SolarWinds© Kiwi Syslog© Server centralizes log management across network devices and servers. It is an affordable syslog management tool for network and systems engineers. It receives syslog messages and SNMP traps from network devices such as routers, switches, and firewalls, and Linux/Unix hosts. You can filter and view these messages based on time, hostname, severity, etc., and set up custom alerts. This tool also has built-in actions to react appropriately to syslog messages.
Kiwi Syslog Server includes many options for customization. For example, you can create rules to automatically respond to messages that meet the specified criteria, and you can set up schedules to automatically archive logs for regulatory compliance.
Rules can be sued to specify how Kiwi Syslog Server processes the syslog messages it receives. You can then customize each rule by setting filters and actions. Rules determine what actions Kiwi Syslog Server takes when it receives a message, and which messages trigger these actions.
Filters and actions are used to define rules. Filters determine which messages trigger actions. The output from the first filter becomes the input for the next filter. If a rule doesn’t include filters, all messages are acted on. Actions determine what happens when a message passes all filters. Actions are triggered when all the filters for a rule are evaluated as true. Multiple actions can be defined for each rule. Among others, actions can be defined to do the following:
- Display a message
- Log messages to a file
- Forward messages to another host
- Run an external program
- Send an email message
- Send a syslog message
- Log messages to a database
- Send an SNMP trap
- Run a script
You can add an action to run a script to filter or parse the current message. You can use the action to run a custom parsing script that breaks the syslog message down into various sub-fields. The values can then be assigned to custom fields and logged to a database. Example parsing scripts can be found in the \Scripts sub-directory in the Kiwi Syslog Server installation directory.
It’s also possible to use additional scripting languages, such as Perl, Python, or RubyScript. To use one of the mentioned languages, you must install the Active Scripting engine for that language.
During normal operation, the script files are cached after they have been read from disk. This improves the program speed and prevents additional I/O. If you modify the script externally and save it back to disk, the changes don’t take effect until the file is reloaded.
To trigger a script on a regular basis, you can:
- Create a scheduled task to run a script
- Enable a keep-alive message and add a Run Script action to run the script when the keep-alive message is received.
There are 16 custom statistics available for scripting. The system does not erase static values with each new message like the other script fields. You can view custom statistic values in the Statistics window under the Counters tab.
Fields, a globally accessible object, pass variables to and from the script. Variables are used to store data values you receive from messages. To access a variable, prefix "Fields." to the variable name. Depending on the read/write permissions you set for the action or scheduled task, the variables can be modified and returned for use in the syslog program. Custom fields are dynamic and clear with each new message. Use these fields to hold script results so you can use them in Log to file or Log to Database actions.
When you write scripts for use with Kiwi Syslog Server, you can find several built-in functions available from the Fields object.
When you add an action to run a script or create a scheduled task to run a script, use the following resource to help you write the script. Use the examples in the \Scripts folder located in the Kiwi Syslog Server installation directory to get started writing scripts. The folder contains sample scripts showing you how to play sounds, send email, log to file, and perform other actions.