Comments
-
Hrm... I think I read somewhere that 2008 has some anti-spoofing options that you can disable via PowerShell scripts. If you're getting forwarded Syslog messages from another source spoofing the originating IP address, then this might be the issue. It's actually possible this could be the issue anyway. I'll see if I can…
-
@fmradio516, I apologize for the late response here, but my notifications from SW aren't getting through to me for some reason. Anyway, there are several options here without getting into scripting. Option 1: In order to get "port D[1-16]-High collision" to work in a filter, you have to choose RegExp as your filter type…
-
Oss.rk, Did you ever get what you needed here? Is there anything else I can do to help?
-
I don't know about a performance increase, scripts literally take fractions of a second to run in most cases, but it would definitely be more intuitive as a filter option. I'm hoping a MOD might move this to the feature request section.
-
The level is probably ok, the failed login for bad password message is a "Warning" level message and you're getting Info if you received the message you posted. But... the command under config term is... logging trap 7 The 7 is the logging level. If you do a show logging and post it (remove any proprietary info like IP…
-
You should also be getting a Syslog message in addition to the SNMP trap, and in my experience, the Syslog messages are usually more descriptive than SNMP traps. With SNMP traps, you really need to know what the trap is for and what triggers it because all you're really going to get out of it is the fact that the trap was…
-
Well, if you want the information out of Kiwi, you have several options. If you just want at a glance information and you have fewer than 20 devices, you can use the real-time statistics window in the Kiwi Service Manager. If you want a daily report and you have fewer than 20 devices, you can utilize the daily statistics…
-
Np. Glad I could help.
-
Is the random character ALWAYS the first character after rcvd=? And is it ONLY the first character? And is the character typically or always a “special character”? Or do valid letters and numbers enter into the picture?
-
I wasn't suggesting that we have unresponsive mods here you guys are usually on top of things.
-
mezdem, Here you go: keep your message_text filter in place, get rid of your flags/counters interval filter, then make your first action a run_script action and use that script. You may need to do some basic editing, but I did set the default interval to 14400 seconds for you (240 minutes) so that may be all you want/need…
-
I worked for a company that used Orion, but the only IT departments I've been in charge of have been for small companies with little or no IT budget. I'm not really an expert at anything either... but very well rounded I would say. (Edited for Clarification... I did not run an Orion shop, I simply worked with it)
-
After the last action to all of your other rules that process those messages and log them to file, or DB or display or whatever, add the "Stop Processing Message" Action. That will stop those messages from going any further past the rule that handles them, and then your catch-all rule at the bottom will only catch devices…
-
Rick, I apologize for not responding sooner, but I will provide you a sample script you should be able to use to accomplish what you need. Also, for scripting help, I would begin with VB or Jscript because you don't need to install anything specific for them to function and there are plenty of reference guides out there…
-
baj, You might also check what interface address the device is set to use when reporting messages Some (maybe all) Cisco devices are capable of reporting an IP address for an interface other than the one the messages are coming from. Some devices are also capable of reporting from whatever IP address you want them to…
-
Sure, if you are certain you want to use the log files to capture data, then regardless of whether or not you want to maintain seperate files or not, you can change how much data is kept. In the "Log to File" action endable log file rotation and configure the settings to your preferences. You should be able to see…
-
karenm, karenm wrote: I like to also see the AP collecting the data and which WLAN is in use and the ciscoLwappDot11ClientSessionTrap mib includes all this data, but the IP Address is not formatted correctly. The AP collecting the data is probably the same one logging, in this case, your 20:4C:9E:EA:4F:B0 device. This…
-
I think that upgrading the free version breaks it and what is happening is that your trial version (not free anymore) has expired.
-
Jiri is correct that the software cannot track this and that it becomes irrelevent after the 1st hop, but that's not to say it cannot be done at all, if all of your machines that you want to track are on the same subnet and do not travel through a Router or Firewall. If the machines you are looking to track are…
-
In that case, if you’re just looking for a specific few that you want e-mail alerts on, set a filter on message text and use the simple filter type. Then just add event id’s that you want alerts on like this: “1001” “1004” “1006” The action for that rule can just be the e-mail action. You may get some miscellaneous alerts…
-
How strange. Well. I don’t have a free 64bit box to use, but I am in fact about to start configuring Kiwi on Win2k8 server R2. I even happen to have a 5510 sitting here. I’ll let you guys know what I come up with.
-
Glitch, I’m not aware of any issues with x64, but kiwi does seem to be working at least on the surface. Are there any other devices you can test with to completely eliminate the firewall as suspect? Are there any relevant entries in the errorlog located in the syslogd folder? Acy
-
Hi Jonathon. You would be absolutely correct if he were using LEM, but I don't beleive that he is.
-
I could be wrong here about NCM because I don't use it and have only ever gone through the demo, but... NCM is a part of the ORION suite, and even as only part of a whole, it offers things that Kiwi doesn't do efficiently,elegantly, or at all. Also, the Syslog server provided with ORION serves a different prupose, as an…
-
Same issue... It's the days and hours part. (DATEDIFF(d,DATEADD ... (DATEDIFF(hh,DATEADD .. You'll have to do this: Days = (Get Seconds / 86400) Hours = ((Get Seconds - ((Get Seconds / 86400) * 86400) ) / 3600) Minutes = (Get Seconds - (((Get Seconds / 86400) * 86400) + ( ((Get Seconds - ((Get Seconds / 86400) * 86400) ) /…
-
That's odd, I wonder what was using those two .dll files if the service was stopped. It also seems strange that uninstalling did not resolve the problem. I installed the beta 4 or 5 times and I installed the RC twice, and the official release twice and did not run into this issue. Granted I've only got two sites and only…
-
If you're talking about logs moving forward from now, the easiest way would be to start logging them to an ODBC database now and then you can access them via SQL, have your DBA export to CSV whenever you like, etc.. If you're talking about logs that have already been logged and they've been logged to text files by Kiwi…
-
I only knew cause I had the same question 2 years ago... Cisco IOS question - Syslogging
-
You're welcome Jiri, and thanks Chris, that is definitely an easier option, but there is a disadvantage... Changing the registry settings requires a service stop/restart which wipes out your stats.
-
My understanding is that UDP is faster because it has no inherent error checking.
