" after upgrading to current Kiwi Syslog version 9.4.0

What it does:

Log Forwarder for Windows allows you to forward Windows events as Syslog to your Kiwi Syslog Server

Works on Windows XP, 2003, Vista, and 2008 (32-bit or 64-bit)
Provides .MSI version for silent installs, allowing use with remote software distribution systems (e.g., Microsoft SMS)
Enables definition of filters that describe which events are forwarded

How to get it:

If you download the Kiwi Syslog Server 9.0 from your customer portal, you will see there is an additional Log Forwarder executable included with your download. The Log Forwarder for Windows was developed by the Kiwi Syslog team. It is available at no cost to Kiwi Syslog customers current on maintenance.

Try it out and let us know what you think!

↧

Kiwi syslog - 2011-03-18 10:54:01Licensed action was found in settings and disabled.

March 18, 2011, 4:43 am

≫ Next: Kiwi generated SNMP messages

≪ Previous: Log Forwarder for Windows (available to all Kiwi customers on maint)

Kiwi syslog stopped collecting information. The view error log button is red and blinking. When i click to view the log

is see the below message repeating itself:

2011-03-18 10:54:01 Licensed action was found in settings and disabled.

2011-03-18 13:37:56 Licensed action was found in settings and disabled.

2011-03-18 13:37:57 Licensed action was found in settings and disabled.

↧

Kiwi generated SNMP messages

August 27, 2014, 2:39 am

≫ Next: Need Help Troubleshooting - Not Receiving/Displaying Messages

≪ Previous: Kiwi syslog - 2011-03-18 10:54:01Licensed action was found in settings and disabled.

Hello,

is it possible to create SNMP Trap messages with multiple varbinds?

I try to do but the Traps always only has 2 varbinds. The first is the OID and the second is the message text.

Hope someone can help.

↧

Need Help Troubleshooting - Not Receiving/Displaying Messages

January 13, 2014, 11:00 am

≫ Next: Kiwi Syslog 9.4 Release Candidate is Now Available!

≪ Previous: Kiwi generated SNMP messages

Server 2008 R2 Std

Kiwi Syslog Server 9.4.1

I have an older version of Kiwi installed on an old server that is being retired. I've installed it on the new server, but I cannot get it to display anything. I exported settings from the other server and imported on this one, then went to Inputs-UDP and set the correct IP to bind it to.

I've gone through ALL the steps at SolarWinds Knowledge Base :: Kiwi Syslog Daemon is not receiving messages and Kiwi Syslog Server but had no luck getting it to work.
I know for a fact that messages are being received -- when I run WireShark with the filter, "udp port 514", I see PLENTY of traffic from my firewall. Both my firewall and VPN device are sending syslog messages to the old server and the new one. The old server is still working just fine.
Windows Firewall on the new server is completely disabled.
I loaded the default rules and settings but still had no luck.
I disabled all DNS resolution - no luck.
There is no Errorlog.txt in C:\Program Files (x86)\Syslogd.
Test messages from within Kiwi work just fine.
I finally uninstalled Kiwi, rebooted the server, then reinstalled, and have the same problem.

Kiwi is running as LocalService -- I wondered if that might be the problem, but that's how it's running on the old server as well.

I'm at a loss as to what to do now. I tried contacting support, but since I'm using the free version I was directed here.

↧

Kiwi Syslog 9.4 Release Candidate is Now Available!

August 7, 2013, 6:16 am

≫ Next: How do you set up AD integration in Kiwi Syslog?

≪ Previous: Need Help Troubleshooting - Not Receiving/Displaying Messages

The engineering effort on Kiwi Syslog Server (KSS) v9.4 Release Candidate has been completed. RC is the last step before general availability and is a chance for existing customers to get the newest functionality before it is available to everyone else.

You will find the latest version on your customer portal in the Release Candidate section.

Here is the content of this RC version:

Moving to a new web server
This change brings a lot of new functionality "for free". Examples:
- SSL (https) support for Web Access
- Process health monitoring
- TCP port sharing
- And much more! (See UltiDev Web Server Pro pages for details.)
Active Directory authentication for web access
Alerting for Message Queue Monitor
Be notified when the number of messages in the message queue crosses certain threshold. This indicates there might be performance problems and gives you chance to take an action before messages get dropped.
Bug Fixes / resolved cases:

408596	AD support for Kiwi web access
416692	3 questions regarding Kiwi Syslog Web Access
396596	AD support for Kiwi web access
327093	Kiwi Syslog accounts - AD tie in?
312151	active directory authentication
299645	AD/LDAP Support for Web Console
491536	Kiwi Syslog Web User authentication via AD/LDAP
439899	Broken Support link
450187	Utra Dev Cassini Web Server Service
376801	After web access installation, Cassini Web service stops
380290	Feature Request - Support Newer UltiDev Cassini Server
317512	WebAdmin: HTTPS for Web Front End
159947	SSL for Web Access
491537	https for Kiwi web interface
435117	Alerting for Message Que Monitor
451568	Availability of Buffer statistics for alerting and reporting
447733	Milliseconds in Syslog in Descending Order!
459792	Feature Request - Email Summarization
465803	Database maintenance settings in Kiwi Syslog Webaccess doesn´t work
412290	Reducing number of syslogs on web access
412867	Question
416258	Radio button missing text on Archive Schedule Destination tab
416169	Wrong version displayed when cancelling licensing
334330	sounds not playing on alert
272984	"play a sound once" does not work
342995	Service crash after ORACLE ODBC configuration
427158	Status on 9.3.4
373025	Problem Creating Table for Oracle 11g Release 11.2.0.3.0
493671	Ability to see full list of devices

RC builds are made available to existing customers prior to the formal release. These are used to get customer feedback in production environments and are fully supported.

↧

How do you set up AD integration in Kiwi Syslog?

September 5, 2013, 1:42 pm

≫ Next: How to Split Logs to Multiple Displays in Kiwi Syslog Server

≪ Previous: Kiwi Syslog 9.4 Release Candidate is Now Available!

I upgraded to Kiwi Syslog Server 9.4 to take advantage of the AD integration feature, but can't seem to find any documentation on how to set it up. Can someone point me in the right direction?

Thanks,

Dave

↧

How to Split Logs to Multiple Displays in Kiwi Syslog Server

May 31, 2013, 8:56 am

≫ Next: Kiwi Syslog Server High CPU Utilization - Messages Seem to be behind

≪ Previous: How do you set up AD integration in Kiwi Syslog?

SolarWinds's own Justin Finley just recorded a video tutorial that shows how to split logs into multiple displays in Kiwi Syslog Server.

External link to Jing: Multiple Displays - justinfinley's library

Video Guide:

0:00 Unfiltered display (Display 00)
0:10 Showing the rule that sends all messages to Display 00
0:20 Changing the unfiltered display from Display 00 to Display 05
0:25 Checking that the switch happened
0:35 Adding a new filter rule looking for the word "logon" and sending it to Display 01
1:20 Adding a new filter rule looking for the word "logoff" and sending it to Display 02
2:05 Checking that the new filters work
2:25 Renaming "Display 05" to "All Messages"
2:45 Renaming "Display 01" to "Logon" and "Display 02" to "Logoff"
3:10 Checking that the display renaming worked

Remember to "LIKE" this if you find it useful - that helps other find it too!

↧

Kiwi Syslog Server High CPU Utilization - Messages Seem to be behind

September 8, 2010, 11:51 am

≫ Next: Can not receive message from Cisco switch 3750

≪ Previous: How to Split Logs to Multiple Displays in Kiwi Syslog Server

The CPU on my Kiwi Syslog Server is Pegged. Here is the Diagnostic info file from the server.

Kiwi Syslog Server [Registered] Version 9.0.3

/// Kiwi Syslog Server Statistics ///
---------------------------------------------------
24 hour period ending on: Wed, 08 Sep 2010 14:44:34
Syslog Server started on: Wed, 08 Sep 2010 13:37:39
Syslog Server uptime: 1 hour, 7 minutes
---------------------------------------------------

+ Messages received - Total:          1098753
+ Messages received - Last 24 hours: 1098753
+ Messages received - Since Midnight: 1098753
+ Messages received - Last hour:      996804
+ Message queue overflow - Last hour: 416654
+ Messages received - This hour:      101949
+ Message queue overflow - This hour: 12336
+ Messages per hour - Average:        996804

+ Messages forwarded: 769810
+ Messages logged to disk: 1194581

+ Errors - Logging to disk:           0
+ Errors - Invalid priority tag:      0
+ Errors - No priority tag:           2
+ Errors - Oversize message:          309

+ Disk space remaining on drive E:    41554 MB

    Breakdown of Syslog messages by severity
+--------------------+------------+------------+
| Message Level      | Messages | Percentage |
+--------------------+------------+------------+
| 0 - Emerg          |         0 |      0.00% |
| 1 - Alert          |      2753 |      0.25% |
| 2 - Critical       |       496 |      0.05% |
| 3 - Error          |      5745 |      0.52% |
| 4 - Warning        |    103603 |      9.43% |
| 5 - Notice         |     42938 |      3.91% |
| 6 - Info           |    775902 |     70.62% |
| 7 - Debug          |    167316 |     15.23% |
+--------------------+------------+------------+

Custom statistics
-----------------
CustomStats01: 0
CustomStats02: 0
CustomStats03: 0
CustomStats04: 0
CustomStats05: 0
CustomStats06: 0
CustomStats07: 0
CustomStats08: 0
CustomStats09: 0
CustomStats10: 0
CustomStats11: 0
CustomStats12: 0
CustomStats13: 0
CustomStats14: 0
CustomStats15: 0
CustomStats16: 0

End of Report.

DNS Cache size  20000
DNS Cache entries 2
Entries in queue 0
DNS Cache hits  0
DNS Cache misses 0
DNS Cache TTL  1440 minutes
Total DNS Lookups 0
Successful cache hits 0%

IP Address Hostname TTL (minutes)
127.0.0.1 localhost Static
::1 localhost Static

Message Buffer Information
==========================
Message Queue Max Size: 20000
Message Queue overflow: 428990
Message Count:          19932
Message Count Max:      20000
Percentage free:        1

E-mail Buffer Information
==========================
Message Queue Max Size: 1000
Message Queue overflow: 0
Message Count:          0
Message Count Max:      13
Percentage free:        100

↧

Can not receive message from Cisco switch 3750

July 28, 2013, 11:37 pm

≫ Next: Perl script to parse SNMP trap and set VarCustom01

≪ Previous: Kiwi Syslog Server High CPU Utilization - Messages Seem to be behind

Hello guys,

I setup kiwi syslog server and could receive message from other devices, such cisco switch 2960, 5510, and windows server. But can not get any message from 3750. I enclosed 3750 configuration as below. Please help to take a look and where am I wrong. Thank you.

logging trap notifications

logging facility local5

logging 192.168.0.51

↧

Perl script to parse SNMP trap and set VarCustom01

March 5, 2014, 6:49 am

≫ Next: How to Migrate Kiwi Syslog server and viewer to Another system

≪ Previous: Can not receive message from Cisco switch 3750

I was trying the following script but I get no variable when trying to parse this way:

sub Main{

$source = $Fields->{VarRawMessageText};

my ($IP) = $source =~ /^\S+/;

$Fields->{VarCustom01} = $IP;

return "OK";

}

The VarRawMessageText should be the following: 127.0.0.1 1.2.131.24.14.1 etc etc

If I remove tags the agent_ip= is not that and the above regex should be correct but the script is not parsing it. I am using 8.3 of Kiwi (I do intend to upgrade but it's a production box)

I created a rule to run this script in the action and then I am calling %VarCustom01 to forward as the originator IP. The reason is I am forwarding SNMP traps from Cisco Prime to Kiwi and then to NCM. (there's some crazy logic as to why)

↧

How to Migrate Kiwi Syslog server and viewer to Another system

April 28, 2010, 12:15 am

≫ Next: Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)

≪ Previous: Perl script to parse SNMP trap and set VarCustom01

Current system on which Kiwi Syslog Server and viewer are installed is not working properly and we need to migrate to another system,
And SolarWinds License Manager does not reset Kiwi, ipMonitor, or LANsurveyor product licenses.

Kindly Solve the issue.

Thanks

Imran

↧

Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)

February 6, 2013, 5:04 am

≫ Next: Kiwi Syslog Server 9.4.1 - Active Directory Settings

≪ Previous: How to Migrate Kiwi Syslog server and viewer to Another system

PROBLEM - pfSense syslogs for firewall event is split into two lines when it is sent to Kiwi syslog app.

Is there a way to edit configuration or parsing script to parse the pfSense event as one similar to what the Splunk app can do see link http://www.basementpctech.com/content/pfsense-log-analysis-splunk

I understand that this is a PFsense tcpdump/issue, but I have already tried changing link http://redmine.pfsense.org/issues/1938 without any luck, it just don't work, tried all combinations of changes without any luck.

Pfsense version = 2.0.1-RELEASE, (amd64) , built on Mon Dec 12 18:16:13 EST 2011 ,FreeBSD 8.1-RELEASE-p6

I would really appreciate any help with this, as I have already exhasted searching for a working soloution using Kiwi Syslog, and the only thing holding me back from purchasing this application.

Appreciate any help on this..........

Example from Kiwi Syslog

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:50:56:9d:53:fc [|bootp]

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 10.x.x.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:56:9d:53:fc, length 313, xid 0xf7d8ecbb, secs 3328, Flags[bcast]

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 00:00:08.003040 rule 1/0(match): block in on em0: (tos 0x0, ttl 128, id 12646, offset 0, flags [none], proto UDP (17), length 341)

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:xx:56:9d:53:fc [|bootp]

↧

Kiwi Syslog Server 9.4.1 - Active Directory Settings

June 30, 2014, 1:02 pm

≫ Next: KIWI EMail Alerts

≪ Previous: Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)

Has anyone configured Active Directory Settings in Kiwi Syslog Server 9.4.1? Below are the available Active Directory Settings available in the Web Access interface under the Admin Tab.

Domain URL: <Free Form Box> My domain prepopulated correctly.
Authentication Type: <Free Form Box>. Is this supposed to be NTLM, Kerberos, etc?
User Groups: <Free Form Box> Does the format need to be LDAP based?

↧

KIWI EMail Alerts

January 16, 2014, 6:13 am

≫ Next: Web Access stuck in timeout loop

≪ Previous: Kiwi Syslog Server 9.4.1 - Active Directory Settings

Hello,

I have been working with Kiwi and trying to setup custom email alerts for a number of devices and have ran into an issue and wondering if anyone has any insight for me.

For Example if I setup the following email alerting Rule Set:

Critical Devices

+ Filters

+ IP Range = 192.168.0.1 - 192.168.0.55

+ Priority = All Facilities (Emerg + Alert)
+ Flags/Counters = Time Interval (60 Minutes)

+ Actions

+ E-Mail Message (MyEmail@email.com)

So with the above example I am just looking to get alerts for my critical devices, in this example they are all in the sub-net above, and the time interval is set to ensure that I am not getting bombarded with a ton of alerts in a short period of time.

The issue:

If I have two different devices that are triggering critical events at the same point in time, I will only get alerts from one of those devices based on the rule set above.

The Question:

Is there a way to configure ONE rule set to alert on a series of devices, and the flags and counters will only come into effect if its the SAME device sending the critical message within the time frame specified? Without creating a separate rule set for each critical device?

My Thoughts:

My Assumption is no this is not possible without creating different rule sets. If this is the case, I was thinking maybe the only way to accomplish what I want is VIA a script, my only issue would be is that if I create a script, I am unsure what command I would use to get Kiwi to stop processing the actions.

Ex. If critical alert comes in

check if alert has been processed in last 60 minutes

if yes

Exit

else

Send alert

end if

Obviously that is very basic, but perhaps it can get the idea across. My issue is that I have no idea what I can do VIA script to tell Kiwi to stop processing actions after my script if my script determines the alerts have been sent in the last 60 minutes.

Sorry if this is confusing, please let me know if I should clarify anything.

Jamie

↧

Web Access stuck in timeout loop

June 18, 2014, 1:04 pm

≫ Next: Log statistics ??

≪ Previous: KIWI EMail Alerts

Web Access timed out today, and when I hit the link to take me back to login, it stays there. Restarting Kiwi did noting.

↧

Log statistics ??

February 15, 2014, 11:23 pm

≫ Next: How to Split Log Files by IP Address and Date in Kiwi Syslog Server

≪ Previous: Web Access stuck in timeout loop

Please, i need to know if kiwi syslog server is able to show the log statistics for every device separately? on other hand, Can i know EPS "Event per second" for every device among a specific period??

↧