Kuz

The script looks fine to me. Kiwi Syslog Server expects the following script structure (single Function named 'Main' with return code 'OK'): Function Main() Set iMsg = CreateObject("CDO.Message") Set iConf = CreateObject("CDO.Configuration") ... ... ... objFSO.DeleteFile("c:\temp\SyslogCatchAll.txt") Main="OK" End Function

Hi Oristilli, Have you enabled DNS resolution in Kiwi Syslog Server? Setup > DNS Resolution > "Resolve the IP address of the sending device"

Hi Ciaran, Are you using Auto-split variables in the Log-to-file filename? This may impact the Log File Rotation scheme, in that it expects static filenames, not dynamic as would be generated by the inclusion of any auto-split variables in the log file name/path. Regardless, you should be able to employ a Scheduled Archive…

Hi Mike, Unfortunately, Kiwi Syslog Web Access doesn't currently support date/time filtering like "today", "last x days", "last month", etc. If you'd like to request this as a feature, please post your suggestions to the Kiwi Syslog Server Feature Request forum, here:…

Hi Idan, I'd start by creating a custom File format in Kiwi Syslog, that just logs the "message" to log file (without all the Date, Time, Priority, etc.). Setup > Formatting > Custom file formats > Create New custom format, and select just "Message" field (no delimiters, no qualifiers, just the message). Re-configure your…

File Menu > Purge > Purge Mail Queue

Hi dmattox, Just wanting to clarify... Are you talking about "Kiwi Syslog Server" (free edition), the free tool called "Windows Event Forwarder", or the new "Log Forwarder for Windows"?

Yes, it is. Create a new rule, inside that rule Create a simple Message Text filter - looking for "Too Many Channels With Errors" (or similar), and then create an E-mail notification action. eg. "Too Many Channels" Notification Rulw + Filters - Message-text (Simple): Include: "Too Many Channels With Errors" + Actions -…

The key difference between normal UDP syslog sending and the UDP packet spoofing option, is that the packet spoofing option creates an entire Ethernet II Frame from scratch and sends it from the selected adapter. In order to do this, Kiwi Syslog Server needs to fill in the MAC address of the destination (a required part of…

Hi Pete, You can use a RunScript action to parse the Cisco ACS syslog messages, and reformat the syslog message to suit your needs. Attached is a sample script (screenshot for the Rule config to follow).

Hi Curt, Restarting the Kiwi Syslog Service will always clear (uninitialize) the Global (and Custom) variables. That said, please bear in mind that if you are running script tests though the Kiwi Syslog Manager, then it (Kiwi Syslog Manager) maintains it's own sandboxed versions of the VarGlobals. You will need to restart…

Sridhar, Just to elaborate on the previous post: Rule "From FW 172.16.1.21" Filters +- IP Address : Simple, Include "172.16.1.21" Actions +- Display "172.16.1.21" Rule "From FW 172.16.1.22" Filters +-IP Address : Simple, Include "172.16.1.22" Actions +-Display "172.16.1.22" To save the logs, add a "Log to File" action to…

Hi logholder, These types of errors can occur if the Kiwi Syslog Service doesn't have the appropriate permissions on the archive destination folder. Usually only when the destination is a UNC path, but otherwise you would need to ensure that the Service LogOn Account for Kiwi Syslog Service (.\LocalSystem by default) has…

Hi Mike, Here's your problem: Message Queue overflow: 428990 Which basically means - messages are being lost due to overloading. Check out this from out online help: "How to increase the Message Buffer Size" http://www.kiwisyslog.com/help/syslog/adv_reg_msg_buffer_size.htm Kind Regards,

Hi Greg, Nice to hear from you again. I've found the support ticket you created, I'll re-open it and we can take this offline. I haven't come across this problem before in Kiwi Syslog Server, so I'll definately need more information.

Hi Ken, Not being able to change the Kiwi Syslog Web Access default login account during a re-install, is a limitiation of the Modify/Repair installation feaures option, which is presented when re-installing. We intend to fix this behavior in a future release, so that when reinstalling you are presented with the "Configure…

Hello Friend, The number of devices sending syslog messages ususually has no bearing on the survivability of a single instance. What is more important (for a single Kiwi Syslog Server instance) is the total number of syslog messages sent from all devices, per hour. With the default Log-to-file rule, Kiwi Syslog Server can…

Hi KIWI New Guy, Kiwi Syslog has a feature "spoof syslog packet", which enables transparent forwarding of syslog messages, but as yet we have not implemented the corresponding feature for SNMP traps. It's on the cards, just not sure when (and in what version) it will be available.

Hi lankienen, You should be able to use a Threshold filter to limit the amount of e-mails being sent. The threshold filter effectively throttles the number of times the associated actions will be executed, in a given timeframe. eg. Rule <existing> +Filters +-<existing> +-Flags/Counters: Threshold filter <--Add this filter…

The Kiwi Syslog Server console is a real-time view only. As such, it displays only the last X syslog events; where X is configurable in Setup > Display > Number of display rows (5 to 1000) To look at the log in it's entirety, you can log to Web Access, or log to a file. Syslog events that are logged to Web Access can be…

Hi arlocontact, I'm the lead developer for the Kiwi CatTools product, so I'd like to try replicate this issue in-house. Could you please zip up and send me the 3 source files for the X-Ref report (Port, MAC and ARP reports) so I can test using your source data, as it could be something specific in one of the source files…

Hi magnum0711, You're right, this is the normal behaviour if you specify a remote or UNC path for the archive destination. If this turns out to be a problem for you, can I suggest the following workaround: 1) Change your UNC (or remote) archive destination path to a local path (where exactly doesn't matter, any temporary…

DSN=xxxxx; needs to have quotes around it. ie. DSN="xxxxx;"

Hi droberts29, Sounds like one of the required prerequisites failed to install correctly.Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)(http://www.microsoft.com/downloads/details.aspx?familyid=A5C84275-3B97-4AB7-A40D-3802B2AF5FC2&displaylang=en) Please download and install from the link above, and then re-run…

You'll get that message in the Log file if you try and use one of the "paid for" features. If you need to test the full functionality of Kiwi Syslog Server, just download an Eval from the website. http://www.solarwinds.com/register/kiwi_registration.aspx?Program=876&c=70150000000Es8J You'll get full features for 30 days,…

I'd say it would be easiest to reconfigure the two hosts to not send syslog messages. Mike Kuzman, Dev. Lead Kiwi Syslog Server Solarwinds

Hi lankienen, Please see: http://www.kiwisyslog.com/help/syslog/rules_maximumrulecount.htm Rules - Maximum Rule Count Section: HKEY_LOCAL_MACHINE\SOFTWARE\SolarWinds\Syslogd\Options Value (STRING): MaxRuleCount Min value: 10 Max value: 999 Default value: 100 Type: The Maximum number of rules allowable in Kiwi Syslog Server…

Hi Evan, The Top 20 hosts report will show you the 20 device with the most activity. The "All Others" is a sum of all the remaining devices. If for instance you had 200 devices, each sending roughly the same syslog throughput, then you can expect to see the top 20 devices account for ~10% of total traffic. The remaining…

Hi davenc, Without going into too much depth, the easiest way to split log files based on sending device would be to amend your default "Log to File" action, so that the "Path and file name of Log file" includes an auto-split value. ie. Add the %IPAdd4 (IP Address, 4 octets, zero padded) auto-split value.…

Hi scaveman, Security Logon/Logoff events are "Audit Success" or "Audit Failure" event types. I'd recommend that you check your Event Log Subscription in Log Forwarder, and make sure that if you are subscribing to the Security event log, the Audit Success and Audit Failure event type checkboxes (at the top of the…