kstone ✭✭✭✭✭

Comments

  • Are there any messages being recorded in the Kiwi error log? Look at C:\program files (x86)\syslogd\ErrorLog.txt.
    in Kiwi Syslogd_Service.exe stopping unexpectantly Comment by kstone April 2018
  • Can you provide details on how the filter is configured? Are the Cisco event IDs in the message? Are there any rules before this one that may be matching first?
    in Simple Filtering Not Working Comment by kstone March 2017
  • Looking at the screenshoot I see the MPH is at ~1.5mm. If you have any rules running at all you are pretty close to the realistic limit of the syslog server. This could be a resource issue.
    in Kiwi Syslog Server Setup Window is Blank Comment by kstone October 2014
  • Our volume, and I think the volume of any reasonable busy server, would be too much for email summaries. If it was just counts of messages by host and level maybe... Using a search engine like ElasticSearch or similar and query dashboards would be more useful IMO.
    in Feature Request Email Digest - Any interest in a script to do this? Comment by kstone September 2018
  • I haven't done much in Perl with the syslog server but the syntax looks good... Are you getting any errors in the error log? Would VarPeerAddress work or is the IP embedded in the message text? 
    in Perl script to parse SNMP trap and set VarCustom01 Comment by kstone March 2014
  • The web access should have nothing to do with the log files, they are different actions. Is the action "Log to Kiwi Syslog Web Access" active in your rule(s)? 
    in Syslog Web Access doesn't show data since archive Comment by kstone March 2014
  • I've just installed the upgrade over the existing version. Back up your settings file first.
    in Kiwi Upgrade Comment by kstone November 2015
  • You will need to run a script action. Here is a script we have for a similar use: 'Script to take the account locked out event logs, build a data dictionary, publish to a web page, check for unlocks and expire the events. ''Sample data '2012-11-30 08:52:25,Local1.Notice,DOMAINCONTROLLER.domain.local,"Nov 30 08:52:25…
    in Parsing logs from Windows Event logs Comment by kstone April 2015
  • Increasing the buffer size will likely just ensure messages aren't dropped and increase your delay. We're doing between 17 and 22 million messages a day on a single server with 80+ rules, lots of logging and scripting. The server is a VM with 4 CPU and 4gb of RAM. Something definitely isn't right with the performance…
    in Kiwi Message Buffer Comment by kstone July 2014
  • We don't do much and it's not for the Daily email. We update CustomStats01 with the total received. This is done via a scheduled script that reads Fields.GetDailyStats() and parses the current values and compares to CustomStats01 then updates the variable with the new total. We then send the difference to statsd and…
    in Custom Stats...What are you tracking? Comment by kstone April 2015
Avatar