• State Suggested Answer
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 24 subscribers
  • Views 271 views
  • Users 0 members are here
Options
Related

Solarwinds Event Log Forwarder for Windows over IPv6

ckatisz
2 months ago

Hi

i'd like to ask if anyone have an experience with the Free Solarwinds Event Log Forwarder for Windows over IPv6?
The software is installed on our Windows servers, at the moment we use it with setting "FQDN", and it works via IPv4 without issues.

We are able to select Ipv6 in the Dashboard -> syslog servers -> edit -> server address menu, but when we select Ipv6, it doesn't start any communication towards the syslog server. I have monitored the outgoing connection with wireshark, but when i select ipv6 there is no communication at all towards the Ipv6 syslog server addresses. We could generate some traffic with powershell over udp 514, which was visible in Wireshark, so it is not a firewall issue. It looks like the software stops sending logs.  

Is anyone tested or using this software over Ipv6?

thank you

Attila

  • 0 2 months ago

    Hello Attila, Good Day!!.

    Here you have mentioned that you are using FQDN. have you created the AAAA Record Entry in DNS manager ( on your DNS Server) ?. 

    You can also isolate the issue, by pointing the IPV6 Address instead FQDN, which will gives you a clear picture, whether the request are triggering to Targeted server.

  • 0 2 months ago in reply to bijuk

    Hello Bijuk,

    in DNS we have both the "A" and the "AAAA" record of the Syslog server. But it is not a DNS issue. When i change the setting from FQDN to IPv6 in the log forwarder client, i'm entering the Ipv6 address of the Logserver. In this case No DNS is involved
    I tried both the shortened IPv6 address as well as the full address (with Zeros).

  • 0 2 months ago in reply to ckatisz

    Have you completed the following steps? 

    Choose File >> Setup (KIWI Server Setup Dialog) >> Click Inputs Node >> Enable IPV6 >> Apply/save changes

    Additional Info: 

    SNMP Traps are sent to Port 163

  • 0 2 months ago in reply to bijuk

    The problem is not that the server doesn't receive or doesn't process the data. The problem is that the client doesn't send anything. As i wrote above, i do monitoring with wireshark.
    Let's say i don't have a syslog server at all. I just install the Solarwinds log forwarder client on a Windows server. I just have to have an additional device with a valid IP as target so it answers with a valid MAC and communication can start (no application is installed on the target at all), and the Solarwinds Log forwarder is already sending the data (with Ipv4 setting).  Yes it is sending it to oblivion, but it is sending it. So it works without having any syslog server. As soon as i change to Ipv6 in the client, also having a valid ipv6 IP as a target, The software doesn't do any communication, doesn't send any data.  
    Like this I think it doesn't matter what i configure on the syslog server side. I need to make the client work.

    I would focus on my original question: Does anyone have an experience with the Free Solarwinds Event Log Forwarder for Windows over IPv6. Could anyone make it work? :) 

  • 0 2 months ago in reply to ckatisz

    Is it Possible to find any reason from the logs file? 

    LogForwarderLog.txt

    LogForwarderService.log

    Default path:-

    C:\Program Files (x86)\SolarWinds\SolarWinds Event Log Forwarder for Windows

    Thanks 

  • 0 2 months ago in reply to bijuk

    Thanks for the suggestion
    I also found these logfiles, unfortunately they are not very helpful Disappointed

    Logforwarder.log contains only one message multiple times:

    System Default Language Id: 1033

    LogForwarderService contains the following two messages multiple times

    SolarWinds Event Log Forwarder for Windows; Service Started.
    Configuration File Reloaded at 1/12/2023 6:25:31 AM

    This is all the info in the logfiles. There is one more logfile

    C:\ProgramData\SolarWinds\LogForwarderClient\LogForwarderClient.log 
    "DEBUG MainWindow Close App", "DEBUG MainWindow Application started"  -> with these messages only

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK© online community. More than 190,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab Link Accounts
About THWACK Blogs Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2021 SolarWinds Worldwide, LLC. All Rights Reserved.