Quantcast
Channel: THWACK: Popular Discussions - Kiwi Syslog
Viewing all 15803 articles
Browse latest View live

KIWI EMail Alerts

January 16, 2014, 6:13 am
$
0
0

Hello,

 

I have been working with Kiwi and trying to setup custom email alerts for a number of devices and have ran into an issue and wondering if anyone has any insight for me.

 

For Example if I setup the following email alerting Rule Set:

 

Critical Devices

     + Filters

          + IP Range = 192.168.0.1 - 192.168.0.55

          + Priority = All Facilities (Emerg + Alert)
          + Flags/Counters = Time Interval (60 Minutes)

     + Actions

          + E-Mail Message (MyEmail@email.com)

 

 

So with the above example I am just looking to get alerts for my critical devices, in this example they are all in the sub-net above, and the time interval is set to ensure that I am not getting bombarded with a ton of alerts in a short period of time.

 

The issue:

If I have two different devices that are triggering critical events at the same point in time, I will only get alerts from one of those devices based on the rule set above.

 

The Question:

Is there a way to configure ONE rule set to alert on a series of devices, and the flags and counters will only come into effect if its the SAME device sending the critical message within the time frame specified? Without creating a separate rule set for each critical device?

 

My Thoughts:

My Assumption is no this is not possible without creating different rule sets. If this is the case, I was thinking maybe the only way to accomplish what I want is VIA a script, my only issue would be is that if I create a script, I am unsure what command I would use to get Kiwi to stop processing the actions.

 

Ex. If critical alert comes in

          check if alert has been processed in last 60 minutes

               if yes

                    Exit

               else

                    Send alert

              end if

     end if

 

Obviously that is very basic, but perhaps it can get the idea across. My issue is that I have no idea what I can do VIA script to tell Kiwi to stop processing actions after my script if my script determines the alerts have been sent in the last 60 minutes.

 

 

Sorry if this is confusing, please let me know if I should clarify anything.

 

Jamie

Search

Syslog and Log Forwarder

February 26, 2014, 12:24 pm
$
0
0

Greetings all,

 

Just posted this in the wrong forum, I believe, trying here.

 

We're evaluating Kiwi Syslog Server and the Log Forwarder but can't seem to get LF to work under win 2003 sp2, works flawlessly under 2008 R2.

 

Any ideas? I've checked the firewall(s), re-installed, etc. Test messages get generated and recorded in event manager but never get to the syslog server.

 

Thanks in advance.

Kiwi script works with Test button but not with live data

March 27, 2014, 2:26 pm
$
0
0

Hi all,

I have been trying to create a script that will capture duplicate log events and periodically spit to the display a modified entry preceded by an accurence. count.  I have included an output to display command within the script for debugging purposes The script is working as designed with the test data, but when live data come in, it appears to completely skip my script and go straight to the display action; the internal display in the script appears to not execute.

 

Attached is the script, very heavily modified from the script in the VPN SYSTEM item under content, altough I suspect it is not the script at fault.

 

On other caveat - the information in the live stream is Windows event log data from a SolarWinds log forwarder.

 

I would be grateful for any input.

 

 

Thank you,

Brian

Web Access stuck in timeout loop

June 18, 2014, 1:04 pm
$
0
0

Web Access timed out today, and when I hit the link to take me back to login, it stays there.  Restarting Kiwi did noting.

Syslog Message Logging to MYSQL DB

September 14, 2012, 3:03 pm
$
0
0

I am new to kiwi syslog server. Configured kiwi syslog server with default fields to log messages to MYSQL DB and working fine.

But I wish to parse the message and log to MYSQL DB using custom fields. I dont have any knowledge about scripting.

 

Sample log is shown below. Each field is separated by a single space character. The message content is highlighted in red.

 

2012-09-01 10:37:14 Local6.Warning HQ-IPS-01 DefensePro: 01-04-2012 19:49:25 WARNING 300000 Intrusions "BO-WINXP" TCP ACCTS-C-PC1 1607 ACCTS-C-PC2 80 3 Regular "DMZ-Policy" occur 1 0 N/A 0 N/A low drop FFFFFFFF-FFFF-FFFF-0001-00004F7B1BE5

 

Only the following things needs to be extracted and logged to DB.

 

MsgDate:  2012-09-01

MsgTime:  10:37:14

MsgHostname: HQ-IPS-01

AttackId:   300000

AttackType: Intrusions

AttackDesc: BO-WINXP

AttackSrc: ACCTS-C-PC1

AttackDst: ACCTS-C-PC2


The number of such logs that needs parsing by the script will be more.

Request provide me guidance in configuring this.

 

Any help on this would be greatly appreciated!

 

Thanks all...

Log Forwarder for Windows (available to all Kiwi customers on maint)

October 19, 2009, 10:39 am
$
0
0

What it does:

Log Forwarder for Windows allows you to forward Windows events as Syslog to your Kiwi Syslog Server

  • Works on Windows XP, 2003, Vista, and 2008 (32-bit or 64-bit)
  • Provides .MSI version for silent installs, allowing use with remote software distribution systems (e.g., Microsoft SMS)
  • Enables definition of filters that describe which events are forwarded

How to get it:

If you download the Kiwi Syslog Server 9.0 from your customer portal, you will see there is an additional Log Forwarder executable included with your download.   The Log Forwarder for Windows was developed by the Kiwi Syslog team.  It is available at no cost to Kiwi Syslog customers current on maintenance.

Try it out and let us know what you think!

Kiwi syslog 9.4 on windows server 2012 64bit Service crash - Possible bug!

October 2, 2013, 4:10 am
$
0
0

Hello , kiwi friends!

 

I am trying to get Kiwi syslog 9.4 to work on windows server 2012 64bit but having problems with the service crashing then i try to start the kiwi syslog server console.

I have applied the kb fix for Microsoft .Net Framework 2 , before that i couldnt install kiwi syslog successfully becuse the service could not start.

http://knowledgebase.solarwinds.com/kb/questions/4386/

 

 

I have the following errors in the windows event viewer!

Error 7000: The Kiwi Syslog Server service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion

Error 7009 : A timeout was reached (30000 milliseconds) while waiting for the Kiwi Syslog Server service to connect.

 

Do you have a solution for this or could it be a new bug in windows server 2012 and the old dot net framework combined ?

 

Thanks in advance.

How to forward glassfish log to Kiwi syslog server

January 30, 2014, 7:28 am
$
0
0

Hi Guys,

 

I am new at this and I need some assistance on how to configure glassfish 3.1.2 to forward its log to my Kiwi syslog server in windows.  Does anyone have any experience on this?

Search

syslog server messages are intermittently truncating the IP address of messages received from some Hirschmann switches

May 8, 2012, 1:31 am
$
0
0

The syslog server messages are intermittently truncating the IP address of messages received from some Hirschmann switches on the network e.g. message from 10.11.190.14 sometimes appear as 10.11.190.1 but sometimes as 10.11.190.14. The display field width is wide enough to show the whole address. We are using Toolkit V10.6 with hotfix 4 (10.6.0.84). Is this a known bug with syslog server supplied with Engineers toolkit?

Kiwi Syslog not capturing syslogs

May 14, 2013, 1:40 pm
$
0
0

Installed Kiwi Syslog Free version 9.3.4 on Windows Server 2008 R2.  Trying to capture syslog from a Cisco ASA 5510.  I have confirmed that the syslog events are hitting the server with Wireshark.  Nothing is coming through to Kiwi Syslog.  Current settings are all default.  No filters in place.  Not sure what is wrong as I can see the syslog messages coming through Wireshark. Any ideas as to why the syslog messages are not being seen by Kiwi?

Sending events from Cisco 3750 switch

January 19, 2011, 8:13 am
$
0
0

Hello,

I am trying to send events from a Cisco 3750 switch to our Kiwi syslog server but am unsure of the config for the switch.

Should the following work:

Switch (config) # logging on
Switch (config) # logging Syslog Server IP
Switch (config) # logging trap error

This command will send (Error 3) events (0-3) to the Kiwi server via UDP514. Is this the supported method of transfer?

Should this work or is there a "Supported" switch configuration that I should be using.

Thank you,

Chris

Kiwi Syslog Server - Status Code 500

November 1, 2011, 6:01 am
$
0
0

Hi community. I ve searched about my problem but only found topics related about Orin software. I am getting an exception in Kiwi Syslog Web Access. Status Code 500. Any one have experienced this issue ? Thanks a lot.

Exception of type  'System.Web.HttpUnhandledException' was thrown.

Status Code: 500

System.Web.HttpUnhandledException:  Exception of type 'System.Web.HttpUnhandledException' was thrown. --->  System.ArgumentOutOfRangeException: 'capacity' must be  non-negative.
Parameter name: capacity
at  System.Collections.ArrayList..ctor(Int32 capacity)
at  RadGridUserSettings.GetSerializedSettings()
at _Event.Render(HtmlTextWriter  writer)
at System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer,  Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter  writer, ICollection children)
at  System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at  System.Web.UI.Page.Render(HtmlTextWriter writer)
at  _Event.Render(HtmlTextWriter writer)
at  System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  Telerik.Web.UI.RadAjaxControl.RenderPageInAjaxMode(HtmlTextWriter writer,  Control page)
at System.Web.UI.Control.RenderChildrenInternal(HtmlTextWriter  writer, ICollection children)
at  System.Web.UI.Control.RenderChildren(HtmlTextWriter writer)
at  System.Web.UI.Page.Render(HtmlTextWriter writer)
at  _Event.Render(HtmlTextWriter writer)
at  System.Web.UI.Control.RenderControlInternal(HtmlTextWriter writer,  ControlAdapter adapter)
at System.Web.UI.Control.RenderControl(HtmlTextWriter  writer, ControlAdapter adapter)
at  System.Web.UI.Control.RenderControl(HtmlTextWriter writer)
at  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,  Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace  ---
at System.Web.UI.Page.HandleError(Exception e)
at  System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint,  Boolean includeStagesAfterAsyncPoint)
at  System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean  includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at  System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at  System.Web.UI.Page.ProcessRequest(HttpContext context)
at  ASP.events_aspx.ProcessRequest(HttpContext context)
at  System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at  System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&  completedSynchronously)

Resource: http://localhost:8088/Events.aspx
Referrer: http://localhost:8088/Gateway.aspx

Click here to return to the previous  page    Click here to return to the login  page

Can SolarWinds Log forwarder be use to parse and forward Radius logs

September 10, 2014, 9:08 am
$
0
0

Hi,

 

I have a Windows NPS server, and I need to be able to forward the logs to a syslog server. Would Solarwinds log forwarder be able to do this?

 

Thank you

Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)

February 6, 2013, 5:04 am
$
0
0

PROBLEM - pfSense syslogs for firewall event is split into two lines when it is sent to Kiwi syslog app.

 

Is there a way to edit configuration or parsing script to parse the pfSense event as one similar to what the Splunk app can do see link http://www.basementpctech.com/content/pfsense-log-analysis-splunk

 

I understand that this is a PFsense tcpdump/issue, but I have already tried changing link http://redmine.pfsense.org/issues/1938 without any luck, it just don't work, tried all combinations of changes without any luck.

 

Pfsense version = 2.0.1-RELEASE, (amd64) , built on Mon Dec 12 18:16:13 EST 2011 ,FreeBSD 8.1-RELEASE-p6

 

I would really appreciate any help with this, as I have already exhasted searching for a working soloution using Kiwi Syslog, and the only thing holding me back from purchasing this application.

 

Appreciate any help on this..........

 

 

Example from Kiwi Syslog

 

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb  6 13:01:37 pf: <009>  Client-Ethernet-Address 00:50:56:9d:53:fc [|bootp]

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb  6 13:01:37 pf:     10.x.x.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:56:9d:53:fc, length 313, xid 0xf7d8ecbb, secs 3328, Flags[bcast]

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb  6 13:01:37 pf: 00:00:08.003040 rule 1/0(match): block in on em0: (tos 0x0, ttl 128, id 12646, offset 0, flags [none], proto UDP (17), length 341)

02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb  6 13:01:37 pf: <009>  Client-Ethernet-Address 00:xx:56:9d:53:fc [|bootp]

Kiwi Syslog Service Getting Stopped automatically.

December 9, 2013, 8:08 am
$
0
0

Kiwi syslog service is getting stop and while restarting it, again after few sec it stop. Restarted the server but no luck. Do any one have idea what will be cuase of issue.

Search

Kiwi Grid Run-Time Error '0'

April 30, 2014, 11:26 am
$
0
0

Installed Kiwi Syslog 9.2.1 on Windows 7 pro SP1 VM ESXI server.  After the installation was complete and rebooted the computer.  This error comes up when i log in.

 

I have searched, but have not found any solutions for this error.

How to Migrate Kiwi Syslog server and viewer to Another system

April 28, 2010, 12:15 am
$
0
0

Current system on which Kiwi Syslog Server and viewer are installed is not working properly and we need to migrate to another system,
And SolarWinds License Manager does not reset Kiwi, ipMonitor, or LANsurveyor product licenses.

Kindly Solve the issue.

 

Thanks

Imran

How to Split Log Files by IP Address and Date in Kiwi Syslog Server

May 31, 2013, 9:19 am
$
0
0

SolarWinds's own Justin Finley just recorded a video tutorial that shows how to split logs into multiple files by IP address and date in Kiwi Syslog Server.  Specifically, this syslog server tutorial shows how to store logs in separate folders for each source IP address, and then shows how to keep separate log files for each day within those folders.  (e.g., "D:\logs\192.168.000.001\Log2012-07-13.txt")

 

 

External link to Jing: autosplit - justinfinley's library

 

Video Guide:

  • 0:00 Opening Kiwi Syslog's configuration dialog
  • 0:15 Using an "AutoSplit" variable of "IP Address (4 octets)" (%IPAdd4) in the log path to split logs by IP address
  • 0:40 Using an "AutoSplit" variable of "ISO Date" (%DateISO) in the log path to split logs by date

 

Remember to "LIKE" this if you find it useful - that helps other find it too!

Kiwi Syslog and Log Forwarder

February 26, 2014, 12:04 pm
$
0
0

Greetings,

 

We're evaluating the above product but can't seem to get the forwarder to work under win 2003 sp2....is it compatible, supported,...??!

 

Many thanks in advance.

Cisco Hostname

August 26, 2014, 11:45 pm
$
0
0

Hi There,

 

I have now Kiwi syslog, in the events I can see only the IP address not hostnames for Cisco devices. Is there any specific SNMP configuration for this ?

 

BR,

Bilal

Viewing all 15803 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>