Aforsythe

<Soapbox> In general, I don't believe it's a security threat, but in specific situations it definitely is. My biggest issues are undocumented back-doors and default support passwords. Sure it makes it easier for the vendor's techs to support your software or hardware if they don't have to lookup or ask you what password…

Good catch Superfly, I wonder if that was coincidence or not…

Well, it's supposed to go to: http://knowledgebase.solarwinds.com/kb/questions/4370/FSM+Device+Support+Details but the page no longer exists. It was under the category: Knowledge base > Firewall Security Manager > Product Installation, Upgrade, Migration And here is where it was moved to...…

That's all changed now that you're at SolarWinds though right Jonathan?

Could you elaborate on how you would want the filter to work? This can probably be scripted already.

Hrm... Anyone else realize that the acronym is an anagram for SCAM'N... I don't trust you.

I agree that including multiple range filters does make sense, but I wanted to point out that you can get the same functionality by changing the filter type from "IP Range" or "IP Mask" and instead using Simple, Complex or Regex as the filter type. You may need to use Regex filtering to get really complex with this though.…

Kiwi can be setup in the following sections to send emails to specific addresses: * Under Email in setup you can configure and setup the email address to receive alarms and syslog statistics. Alarms are setup in the alarms section for things like min/max message counts, low diskspace etc. * Under Schedules any schedule…

Rubin, I apologize for the lack of a response, I was out of town on vacation last week. I've looked at the script you posted and you're missing the nag interval setting. Do a compare from your script to mine and you'll see that I am logging 2 date/time stamps in the initial message and both are being checked in the…

Ok, I just wanted to make sure you got the updated one that doesn’t replace valid numbers. I wasn’t so sure after the loss of our messages during the maintenance period yesterday.

That's the one. Any of the monitoring options will work for you, but the one you use should depend on how short you want the threshold to be. The first script is used in a rule that allows all messages from all devices you want to monitor. It logs a time stamp, threshold, and nag timeout for each device every time it…

We seem to have lost all of our posts on this during the maintenance window... Anyway here is the new script to replace any character after rcvd= except for 0-9. Function Main() 'Declaring and clearing Variables <48 57 > DIM StrMsg DIM StrOld DIM StrNew DIM IntChar StrOld = "" StrNew = "" StrMsg = "" IntChar = 0 ' --…

smccormick, Did the script work for you with the change?

, Not a bother at all. My access was limited a little, and I was still able to reply via E-mail to portions of the site I am following, but I was not able to browse to the site. Not uploading anyway so it didn't really matter. I'm not sure how much this script will benefit other users, but it would be helpful if you could…

Rubin, That threshold is only hourly, but one of the nice things about KSS is that it has a built in script engine. So you can use that, or even just use rules and filters if you don't have too many DevIces. I can help you with a script to set a per/device threshold if that's what you need. But I already have a script to…

The ASA might be different, especially if it's running on a different version of IOS. On the other hand, it might actually be easier to configure if you use ASDM instead of the CLI. You could also do this: log a show-run (easy if you're using something like Putty). Save it, and then use the ASDM to configure your ASA for…

No problem, it won’t take much time at all. I just don’t have access to Thwack right now to upload it. I’ll upload the script when I can and link it here. Will you need any help setting up the rule to run the script?

I was right, it was something really simple and I face-palmed when I figured it out. the [1-16] is not working because it's supposed to be testing for a single character. So you can change it in either of the following ways since your 0-9 are single digit numbers (no preceeding 0).. Option 1: "port D1?[0-9]-High collision"…

Yep, I'd say that's the theory at this point. If you uncheck the run-script action in your rule and apply those changes, I would expect the SNMP trap messages to begin showing up in the default display. Everything showing up in web access passes through the Kiwi service first and goes through that list of rules. Since you…

Have you considered installing the trial on a test machine and then sending testlogs to it to test features you may want? If I’m not mistaken, once you upgrade to the trial mode, you can’t go backwards, and when the trial expires I don’t believe that it reverts to a “free” mode any longer. Someone correct me if I’m wrong…

Awesome. I'm glad it's working for you, and again, I'm sorry it took so long. I have that script doing sooo much that editing it all out proved to be more time consuming that I had thought so we both won out in the end. I ended up re-writing the device check in from the ground up and removing that portion from my reporting…

Ah so that's the delay. I was just curious because I've had numerous orders and they've all gone through without a hitch. Should I have received some kind of notification that I missed?

, I doubt Solarwinds has much control over a memory leak in someone else's product (Ultidev). But what control they do have is to switch to another web host which they have done. Same platform, beefier version. So my question would be... Are you experiencing this memory leak in the latest Kiwi release? Did you upgrade to…

Like Dclick, I have mine sent to MS SQL, but I use the express version. My top 3 loggers get their own database, and everything else goes into 4th DB. Keeping a month of data seems to be keeping the size under 4gb. I do not have the asp.net site to access it up yet, but I am currently working on it.

I'll check my firewall in a bit and test it, but yeah if you're trying to send me to China after you get my login credentials, it's not going to work. I would think I would get "Page Could not be loaded" or something along those lines though if that were the case.

Are you seeing the messages in the Display? If not, but you are seeing them in Web Access, and you have no filters, then it has to be the script. By "Unchecked Rule" I meant that the check-mark next to the rule was not there when I was doing the above testing and finding problems. I re-tested everything from my previous…

That's a valid point, and like I said, configurable log analysis and reporting would definitely be helpful in Kiwi. But it does have the capability as an entry point to those types of features. I wouldn't think you would get any robust reporting features though if you're wanting to report from ASCII text logs. I would…

I was still not detecting it. But I rebooted the server and now it does. Stopping and restarting the service may have worked, but I didn't think about that until I had already rebooted.

Hrm... Could you post a copy/pasted message string I can look at, because it should work just fine. I don't use the regex filter much, but I do have a few and they work just fine. So either it's not matching the string exactly or something else is causing it not to work. If you feel comfortable exporting your settings INI…

Steve, Thanks for the reply, but I did figure out what I was doing wrong and it was definitely me. I'm feeling a bit sheepish over it, but I'm not one to figure out the problem and not post it though, so here goes. And if you want to move this out of the "Feature Request" space and into the main Kiwi Syslog space that's…