Hi all !
past weekend we were unable to login to to Kiwi Syslog webaccess as a result of the follow error message:
" Session initialization error
An error occurred while initializing this session.
The session has been abandoned.
Event database initialization failure.
The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ] "
I have taken a look at the errorlog of Kiwi and noticed that there are three messages regarding this error:
2010-11-15 11:51:35 SolarWinds.KiwiSyslog.WebAccess.Data error: General exception. System.Runtime.InteropServices.SEHException: External component has thrown an exception. at System.Data.SqlServerCe.NativeMethods.ExecuteQueryPlan(IntPtr pTx, IntPtr pQpServices, IntPtr pQpCommand, IntPtr pQpPlan, IntPtr prgBinding, Int32 cDbBinding, IntPtr pData, Int32& recordsAffected, ResultSetOptions& cursorCapabilities, IntPtr& pSeCursor, Int32& fIsBaseTableCursor, IntPtr pError) at System.Data.SqlServerCe.SqlCeCommand.ExecuteCommandText(IntPtr& pCursor, Boolean& isBaseTableCursor) at System.Data.SqlServerCe.SqlCeCommand.ExecuteCommand(CommandBehavior behavior, String method, ResultSetOptions options) at System.Data.SqlServerCe.SqlCeCommand.ExecuteNonQuery() at SolarWinds.KiwiSyslog.WebAccess.Data.Logger.KiwiSyslogEventUpdate(Object state)
2010-12-04 20:58:48 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ]
2010-12-04 21:22:04 SolarWinds.KiwiSyslog.WebAccess.Data error: Unable to start component, SQL exception. System.Data.SqlServerCe.SqlCeError: The database file may be corrupted. Run the repair utility to check the database file. [ Database name = C:\Programme\SolarWinds\Kiwi Syslog Web Access\html\App_Data\Event.sdf ]
I start/stopped the webserver service without any success on saturday.
This morning i tried to access the page again and I got correctly redirected to http://10.x.x.x:8088/gateway.aspx.
At the moment the login is possible but I'm concerned that my database file may be corrupted!
Do you have any suggestions for me?
Thanks in advance!
Dan
↧
Unable to login to KiwiSyslog Webaccess
↧
Monitor Cisco Firewall and Router "Bad Password" Attempt Failures
I am setting up Cisco Routers and assorted firewall with Kiwi to listen and alert on Bad Passwords with little success. I have also allowed SNMP. Has anyone have success with doing this and have any examples of the Cisco devices. We are using an assorted number of Cisco Routers, Switches, ASA firewalls, and VPN 3000 series gear.
logging trap errors
logging source-interface Ethernet0/0
logging 172.16.7.57
snmp-server community readmib RO
snmp-server enable traps snmp
snmp-server enable traps syslog
snmp-server host 172.16.7.57 traps writemib
!
↧
↧
Kiwi Syslog Server Setup Window is Blank
The program was originally setup before I started working here. Recently I was asked to have some data emailed to the IT here, well I opened up the interface, and the Kiwi Syslog Server Setup window is blank, except for the menu items at the top and the buttons at the bottom right.
After some searching around on google, I figured out that the interface was missing a lot of stuff.
Besides the setup interface being blank, the server functions and is performing email tasks that were previously setup.
Any suggestions on resolving this issue?
Kiwi Syslog Server V9.2 licensed, maintenance has expired
Windows 7 Pro 64 Bit
↧
Trying to filter link up or down trap messages on a switch...
I am trying to filter out messages on a filter I have. I have a filter for a specific ip address range but I need to also filter out "link down trap" and "link up trap". I receive these messages anytime a port on the switch is active and inactive. Any thoughts??
Thanks
↧
Sending events from Cisco 3750 switch
Hello,
I am trying to send events from a Cisco 3750 switch to our Kiwi syslog server but am unsure of the config for the switch.
Should the following work:
Switch (config) # logging on
Switch (config) # logging Syslog Server IP
Switch (config) # logging trap error
This command will send (Error 3) events (0-3) to the Kiwi server via UDP514. Is this the supported method of transfer?
Should this work or is there a "Supported" switch configuration that I should be using.
Thank you,
Chris
↧
↧
Kiwi syslog - 2011-03-18 10:54:01Licensed action was found in settings and disabled.
Kiwi syslog stopped collecting information. The view error log button is red and blinking. When i click to view the log
is see the below message repeating itself:
2011-03-18 10:54:01 Licensed action was found in settings and disabled.
2011-03-18 10:54:01 Licensed action was found in settings and disabled.
2011-03-18 13:37:56 Licensed action was found in settings and disabled.
2011-03-18 13:37:57 Licensed action was found in settings and disabled.
2011-03-18 13:37:57 Licensed action was found in settings and disabled.
↧
Kiwi Syslogd: reg-exp for highlighting rules
Hello Team,
I am running Kiwi Syslog Server 9.4.1, Commercial Single Install on Windows 2003, SE SP2.
I am trying to work with the Web Access and Event Highlighting Rules. I started with the "default"
Rules, one for each syslog level, and this works fine.
Now I try to look for certain messages marking them visible and looking for strings in the message text.
Example: %LINK-3-UPDOWN: Interface ... changed to up
The .. describes some other text in between those 2 strings.
I am looking for a regular expression describing those two strings with an "AND" condition, but this does not work.
I also moved this new rule to the top to make sure that this matches before the log-level default rule for level 5 matches.
Can anybody help how to write an reg-exp for this ?
Many thanks
Alfred
↧
Kiwi Syslog + PFsense (parsing firewall log from 2 lines to 1 help)
PROBLEM - pfSense syslogs for firewall event is split into two lines when it is sent to Kiwi syslog app.
Is there a way to edit configuration or parsing script to parse the pfSense event as one similar to what the Splunk app can do see link http://www.basementpctech.com/content/pfsense-log-analysis-splunk
I understand that this is a PFsense tcpdump/issue, but I have already tried changing link http://redmine.pfsense.org/issues/1938 without any luck, it just don't work, tried all combinations of changes without any luck.
Pfsense version = 2.0.1-RELEASE, (amd64) , built on Mon Dec 12 18:16:13 EST 2011 ,FreeBSD 8.1-RELEASE-p6
I would really appreciate any help with this, as I have already exhasted searching for a working soloution using Kiwi Syslog, and the only thing holding me back from purchasing this application.
Appreciate any help on this..........
Example from Kiwi Syslog
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:50:56:9d:53:fc [|bootp]
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 10.x.x.xx.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:xx:56:9d:53:fc, length 313, xid 0xf7d8ecbb, secs 3328, Flags[bcast]
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: 00:00:08.003040 rule 1/0(match): block in on em0: (tos 0x0, ttl 128, id 12646, offset 0, flags [none], proto UDP (17), length 341)
02-06-2013 13:01:35 Local0.Info 10.x.x.x Feb 6 13:01:37 pf: <009> Client-Ethernet-Address 00:xx:56:9d:53:fc [|bootp]
↧
log forwarder and dhcp auditing?
I am needing to forward all of our DHCP audits to the syslog, however I cannot figure out how to do that with the Log Forwarder. Which source do I use in the Event Viewer? The audit is logged to a file. Is there any way to forward changes to files?
↧
↧
Kiwi Syslog not displaying Cisco ASA 5505 syslogs
I have a Cisco ASA 5505 that is setup to send syslogs to a remote syslog server.
I have kiwi syslog (free) installed on a Windows 2003 R2 Server and it is listening on UDP port 514. The syslog server also is my Ciscoworks v3.2 server.
I can ONLY see the Ciscoworks log files and not the ASA. I only want to display the ASA log files.
I have googled, read the user guide, and search the forum and cannot find any procedure that I can tweak Kiwi to log the syslog files from my ASA which is being used as a VPN concentrator.
Any ideas?
↧
Email Queue Basis
In looking at the email log file, I see messages like "2009-07-23 11:34:17 PI Message sent successfully", but I only see this occasionally instead of after each message. Is there a way to have Kiwi send all messages as they come instead of queuing them up (which is what I'm assuming it's doing)? What is the basis for queuing today (i.e. # of messages, time, etc.)? We're trying to get email alerts out ASAP but are seeing delays for some reason on the order of 90 seconds or more.
Thanks,
Joe
↧
Log Forwarder for Windows (available to all Kiwi customers on maint)
What it does:
Log Forwarder for Windows allows you to forward Windows events as Syslog to your Kiwi Syslog Server
- Works on Windows XP, 2003, Vista, and 2008 (32-bit or 64-bit)
- Provides .MSI version for silent installs, allowing use with remote software distribution systems (e.g., Microsoft SMS)
- Enables definition of filters that describe which events are forwarded
How to get it:
If you download the Kiwi Syslog Server 9.0 from your customer portal, you will see there is an additional Log Forwarder executable included with your download. The Log Forwarder for Windows was developed by the Kiwi Syslog team. It is available at no cost to Kiwi Syslog customers current on maintenance.
Try it out and let us know what you think!
↧
Syslog Message Logging to MYSQL DB
I am new to kiwi syslog server. Configured kiwi syslog server with default fields to log messages to MYSQL DB and working fine.
But I wish to parse the message and log to MYSQL DB using custom fields. I dont have any knowledge about scripting.
Sample log is shown below. Each field is separated by a single space character. The message content is highlighted in red.
2012-09-01 10:37:14 Local6.Warning HQ-IPS-01 DefensePro: 01-04-2012 19:49:25 WARNING 300000 Intrusions "BO-WINXP" TCP ACCTS-C-PC1 1607 ACCTS-C-PC2 80 3 Regular "DMZ-Policy" occur 1 0 N/A 0 N/A low drop FFFFFFFF-FFFF-FFFF-0001-00004F7B1BE5
Only the following things needs to be extracted and logged to DB.
MsgDate: 2012-09-01
MsgTime: 10:37:14
MsgHostname: HQ-IPS-01
AttackId: 300000
AttackType: Intrusions
AttackDesc: BO-WINXP
AttackSrc: ACCTS-C-PC1
AttackDst: ACCTS-C-PC2
The number of such logs that needs parsing by the script will be more.
Request provide me guidance in configuring this.
Any help on this would be greatly appreciated!
Thanks all...
↧
↧
Need Help Troubleshooting - Not Receiving/Displaying Messages
Server 2008 R2 Std
Kiwi Syslog Server 9.4.1
I have an older version of Kiwi installed on an old server that is being retired. I've installed it on the new server, but I cannot get it to display anything. I exported settings from the other server and imported on this one, then went to Inputs-UDP and set the correct IP to bind it to.
- I've gone through ALL the steps at SolarWinds Knowledge Base :: Kiwi Syslog Daemon is not receiving messages and Kiwi Syslog Server but had no luck getting it to work.
- I know for a fact that messages are being received -- when I run WireShark with the filter, "udp port 514", I see PLENTY of traffic from my firewall. Both my firewall and VPN device are sending syslog messages to the old server and the new one. The old server is still working just fine.
- Windows Firewall on the new server is completely disabled.
- I loaded the default rules and settings but still had no luck.
- I disabled all DNS resolution - no luck.
- There is no Errorlog.txt in C:\Program Files (x86)\Syslogd.
- Test messages from within Kiwi work just fine.
- I finally uninstalled Kiwi, rebooted the server, then reinstalled, and have the same problem.
Kiwi is running as LocalService -- I wondered if that might be the problem, but that's how it's running on the old server as well.
I'm at a loss as to what to do now. I tried contacting support, but since I'm using the free version I was directed here.
↧
Kiwi syslog 9.4 on windows server 2012 64bit Service crash - Possible bug!
Hello , kiwi friends!
I am trying to get Kiwi syslog 9.4 to work on windows server 2012 64bit but having problems with the service crashing then i try to start the kiwi syslog server console.
I have applied the kb fix for Microsoft .Net Framework 2 , before that i couldnt install kiwi syslog successfully becuse the service could not start.
http://knowledgebase.solarwinds.com/kb/questions/4386/
I have the following errors in the windows event viewer!
Error 7000: The Kiwi Syslog Server service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion
Error 7009 : A timeout was reached (30000 milliseconds) while waiting for the Kiwi Syslog Server service to connect.
Do you have a solution for this or could it be a new bug in windows server 2012 and the old dot net framework combined ?
Thanks in advance.
↧
Kiwi Syslog Viewe Message Pattern Syntax
Hello Thwackers!!!
Quick question... I want to filter using excludes in the Syslog Viewer. To be clear, I don't want to eliminate the messages from Syslog - I just want to filter inside the viewer for them.
For example, I can include only messages with this IP by putting %192.1.3.4% in the "Message Pattern" box.
I can EXCLUDE messages with this IP by putting !%192.1.3.4% in the "Message Pattern" box.
What I want to do is exclude an IP AND exclude a partial user name. So in english: I want only messages that do NOT include the IP address of 192.1.3.4 and also do NOT include any user with 'anon' in the name.
Can this be done?
I have tried to no avail:
!%192.1.3.4%.!%anon*%
!%192.1.3.4%.!%anon?%
!%192.1.3.4% & !%anon*%
!%192.1.3.4% && !%anon*%
..and other combinations of the above...
Thanks in advance!!!
↧
Kiwi Syslog Forwarder windows 2008R2 Invalid Subscription
I am setting up the Kiwi Log Forwarder for windows 2008R2 If i select all the logs ( the logical thing to do in my opinion) I get an "Invalid Subscription error" 
What is the fix for this as 23 event logs does not cover the list of secondary logs in windows 2008R2
Thank you
↧
↧
Kiwi Syslog WebAccess Installation Error (error code is 2869)
*Kiwi Syslog Server V.9.1.0
*Windows 2008 SP1 and SP2 64bit
Our client encountered a Kiwi Syslog WebAccess installation error.
The error message is as follows:
=============================================
The installer has encountered an unexpected error
installing this package. This may indicate a problem
with this package.The error code is 2869.
=============================================
*Kiwi Syslog Server service runs correctly.
*The client stopped Anti-Virus service before the installation.
Are there some information to resolve the problem?
↧
Kiwi Syslog Server Log Location won't change.
Hey all,
I have recently taken over a sys admin position, and am required to move the location of the Kiwi Syslog Server logs to another file location. I have never used it prior. However, I can't seem to move the file.
Kiwi Syslog Server 9.2.1 (Free version.)
Windows Server 2003 SP2 (WORKGROUP)(VM)
Current configuration:
Log to Log File
Path and file name: C:\Program Files\Syslogd\Logs\SyslogCatchAll.txt
If I test the configuration, I can see the test messages in the location noted about. However, after I apply the settings, the older location (a CIFS share) continues to receive the actual syslogs of the devices we monitor.
There are three local users, all of which show the same configuration.
I have tried deleting and recreating the Log to Log File rule. No change.
I have tried starting and stopping the service. No change.
I have tried exporting the system settings, and then reimporting them. No change.
I have tried searching the registery for the old location. Nothing found.
I have two theories.
1. The settings are locked for some reason.
2. The settings are stored somewhere else.
Any help would be great.
Thanks,
Aaron
Solarwinds Padawan
↧
How to Migrate Kiwi Syslog server and viewer to Another system
Current system on which Kiwi Syslog Server and viewer are installed is not working properly and we need to migrate to another system,
And SolarWinds License Manager does not reset Kiwi, ipMonitor, or LANsurveyor product licenses.
Kindly Solve the issue.
Thanks
Imran
↧