• State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 21 subscribers
  • Views 482 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

KIWI Syslog Server showing msgs from Unix and CISCO but not Windows

martincla

Hey guys,

Wondering if someone can help as ive been pulling my hair out for 2 days with this;

Installed the EVAL 14 day Trial version of KIWI Syslog Server (9.6.7) and put it on a Windows Server 2016 VM. Server is setup to log messages to a file and display recieved messages to the default view. UDP and TCP ports are ticked and using standard port numbers for both protocols.

Unix and CISCO devices are coming up in the Syslog server nicely and are being displayed in console.

Windows is a no go - will not display messages in the console.

Installed Windows Log Forwarder on Win 10 and Sever 2012 machines - Set server IP and UDP port number which matches Syslog Server. Set a subscription up to look for application error event with an ID of 0 - Same ID the Test event for Solarwinds shows up as (this comes up in the event preview at the bottom so I know there are events to send to the syslog server). Then setting it to Kernal message.

Ran test on the applcation log as an error and this comes up in event viewer.

I am not seeing it come up in the Syslog console.

I can ping the syslog server from the client, firewalls are turned off on all client PCs AND on the server. AV has been uninstalled on one machine. No other blocking software exists.

I installed the log generator on the syslog server - set IP to client PC and syslog server IP and it generated message in the syslog console.

Installed log generator on client PC, with same settings, wont show up in Syslog console.

Am I doing something stupidly wrong here, ive tried all the forums, everything online, I even set the computer account of the syslog server in the Event Log Readers Group on one of the Windows boxes, no GPOs are blocking connection to port or blocking connection to the event logs themselves.

Need to confirm Windows sends logs before we buy this product and at the moment its not playing ball.

Any help would be hugely appreciated! Even some netstat type commands as ive tried the netstat -ano command on the client and UDP port isnt showing up anywhere (running the command on the syslog server does show UDP port assigned to syslog and no other process)

No error logs in syslog application

Regards,

Clare Martin

  • 0

    Do you have the Windows firewall enabled?

  • 0 in reply to bkyle

    No Firewalls turned off on either end  - Did put in my comments firewall turned off for server and client PC's emoticons_happy.png

    Fixed this today anyway - Event Log Forwarder - Where is the Audit Failure Type?

    So found in event logs this come up - Unable to setup Windows Event Log subscribers.  Subscribe failed with error 15001, The specified query is invalid.

    When I googled I found the THWACK forum post and setting audit failures to a hex code didnt work...

    So I uninstalled Log Viewer 1.2 and tried to install 1.19 which is what one user said to do....but this needed .net 2.0 and we are mainly windows 10 and server 2012 and above so It really didnt seem worth it to download this on all the hosts to make this work...

    So I re-installed Log Viewer 1.2 - rebooted the PC and tested the KIWI Log Generator...and it showed the test message in the KIWI console on the server!

    I then ran the same tests within the Log Forwader and these also generated messages to the server...

    I then went and re-installed Log Forwader on the other machines I tested and these all worked as well...

    This makes no sense to me whatsoever considering I hadnt changed any settings, GPOs, or port stuff, but it works so Im just chalking it down to one of those annoying IT Mysteries! So if anyone gets this just try re-installing the Log Forwader!

    emoticons_plain.png Thanks for replying anyway

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.