Kiwi syslog 9.4 on windows server 2012 64bit Service crash - Possible bug!

October 2, 2013, 4:10 am

≪ Previous: Kiwi Syslog WebAccess Installation Error (error code is 2869)

Hello , kiwi friends!

I am trying to get Kiwi syslog 9.4 to work on windows server 2012 64bit but having problems with the service crashing then i try to start the kiwi syslog server console.

I have applied the kb fix for Microsoft .Net Framework 2 , before that i couldnt install kiwi syslog successfully becuse the service could not start.

http://knowledgebase.solarwinds.com/kb/questions/4386/

I have the following errors in the windows event viewer!

Error 7000: The Kiwi Syslog Server service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion

Error 7009 : A timeout was reached (30000 milliseconds) while waiting for the Kiwi Syslog Server service to connect.

Do you have a solution for this or could it be a new bug in windows server 2012 and the old dot net framework combined ?

Thanks in advance.

↧

Kiwi Syslog Web Access

October 21, 2013, 8:54 pm

≫ Next: Kiwi Syslog server setup (installation) via SSCM [System Center Configuration Manager] (Windows)

≪ Previous: Kiwi syslog 9.4 on windows server 2012 64bit Service crash - Possible bug!

Hi, I am new to Kiwi Syslog and I keep coming up with the attached error when installing the web access component.

I have upgraded Syslog Server to 9.4.1 and can't seem to get this going. I don't know if it was ever working to begin with.

When I try and go to http://localhost:8088 I get an error that "The resource cannot be found".

Is there any pre requisites that need to be pre installed on the server for web access to run? We have it running on Windows Server 2008 R2 Ent. SP1

↧

Kiwi Syslog server setup (installation) via SSCM [System Center Configuration Manager] (Windows)

March 14, 2014, 10:20 am

≫ Next: Kiwi Syslog 9.4 Release Candidate is Now Available!

≪ Previous: Kiwi Syslog Web Access

Dear All,

I have purchased a Kiwi Syslog Server Ver 9.4.1 and I require to install it onto 60 Servers in my environment. My query is that is there any way to install it using SSCM(System Center Configuration Manager) in Windows? Also I have few conditions in the installation process, these are:

------------------------------------------------------------------------------------------------------

1. As a Service

2. No Web Access (unchecking it - as it is enabled by default in the wizard)

3. Local System Account

4. Normal Install

------------------------------------------------------------------------------------------------------

Kindly help me in installing the Kiwi Syslog server.

Thanks in Advance.

↧

Kiwi Syslog 9.4 Release Candidate is Now Available!

August 7, 2013, 6:16 am

≫ Next: How do you set up AD integration in Kiwi Syslog?

≪ Previous: Kiwi Syslog server setup (installation) via SSCM [System Center Configuration Manager] (Windows)

The engineering effort on Kiwi Syslog Server (KSS) v9.4 Release Candidate has been completed. RC is the last step before general availability and is a chance for existing customers to get the newest functionality before it is available to everyone else.

You will find the latest version on your customer portal in the Release Candidate section.

Here is the content of this RC version:

Moving to a new web server
This change brings a lot of new functionality "for free". Examples:
- SSL (https) support for Web Access
- Process health monitoring
- TCP port sharing
- And much more! (See UltiDev Web Server Pro pages for details.)
Active Directory authentication for web access
Alerting for Message Queue Monitor
Be notified when the number of messages in the message queue crosses certain threshold. This indicates there might be performance problems and gives you chance to take an action before messages get dropped.
Bug Fixes / resolved cases:

408596	AD support for Kiwi web access
416692	3 questions regarding Kiwi Syslog Web Access
396596	AD support for Kiwi web access
327093	Kiwi Syslog accounts - AD tie in?
312151	active directory authentication
299645	AD/LDAP Support for Web Console
491536	Kiwi Syslog Web User authentication via AD/LDAP
439899	Broken Support link
450187	Utra Dev Cassini Web Server Service
376801	After web access installation, Cassini Web service stops
380290	Feature Request - Support Newer UltiDev Cassini Server
317512	WebAdmin: HTTPS for Web Front End
159947	SSL for Web Access
491537	https for Kiwi web interface
435117	Alerting for Message Que Monitor
451568	Availability of Buffer statistics for alerting and reporting
447733	Milliseconds in Syslog in Descending Order!
459792	Feature Request - Email Summarization
465803	Database maintenance settings in Kiwi Syslog Webaccess doesn´t work
412290	Reducing number of syslogs on web access
412867	Question
416258	Radio button missing text on Archive Schedule Destination tab
416169	Wrong version displayed when cancelling licensing
334330	sounds not playing on alert
272984	"play a sound once" does not work
342995	Service crash after ORACLE ODBC configuration
427158	Status on 9.3.4
373025	Problem Creating Table for Oracle 11g Release 11.2.0.3.0
493671	Ability to see full list of devices

RC builds are made available to existing customers prior to the formal release. These are used to get customer feedback in production environments and are fully supported.

↧

How do you set up AD integration in Kiwi Syslog?

September 5, 2013, 1:42 pm

≫ Next: Kiwi Syslog and Sonicwall Viewpoint log format are compatible?

≪ Previous: Kiwi Syslog 9.4 Release Candidate is Now Available!

I upgraded to Kiwi Syslog Server 9.4 to take advantage of the AD integration feature, but can't seem to find any documentation on how to set it up. Can someone point me in the right direction?

Thanks,

Dave

↧

Kiwi Syslog and Sonicwall Viewpoint log format are compatible?

December 27, 2013, 10:50 am

≫ Next: Kiwi Syslog + AlertCentral = Spam (atm)

≪ Previous: How do you set up AD integration in Kiwi Syslog?

There is some function on kiwi that I lost if I use sonicwall standard log format?

↧

Kiwi Syslog + AlertCentral = Spam (atm)

February 28, 2014, 12:51 am

≫ Next: Throttle email from rule with message text match on per host basis.

≪ Previous: Kiwi Syslog and Sonicwall Viewpoint log format are compatible?

Hi,

We are using Kiwi Syslog, and are now in the proccess of implementing also the AlertCentral.

But, we are facing the issue that we get spammed with tickets, created at the AlertCentral.

We have a very large amount of devices sending syslog messages to the syslog server. on the Syslog server I have now created a new instance only for the AlertCentral.

so, what would make sense for us, is to have the option to groupe messages. for example, collect all messages comming from a certain subnet, or even just collect everything that comes from a certain host, to a ticket, would be helpfull, is this possible with one of these tools?

This is of course doable in the Kiwi Syslog Web Access, but we wish to use the AlertCentral.

Also, is there a possibility to only send out one similar message from a host every X min?

This would be helpfull in all cases that we see that something is flapping.

Thanks!

br Ola

↧

Throttle email from rule with message text match on per host basis.

March 6, 2014, 6:35 am

≫ Next: syslog web access password

≪ Previous: Kiwi Syslog + AlertCentral = Spam (atm)

Say we have a rule that is watching the Message Text field, and then has a Time Interval filter to throttle the rate at which email messages are sent. Is there a way to have a separate counter for unique hosts so that the throttle is on a per host basis instead of just the message text match? If I have 100 hosts that could potentially hit this filter, I don't want the time interval filter to cause messages from one host to be missed because the time interval counter was suppressing email because of a hit from a different host. Obviously I don't want to create 100 different rules, one for each host.

Thanks, John

↧

syslog web access password

November 12, 2010, 7:25 am

≫ Next: Syslogd_Service.exe crash - out of stack space

≪ Previous: Throttle email from rule with message text match on per host basis.

I know this is a basic question but I'm new to this product. Can someone please tell me how to change the web access password. I don't remember what was chosen when it was installed.

Thanks,

dlarson

↧

Syslogd_Service.exe crash - out of stack space

March 15, 2012, 4:28 pm

≫ Next: Unable to Install KiwiSyslog Server after Uninstallation. "Unlicensed Version is Detected" prompts prevents further installation.

≪ Previous: syslog web access password

I am evaluating Kiwi Syslogd to front-end and filter syslog traffic since we are having performance problems and service crashes using the NPM Syslog Service. Here is the hardware platform:

HP DL385G7
2x AMD Opteron 6174 2.2GHz 12-core processors
32GB memory
RAID-1 for OS/Syslog
Windows Server 2008 R2 x64 Enterprise SP1

I installed Kiwi Syslogd and it ran for about an hour before it crashed with this failure:

Log Name:      Application
Source:        Application Error
Date:          3/15/2012 10:42:42 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      *********
Description:
Faulting application name: Syslogd_Service.exe, version: 9.2.0.1, time stamp: 0x4d069c0f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000a
Faulting process id: 0x91d0
Faulting application start time: 0x01cd02c944ab6d53
Faulting application path: C:\Program Files (x86)\Syslogd\Syslogd_Service.exe
Faulting module path: unknown
Report Id: 43e40d87-6ec6-11e1-a52f-3cd92b024752
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-03-15T17:42:42.000000000Z" />
    <EventRecordID>2945</EventRecordID>
    <Channel>Application</Channel>
    <Computer>************</Computer>
    <Security />
</System>
<EventData>
    <Data>Syslogd_Service.exe</Data>
    <Data>9.2.0.1</Data>
    <Data>4d069c0f</Data>
    <Data>unknown</Data>
    <Data>0.0.0.0</Data>
    <Data>00000000</Data>
    <Data>c0000005</Data>
    <Data>0000000a</Data>
    <Data>91d0</Data>
    <Data>01cd02c944ab6d53</Data>
    <Data>C:\Program Files (x86)\Syslogd\Syslogd_Service.exe</Data>
    <Data>unknown</Data>
    <Data>43e40d87-6ec6-11e1-a52f-3cd92b024752</Data>
</EventData>
</Event>

---------------------------

The following was in the Syslogd Errorlog.txt:

2012-03-15 09:32:52    Command line license key accepted.
2012-03-15 10:42:41    *** INTERNAL PROGRAM ERROR - Please contact http://www.kiwisyslog.com/support/ ***
2012-03-15 10:42:41    Service Version 9.2.1 | Error Number: 28 | Description: Out of stack space | Module Name: Syslogdsvc.frm | Procedure Name: SyslogSocket_DataArrival | Line Number: 260 | Date and time: 3/15/2012 10:42:41 AM
---------------------------

I have opened SolarWinds case #323438 regarding this.

↧

Unable to Install KiwiSyslog Server after Uninstallation. "Unlicensed Version is Detected" prompts prevents further installation.

July 3, 2012, 1:35 am

≫ Next: KiwiSyslog Evaluation - Log4Net and XML

≪ Previous: Syslogd_Service.exe crash - out of stack space

Hi guys,

I recently installed Kiwi Syslog on a Windows Server 2008 machine, however I had to uninstalled the program as the customer wants to be on the D:\ . But now I am not able to install the program on D:\ or even back

on C:\ as I get the error message "an unlicensed version is detected" hence the installation cannot proceed any longer.

Can anyone help? Where can I delete the old files so i am able to install the software again? I need to install this quite urgently, I have the license with me but I did not activate the license in my previous installation since it was not installed on the right drive.

Please help.

Thanks.

↧

KiwiSyslog Evaluation - Log4Net and XML

August 10, 2010, 1:16 am

≫ Next: New - Kiwi Filtering

≪ Previous: Unable to Install KiwiSyslog Server after Uninstallation. "Unlicensed Version is Detected" prompts prevents further installation.

Hello,

I've started evaluating KiwiSyslog Server.

We will be using KiwiSyslog Server (gui and webclient) to listen to UDP traffic broadcasted by our applicaitons by the Log4Net Library.

I was able to receive the traffic in the following default form which is not what I'm looking for.

Contacted Sales Support and they told me to search the forums (nothing relevant found) and post a thread here if I still need assistance.

Will be glad for some assistance because This SysLog server does exactly what we need but the output formatting is too RAW.

The default fields look like this:

Date, Time, Priority, Hostname, Message.

I'm not interested in these fields except Message which contains all relevant information.

The problem is the "Message" field is in "Log4Net" format which is basicly a kind of XML.

I"ve tried writing custom scripts but wasn't able to succeed.

I would be glad for some assistance in parsing this output and using these fields.

Here is an example of the "Message" syntax:

<log4net:eventlogger="Logger"timestamp="Timestamp"level="Level"thread="Thread"domain="Domain"username="Username">
<log4net:message>Message</log4net:message>
<log4net:properties>
<log4net:dataname="DataName"value="DataValue"/>
</log4net:properties>
<log4net:locationInfoclass="Class"method="Method"file="File"line="Line"/>
</log4net:event>

In the above format, the boldblack text are the fields the value in these attributes/keys should be.

Thanks in advance,

Idan.

↧

New - Kiwi Filtering

July 31, 2014, 9:11 pm

≫ Next: Log Forwarder not forwarding

≪ Previous: KiwiSyslog Evaluation - Log4Net and XML

New to Kiwi,

Trying to filter a single IP.

Using Hostname "10.10.0.201" (with case sensitive/without substring).

Messages are already being recorded and displayed in a CatchAll Rule filter but aren't being picked up by a separate rule with a single filter displaying to a different display screen.

Any suggestions are appreciated.

↧

Log Forwarder not forwarding

March 29, 2010, 10:43 am

≫ Next: Unable to login to KiwiSyslog Webaccess

≪ Previous: New - Kiwi Filtering

I am trying kiwi, and I have the log forwarder installed. I setup my subscription, the results show in the preview panel, setup the server but the events never show up in the syslog server. I am not sure where to look. The test never puts an event in the log on the server either...any ideas as to where to look.

↧

Unable to login to KiwiSyslog Webaccess

December 7, 2010, 12:32 am

≫ Next: Problem with filtering in Kiwi Syslog

≪ Previous: Log Forwarder not forwarding

Hi all !

past weekend we were unable to login to to Kiwi Syslog webaccess as a result of the follow error message:

" Session initialization error
An error occurred while initializing this session.
The session has been abandoned.

Event database initialization failure.
The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ] "

I have taken a look at the errorlog of Kiwi and noticed that there are three messages regarding this error:

2010-11-15 11:51:35 SolarWinds.KiwiSyslog.WebAccess.Data error: General exception. System.Runtime.InteropServices.SEHException: External component has thrown an exception. at System.Data.SqlServerCe.NativeMethods.ExecuteQueryPlan(IntPtr pTx, IntPtr pQpServices, IntPtr pQpCommand, IntPtr pQpPlan, IntPtr prgBinding, Int32 cDbBinding, IntPtr pData, Int32& recordsAffected, ResultSetOptions& cursorCapabilities, IntPtr& pSeCursor, Int32& fIsBaseTableCursor, IntPtr pError) at System.Data.SqlServerCe.SqlCeCommand.ExecuteCommandText(IntPtr& pCursor, Boolean& isBaseTableCursor) at System.Data.SqlServerCe.SqlCeCommand.ExecuteCommand(CommandBehavior behavior, String method, ResultSetOptions options) at System.Data.SqlServerCe.SqlCeCommand.ExecuteNonQuery() at SolarWinds.KiwiSyslog.WebAccess.Data.Logger.KiwiSyslogEventUpdate(Object state)

2010-12-04 20:58:48 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ]

2010-12-04 21:22:04 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ]

I start/stopped the webserver service without any success on saturday.
This morning i tried to access the page again and I got correctly redirected to http://10.x.x.x:8088/gateway.aspx.
At the moment the login is possible but I'm concerned that my database file may be corrupted!

Do you have any suggestions for me?

Thanks in advance!

Dan

↧

Problem with filtering in Kiwi Syslog

December 12, 2011, 1:15 pm

≫ Next: Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)

≪ Previous: Unable to login to KiwiSyslog Webaccess

I am setting up a kiwi syslog server. Running into a problem with the filtering not working the way I would expect. I have used Kiwi but that was several years ago. I have setup a display for a specific switch and have tried several different filter possibilities but still getting syslog messages on the display that dont belong to the switch I am trying to watch.

I have tried a ip address - simple filter with the ip address of the switch "10.1.1.2". On the cisco switch, I have used the command logging source-interface vlan 254 which should send out the syslog messages using the ip address in the simple filter I setup. I have also tried the hostname option with the hostname of the switch "Switch1" but same problem.

It has got to be something simple but so far I havent found the problem. Since this is the free version, I know I cant call Solar Winds support.

Any suggestions are appreciated.

Ron

↧

Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)

February 6, 2013, 5:04 am

≫ Next: Infoblox device recieving error messages from Kiwi Syslog

≪ Previous: Problem with filtering in Kiwi Syslog

PROBLEM - pfSense syslogs for firewall event is split into two lines when it is sent to Kiwi syslog app.

Is there a way to edit configuration or parsing script to parse the pfSense event as one similar to what the Splunk app can do see link http://www.basementpctech.com/content/pfsense-log-analysis-splunk

I understand that this is a PFsense tcpdump/issue, but I have already tried changing link http://redmine.pfsense.org/issues/1938 without any luck, it just don't work, tried all combinations of changes without any luck.

Pfsense version = 2.0.1-RELEASE, (amd64) , built on Mon Dec 12 18:16:13 EST 2011 ,FreeBSD 8.1-RELEASE-p6

I would really appreciate any help with this, as I have already exhasted searching for a working soloution using Kiwi Syslog, and the only thing holding me back from purchasing this application.

Appreciate any help on this..........

Example from Kiwi Syslog

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:50:56:9d:53:fc [|bootp]

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 10.x.x.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:56:9d:53:fc, length 313, xid 0xf7d8ecbb, secs 3328, Flags[bcast]

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 00:00:08.003040 rule 1/0(match): block in on em0: (tos 0x0, ttl 128, id 12646, offset 0, flags [none], proto UDP (17), length 341)

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:xx:56:9d:53:fc [|bootp]

↧

Infoblox device recieving error messages from Kiwi Syslog

January 7, 2011, 3:08 pm

≫ Next: How to Split Log Files by IP Address and Date in Kiwi Syslog Server

≪ Previous: Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)

An Infoblox device is reporting that Kiwi Syslog is receiving "connection failed" errors in its logs from the Kiwi server. According to the engineer asking the question the interface sending the syslog messages is not behind a firewall.

I assume the syslog server does not randomly drop or refuse connections from a device sending it syslog messages.

Any ideas as to what might be causing this?

2011-01-07 13:18:15 CST	syslog	ERROR	syslog-ng[1107]	Connection failed; error='Connection refused (111)', time_reopen='30'
2011-01-07 13:18:14 CST	syslog	INFO	syslog-ng[1107]	Log statistics; dropped='tcp(AF_INET(10.160.12.13:514))=11609', processed='center(queued)=118226', processed='center(received)=102521', processed='destination(d_internal_1)=15705', processed='destination(d_mesg)=102521', processed='source(s_syslogng)=86801', processed='source(s_internal)=15720'

2011-01-07 13:17:45 CST

syslog

ERROR

syslog-ng[1107]

Connection failed; error='Connection refused (111)', time_reopen='30'

↧

How to Split Log Files by IP Address and Date in Kiwi Syslog Server

May 31, 2013, 9:19 am

≫ Next: Trying to filter link up or down trap messages on a switch...

≪ Previous: Infoblox device recieving error messages from Kiwi Syslog

SolarWinds's own Justin Finley just recorded a video tutorial that shows how to split logs into multiple files by IP address and date in Kiwi Syslog Server. Specifically, this syslog server tutorial shows how to store logs in separate folders for each source IP address, and then shows how to keep separate log files for each day within those folders. (e.g., "D:\logs\192.168.000.001\Log2012-07-13.txt")

External link to Jing: autosplit - justinfinley's library

Video Guide:

0:00 Opening Kiwi Syslog's configuration dialog
0:15 Using an "AutoSplit" variable of "IP Address (4 octets)" (%IPAdd4) in the log path to split logs by IP address
0:40 Using an "AutoSplit" variable of "ISO Date" (%DateISO) in the log path to split logs by date

Remember to "LIKE" this if you find it useful - that helps other find it too!

↧

Trying to filter link up or down trap messages on a switch...

September 8, 2014, 11:29 am

≫ Next: KIWI EMail Alerts

≪ Previous: How to Split Log Files by IP Address and Date in Kiwi Syslog Server

I am trying to filter out messages on a filter I have. I have a filter for a specific ip address range but I need to also filter out "link down trap" and "link up trap". I receive these messages anytime a port on the switch is active and inactive. Any thoughts??

Thanks

↧