bkyle · Professional Servi ces Engineer

Please post a screenshot of your monitor's settings.

Please post a screenshot showing your filter settings.

As a temporary workaround, please manually edit the CFG file (LogForwarderSettings.cfg) and change <keywords> <string>Audit Success</string> <string>Audit Failure</string> </keywords> To <keywords> <string>0x20000000000000</string> <string>0x10000000000000</string> </keywords>

Because of changes in the security event logs starting with Windows 2008, you will find these options under the Keywords section:

Yann, I would recommend decreasing the severity of the syslogs that are sent over to the Kiwi Syslog server from your devices. For example, I have seen where Informational messages can make up as much as 98% of the syslogs being sent over.

If you look under Discovered Nodes on the left side of NTM, do you see anything?

Sly, Make sure that the Kiwi syslog service is running under an account that has rights to that share.

Please see this link: Free Syslog Server | Kiwi

As a test, try filtering in the Kiwi Syslog Service Manager. This way the logs are not sent to the web access database.

What are you filtering on?

Have you tried enabling Capture Mode (File\Enable capture mode")? This will show you verbose communication with your device.

Building on what bshopp said, you can also make sure you have the correct MIBs added to Kiwi Syslog. This will give you a more readable message. For example instead of "1.3.6.1.4.1.9.9.513.1.1.1.1.5.100.233.80.184.217.112=Truck_Bay" You could receive text .

Try following the steps in this link: login as: prompt

You are getting press 'y' to continue (within 30 seconds) (y/n) could not read banner acknowledge". How do you bypass this message when telnetting into this device?

If you are on the current version of CatTools, you will want to use this tool to deactivate your license: http://solarwinds.s3.amazonaws.com/solarwinds/Release/LicenseManager/LicenseManager.zip This will send your activation key back to your customer portal. Once your key shows up, you will be able to use it on your new…

Try to enable capture mode: File\Enable capture mode. Run the activity (a file will be created in your \CatTools3\debug folder), remove any sensitive information, and paste the results here please.

What is the command that you send to display the actual config?

Building on what kstone said, how many messages are you receiving per hour?

I would recommend contacting technical support and submitting a feature request.

You may need to use Variations to tweak the device settings. See this link: http://www.kiwisyslog.com/help/cattools/index.html?dev_devicevariations.htm

Please post one of the traps that you are receiving. Also, Do you have the latest MIBs installed for Kiwi Syslog?

Try the following: From a command line run: netstat -ao -p udp Look for port 514 Next open task manager (make sure PIDs are being shown) and look for the PID that is listening on port 514. It should be a Syslogd process. If it is any other process, you will want to kill it, and restart the Kiwi Syslog server service. You…

Britton, You can use a message text filter to include only syslogs containing certain text. Please see this link: Kiwi Syslog Server

Try putting one of these devices in its own activity, and see if the activity runs.

This is hard to say. How many syslogs are you expecting per hour?

What method are you using to send this information to the Kiwi Syslog server?

Once the new installation is complete, you can run the ipm9restore.exe, and point it to your file (*.ipm9backup). This should restore back with your previous settings.

Frank, You can create an alert with multiple actions. Here are some links that will help you: Restart service: http://support.ipmonitor.com/helps/1065d79815814ecb9acfcda23dd0b8f6.aspx Reboot Server: http://support.ipmonitor.com/helps/198c642aaf72451ba0c703d763369b08.aspx Send E-mail:…

Are you seeing any out of memory errors?

1. You will want to add the VM as you would an actual server. 2. You can add a hard drive monitor, and adjust the thresholdsw 3. You will want to make sure that your server, or hard drive monitors have been added to the alert.