bkyle · Professional Servi ces Engineer

Please post a screenshot of your log to file action. This will help to determine your issue.

Have you upgraded to version 9.4.2? The timeout issue was resolved in that release. Also, how often are you doing database maintenance?

Does a packet capture show a connection to your mail server? 

Are you using 32 or 64 bit counters?

Jessie, You can edit the path in the log to file action:

I would try recreating the log to web access rule. Also do you have any other SQL Compacts databases installed on this system?

In CatTools, you can run commands against your stack, and save the information to a text file. I would recommend downloading an evaluation version, and testing against your stack. This way you will know if CatTools can pull the information that you need.

Have you tried the Kiwi log viewer? There is a free version that can open upto a 700mb file: Log Viewer for Windows - Log File Monitoring l Kiwi Log Viewer

The Kiwi Syslog web access uses a SQL compact database that stores up to 4GB of data. As long as your data does not exceed this Microsoft limit, you can search older records.

Does a packet capture on that server show incoming Syslog packets from that system?

Try creating a temp account on your device, and use that account in CatTools.

Can you sanitize a debug file and post it here?

Variations can provide a work around until the device has been added to CatTools.

Which device type are you using? Also, have you used Variations to modify the prompt?

The facility can help with filtering.

I would recommend creating 3 subscriptions one each for applications, security and system. You will probably want to only send errors for applications and system, and failed audits for security.

Christian, The 1.3.6.1.4.1.20580 OID is specific to Kiwi. What are you looking to use?

Is there anything else listening on port 514?

If this is the Cisco Unity device, I would recommend contacting the or looking at their web site. Either should help you.

The device will need to be configured to send to the Kwsi Syslog server.

CatTools is expecting # or >, but is getting switch-nsi-intersite-relecq(su)->. Try adding this as the prompt.

You are getting to a prompt where you need to hit enter: "Please press "Enter" to continue!" Try the steps in this post: login as: prompt

Jay, If you try to relay mail from the Kiwi Syslog server, do you have any issues?

Please send your case number to me, and I will look into it for you.

This error is usually caused by one of our dll or ocx file getting unregistered. This can happen after an Microsoft update. Please try reinstalling Kiwi Syslog over the top of your current install. Please run the install as the local administrator (not a domain account), and make sure both the Windows UAC and any antivirus…

What is the volume of syslogs that you are receiving?

Can you post a screenshot of the action settings?

Building on what kstone said, you can also add a display action, and specify an unused display. You can uncheck your filter, and you should see syslogs coming into the selected display. Once they show up in the display, you should see them on the SW server.

This functionality is not currently available. I would suggest submitting a feature request.

If you can write a script to check the modified date, you an use an External Process monitor.