This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Problem with filtering in Kiwi Syslog

RonaldNutter over 12 years ago

I am setting up a kiwi syslog server. Running into a problem with the filtering not working the way I would expect. I have used Kiwi but that was several years ago. I have setup a display for a specific switch and have tried several different filter possibilities but still getting syslog messages on the display that dont belong to the switch I am trying to watch.

I have tried a ip address - simple filter with the ip address of the switch "10.1.1.2". On the cisco switch, I have used the command logging source-interface vlan 254 which should send out the syslog messages using the ip address in the simple filter I setup. I have also tried the hostname option with the hostname of the switch "Switch1" but same problem.

It has got to be something simple but so far I havent found the problem. Since this is the free version, I know I cant call Solar Winds support.

Any suggestions are appreciated.

Ron

0 jgervin over 12 years ago

Ronald, I will see if I can help. How are you verifying that the syslog messages on display don't belong? Can you post a screen shot of what you are seeing?
Cancel
Vote Up 0 Vote Down

Cancel
0 Fodome over 12 years ago

RonaldNutter,
Make sure of two things:
1. You don't have another Rule with a Display action writing to the same Display.
2. Your IP address - Simple Filter does not have the "S" (for Substring) enabled. Otherwise, the filter will also match "110.1.1.2", "210.1.1.2", "10.1.1.25", "10.1.1.223", etc. because they all contain "10.1.1.2"
Hopefully this helps.
Sincerely,
Chris Foley | Support Representative
SolarWinds | IT Management, Inspired By You
Support:866.530.8040 || Fax:512.857.0125
Cancel
Vote Up 0 Vote Down

Cancel
0 JustinPishief over 12 years ago

Hi Ronald,
Along with the Message Text filter, the IP address and hostname filters are only available in the licensed version. They will not work in the free version. I your case you'll need to configure your Cisco switch to send syslog messages using a specific facility, e.g. Local0.
You should then be able to create a priority based filter within Kiwi Syslog to filter these Local0 messages and have them sent to your chosen display. Information on priority filters can be found in the Kiwi Syslog Help file at the following link, www.kiwisyslog.com/.../filters_priority.htm
Hope this helps
Regards
Justin
Cancel
Vote Up 0 Vote Down

Cancel
0 RonaldNutter over 12 years ago in reply to JustinPishief

Thanks for all the replies. I would have like to have know what didnt work in the free version before getting started. I wasted several hours trying to evaluate something that was disabled. Some features told you that they wouldnt work. These didnt. I have looked for information on the page that I downloaded the syslog server from at SW and nothing was listed.
I clicked on the link in the Kiwi to compare free and licensed versions and all that did was take me to a general products page which still didnt give me the information I was looking for.
If a feature is disabled, I would suggest that some warning or popup be shown so that you dont spend hours of troubleshooting like I did trying to figure out why a feature wasnt working. Either that or provide a list with the "free" product that lists what features are disabled.
At this point, I am uninstalling Kiwi Syslog since I am not able to test it to see how it will help with my network.
Cancel
Vote Up 0 Vote Down

Cancel
0 jgervin over 12 years ago in reply to RonaldNutter

Ronald, I will send you an email. Did you try the licensed version trial?
Cancel
Vote Up 0 Vote Down

Cancel