Aforsythe

By default without script editing, this should set a 10 minute polling rate for each device... 1 - Make sure you put your e-mail information in the script. 2 - Make sure you have Kiwi setup to send e-mails and that that is working properly. 3 - Make sure the device you are monitoring sends at least one message after you…

Ok, then this script will work for what you want but you'll need both scripts in my download. You'll need to put the Script_HostCheckIn.txt either in the rules you want to check, or if you want to check every device put the script in a rule for all logs. You'll want to either specify each device by IP address (or hostname…

Ok, so I think we are talking about the same thing. You want to know when 182.48.249.34 - 182.48.249.35 stop sending logs to kiwi right? How often do they send logs? Do they send logs every second? At least every minute? Once or twice an hour? This answer will be your minimum poll rate. How quickly do you want to know?…

I think I might be misunderstanding what you are looking for. That script does essentially what mine does only it's not as configurable. These scripts alert you when a device is not sending messages and need to be run in a rule that doesn't filter any messages out. Not scheduled. If you want to know when a specific rule is…

Well, apparently the site doesn't allow minor versioning, so 1.1 is officially 2.0 or vice versa. Let me know if you have any suggestions on improving the script. I thought about allowing interval settings per device, but I want to keep script editing to a minimum for those unfamiliar with scripting.

beardedgeeknc‌ Sorry about the delayed response, I've been so busy the first Q of this year, I'm just now getting back into the swing of things. The reason you're getting that error is because it cannot find the file: C:\Program Files\SolarWinds\Kiwi Syslog Web Access\html\Statistics.html The file is included in the zip…

This is now a functional part of Kiwi and a script is no longer needed.

For some reason the "set" statement did not get copy/pasted here. I've fixed the original post.

Yeah, the identifier can be any unique value and it does work with all of the dictionary methods. Unfortunately there isn’t a variable for “Rule Number” stored anywhere, so you’ll have to edit that into your scripts as you set them up for each rule and you could use rule number, rule name, or even a description of what the…

Thanks for the complement, and I'm glad you're getting some use from it. The Dictionaries are global, so you can use it in multiple scripts across multiple rules. You can think of dictionaries as global arrays or DB tables, whatever makes sense to you. They only have 2 fields though, a primary Key field that is unique, and…

I just tried this, but on the full version, and the log file location changed. The old log file was still there, but new data was being logged to the new location. All I had to do was change the rule action and click ok for this to work. I changed the name of the file and even the drive it was logging to.

This is great! I'm already putting together a list of people who desperately need to read this document. I couldn't have said any of this better myself.

Levani, Check here: Event IDs 560 and 562 appear many times in the security event log

The latest version simply adds the "Check In Table" from the dictionary item "CheckIn" if you are also using this: If you are not using the checkin script as well, this script should continue to function perfectly fine for you regardless which version you are using.

Nirmal, Are you wanting to get alerted when a device isn't sending messages? Or do you want to get alerted when a Rule isn't triggered by those messages? If it's the rule you are concerned about, do you want to check for every message, or just check periodically and how often do you want to be alerted? Do you want to be…

Nirmal, I think this might be what you are looking for: http://thwack.solarwinds.com/docs/DOC-170644

Text data type or nText data type does not support a "width" property, you can't specify column length. If you're creating the table via Kiwi, I believe that you can edit the SQL used to create the table and change the column definition.

rudym12​, Kiwi is extremely capable, but it requires configuration to do anything other than collect logs. You'll find that the help file is extensive and complete for Kiwi, but I can point you in the right direction for starters: 1 - This one is fairly easy, you'll need to have a copy of the message you want to alert on.…

That's a very broad question with no easy answer. Usually security detection devices and software systems will correlate different logs from different sources to find potential threats, but there's not really an exact science, one-size-fits-all solution or answer. For example, logging failed login attempts to a server or…

I’d take a picture to show you, but my daughter stole it, and won’t let me have it back.

Just a thought, since I ran into a similar problem... Did you change the default installation folder for the web access or the webroot? If you did, check in C:\Program Files\Solarwinds\Kiwi Web Access\html and see if your missing files are there. If so, simply copy them to your custom install location. Let me know if that…

Mike, I'm curious what OS you are running, but here are a few things you can try... If you have not tried to completely uninstall and reinstall, I would try that. (Make sure and export your settings to an INI file and back that up along with any scripts. Also, Do you have a \solarwinds\Kiwi Web Access\html folder anywhere?…

Is this a brand new install of Kiwi? I'd have to see your configuration to see what's going on. Are you using the static hosts file for DNS resolution? Are you filtering and forwarding messages back to Kiwi? Some devices have the option to send message as host and allow you to specify an IP address for the host or allow…

Brandon, This doesn't seem to be available via the Help menu "Check For Updates" will it be? Or do we have to download it?

If you've got the website access logging to Kiwi and are trying to filter it within Kiwi Syslog Web Access, then yes you can do this. 1. On the Highlighting tab in Web Access, click on Add New. 2. Event Field would be message text 3. String to Match: whatever string you want to match, IE: cnn.com 4. Then just setup your…

Dasep, I was unable to find the equivilant for Windows 2008/2003/7, but in XP/2000 there is a file called C:\Windows\ShedLgU.txt that exists and logs very useful info like what I posted below: "Paint.job" (mspaints.exe) 4/11/2013 11:59:00 AM ** ERROR ** Unable to start task. The specific error is: 0x80070005: Access is…

That filter will include messages that match your regular expression, but it will not modify the message prior to displaying it. If you’re familiar with vbscript, there is an example script in the scripts folder that you can modify and use (it replaces the word “cat” with “dog). What you would want to do is use MID and…

Jiri, I figured out the issue with the missing files. If you change the installation path for the webroot, it will still put the help subfolders in C:\Program Files\Solarwinds\Kiwi Web Access\html\ Also, that's as far as I can go. The beta is not giving me any options to register the temp key you gave me outside of the…

Jiri, I might have something misconfigured on my end, but I am unable to connect via https after following the instructions in the document for setting up the certificate. I have attached the IE8 run-time error I receive, but I get the same error in Firefox. Also, the site works fine via http.

You might be able to de-activate or unregister via the customer portal. Failing that, I would contact customer services or tech support to see if they can release the license.