We are running Kiwi Syslog Server v. 9.3.0.
We are sending syslogs from about 45 Cisco devices to this server. We have a filter setup to identify any Emerg, Alert, Crit, Error, Warn, or Notice logs. We then setup an action for it to email the network administrators anytime any of these are received by Kiwi.
The problem we are having is as follows:
- Cisco device generates a log record and sends it to Kiwi.
- The time stamp on the log shows 09:29:19 EDT. If you have the Syslog Service Manager up, you will see it arrive real time.
- We receive an email notification from Kiwi at 16:16 EDT.
We've logged into the cisco device in question and have done a "show clock" and confirmed that date and time are accurate.
We've confirmed the time is accurate on the server we have Kiwi installed on (Windows Server 2003 Stanadard x64 Edition w/ SP2, 2.04GB ram).
Looking in the bottom right corner of Kiwi Syslog Service Manager, we can see the time and date are accurate.
In addition, all Cisco devices and Windows servers point to our NTP server to ensure clocks stay sync'd.
Why are we having such a huge delay from the time Kiwi receives a log record to the time it sends us an email notification?