Kuz

The field is "TimeOfAccess". IPrism define it as "the number of seconds since 1/1/1970 12:00 AM" You'd need to derive the correct date time from that value. eg. Calculate a "TimeOfAccess" date-time from DelimitedFields(2), adding 'N' seconds to 1-Jan-1970 00:00:00 TimeOfAccess = DateAdd("s",DelimitedFields(2),"1-Jan-1970…

OK, looks like the script doesn't have the required access to .VarDate and .VarTime. These are considered "Other fields" (the usual field is .VarDateTime) - to make them available, check the "Other Fields" checkbox on the Script properties panel. I usually run scripts with Full Read/Write access - which is why I never…

Update script file attached.

That looks like it should be working then. I'd suggest we do some script debugging, to see what's going on with the SQL INSERT statement. 1. Add this line to the script: ... Quote(DelimitedFields(13)) & ")" '--add-this-line-here-- .VarCustom01 = SQLcmd ' Log the data to database using ConnectionString, DatabaseTable,…

What is the DataType of your MsgDate and MsgTime database fields?

I'd say that error is unrelated to SQL (relates to your UDP input)

No problem. A word of warning though - the script above will ping the machine on *every* syslog message received. If your syslog throughput is very high you will definately *not* want to implement it in your default rule (for a couple of reasons): 1. Waiting on a ping result for every syslog message received will slow down…

It's hard-coded (in the source). -Kuz.

You shouldn't need another "Log to Database" action. I'd suggest the following rule: Rule "Log HTTP to SyslogB" +Filters - {Appropriate filter for HTTP syslog messages, I'd suggest something like: [IP address : Simple] : "10.0.1.11"} +Actions - RunScript "Script_HttpSyslog.txt" (Full read/write flags) - Display 01 You will…

No. (Sorry).

1. No colon in ConnectionString: = "..." (should be ConnectionString = "...") 2. Make sure connection string is all on one line. 3. You've got a double-quote in the middle of your connection string for some reason (near ...Properties=...). If the connection string needs to have double quotes within it, then those need to…

Hi aliendan, Not sure what the problem is exactly, but I suspect it has something to do with the account you specifed during install, and whether or not the installer can get the service to start under that account. Can you please try installing with the default account (.\LocalSystem), and see if that helps.

Which port did you try??? Was the port free (ie. not in use)? You can check which ports are in use with netstat -aon

Although we don't support this feature directly, you can achieve this with a Custom RunScript. Create a RunScript action, just before your "Forward to another host" action. Here's a sample script (not tested, just off the top of my head). It will ping a specific machine and decide if it's offline or not. If the machine is…

There is no file that holds the daily stats email format. It's provided *as-is* and is essentially non-configurable. The custom 'Top N Hosts' Run-Scripts are the only means by which to create a Custom daily stats e-mail.

Snare configuration is covered in our Knowledge Base and online help file: http://www.kiwisyslog.com/kb/how-to:-receive-windows-event-log-information/ http://www.kiwisyslog.com/help/syslog/configuringsnaretocapturew.htm Mike Kuzman, Dev. Lead Kiwi Syslog Server Solarwinds

Not sure what the problem might be... Here is the same script (that is working for me)

Unfortunately, you cannot override the default columns in Kiwi syslog (at least, you can't change their names). You can override the content of the fields though, by using a Custom RunScript action to modify the Syslog Message before it is displayed. ie. Rule "Override Syslog Message in display 00" -Action +RunScript…

Hi aliendan, Thanks for the feedback. We're very much aware that this is a priority bug for people, and acknowledge it as an issue in the current version (9.0) of Kiwi Syslog Server. It is our intention to have this issue fixed in a forthcoming release, although I can't comment on when exactly that will be. If possible,…

SQL Native Client provider is there if you have it installed. See here: Data Link Properties, from Log To Database action in KSS.

Normally C:\WINDOWS\SYSTEM32 or C:\WINDOWS\SysWOW64 on 64-bit OS. Kiwi Syslog Server will install mswinsck.ocx to either or these two locations. But failing that, 9.1 also installs a copy of mswinsck.ocx to <program files>\Syslogd

OK, looks like connection string is wrong. Try the following: 1) Open Kiwi Syslog Manager Console. 2) Goto Setup, and create a new "Log to Database" action somewhere (anywhere will do, we'll get rid of this action later). 3) Hit the '...' button on "Data Link connection string" - we're going to use this to build a working…

Sounds like you guys are forgetting the Scheduled Clean-up task. It's purpose is to delete log files that: (a) Match a given file mask. and (b) Are of a certain size, or age. Check out the Scheduled Clean-up task, by creating a new Schedule and changing the task type to "Clean-up". The Source page contains all the config…

The HRESULT 0x8007007E is "The specified module could not be found." {72C24DD5-D70A-438B-8A42-98424B88AFB8} is Windows Script Host. Download and Install Windows Script Host from Microsoft and you should be fine. Window Script Host 5.7 for Windows 2000:…

It is possible that the Message Text contains some non-printable characters, like 0x00 (NULL)/0x0D(CR)/0x0A(LF) - which the DBMS can interpret as end of line, so the SQL statement looks incomplete. Try enabling this setting: Modifiers > Replace non printable characters with <ASCII value> This will convert all…

Although there is a database maintenance procedure that runs when the database approached 4GB, this can sometimes cause problems if the syslog throughput into Web Access is high enough (ie. if the Db maintenance procedure cannot keep up). This situation has been improved in Kiwi Syslog 9.2.0, where the DB management and…

Hi All, There was a problem with the Log Forwarder 1.1.17 bits that were uploaded yesterday. This problem has been fixed, and the Log Forwarder 1.1.17 packages have been updated. Please re-download and re-install the Log Forwarder 1.1.17 build to rectify. (Or re-download Kiwi Syslog Server 9.2.1 zip, which includes the…

Just noticed you're using 8.0.2... There were a couple of stats and Top 20 hosts report accounting fixes in 8.1.9 and 8.2.1. I'd highly recommend getting the latest version (9.1)

BTW, if you are going to be running this script in a high throughput scenario, I'd recommend that you consider rewriting your original script (with the UTC conversion additions) in JScript. The VBScript "CreateObject" call is notoriously slow - having to make that call for *every* syslog message that arrives is going…

Hi Kurt, Any chance you're running any debuggers on your system, like SoftICE or similar debugger? I've seen this type of issue before (usually relating to the Software Protection System we use in KSS). Our SPS will barf if it finds any system debuggers running... Also, you may want to try on another machine... in my…