we've recently built a new syslog server on a 2012 physical box. it has other solarwinds tools.
the syslog service will start, run for a brief amount of time, then crash. both kiwi and solarwinds syslog servers do this. the error for kiwi is something to the effect of 'error 13 type mismatch' which is usually when an insert into a db is done with the wrong type of data (text into an integer field for example).
only certain devices seem to crash the server. these are cisco nexus and 2921's. other devices such as an ASA 5525, a PIX, WAP's etc, do not crash the service. say for example i point router A to a test VM with kiwi on it. the test vm kiwi service will stay up and not crash. i then reconfigure router A to the new physical and it crashes almost immediately.
i've done packet captures and notice something very odd i cannot yet explain. on the test vm the incoming packets have a different format than on the physical server. specifically the date field is formatted different.
can anyone shed light on this? very odd. i'm wondering if it is a nic driver issue. this is on an HP proliant dl360G7 but the windows drivers for the nic's only go up to 2008. how on earth could the packets be arriving differently? i dont think they can, i think something is changing them or formatting them oddly.