• State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 23 subscribers
  • Views 473 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

corrupt syslog messages from windows event forwarder through kiwi to NPM

FormerMember
FormerMember
Hi there,

 

i am trying to find a way, to get windows events sent, s syslog, relayed through a syslog server, and then forwarded onto NPM syslog daemon, where I generate alerts.

 

current set up is (all servers are windows 2003 server):

 

server 1 - runs SolarWinds event log forwarder

server 2 - runs kiwi syslog daemon/forwarder

server 3 - runs SolarWinds NPM

 

i generate an event on server1, by restarting auto-update service.  this generates a system event, which is forwarded onto kiwi.  Kiwi sends the message, as a syslog onto NPM.  NPM filters out the interesting stuff creates an email that sends the syslog contents to me.

 

I can see the message is corrupt by the time it gets to KIWIW, so the email itself is rubbish:

 

when kiwi gets this event, it is unreadable and looks something like the following example, see the message content on the last line of the message:


 


This alert is produced by the windows event log forwarding critical alerts through Solarwinds Orion

 

Hostname:              s########### (blanked out for security)

 

Time of alert:           13/07/2009 20:10

 

Message Type:        

 

Message detail:       Jul 13 20:09:38 10.2.2.174 Kiwi_Syslog_Server Original Address= ###########  (blanked out)

NDw0QXlhLj4jMSAjJCw2JyAjKiImLik/c3Vuc2ZxYmQYGB0fDAh9SlNEQFpATAwXa1xZTk5USkZge2IQNCAlLiklajs+JDgmPDQ1Nid1NyQrMD01OTl+Kw9BDAYTRQoIDwYEUWFnY2V5JAEWBlU4FhUcQHI9GRMW7ujx9/bk8uj6hICGhoTK4P3w+/2unJ/S1dzI0tOQlJKqqO7Mw8rIh+HtkKKlhZ7XgJ2Cy4P08vH7+pO2trC0tpCzq7WtqaOgrbrwwp+onaqzpKC6oKyGpbGvs7e5urvS6ujr6reApIaLgp+bvJ+HmZmdl5SR+Pz+8fCpnq6YjYtucGZUd29xYWVvbGkABAYZGEF2QHR9cldudH5ubnZ2UHFQSlJMSkJPTCchJSQnfFV1V1FBUmZFUU9TV1laWzJKSEtKFyAVPjs9LyYJIzgmIj48PjE7IgcqMCwyMDg5Om1ra2ptNgMrBwgOLx4EGAoCIQAaAhwaEh8cd3F1dHcs5cjv8+H39ejm6P7u3P/n+fn99/Txnw==

 


Message Severity:   ${MESSAGESEVERITY}


 

I tried using a different product, “winsyslog”.  when i use it, i can configure the product to send the syslog to NPM as RAW, rather than RFC compliant.  if i do this, it makes it to NPM intact, but i am having other troubles with that product and i would rather stuck with a single vendor.

 

if i send the windows event forwarded syslogs direct to NPM, it works fine.

 

one final complication, in the above scenario, so u have all the information, server1 is an additional Orion web server, and server 2 is an addition SLX poller, and server3 is a SolarWinds NPM SLX server.  i have disabled the syslog service on the additional poller to make sure the syslog is received by the forwarder.

 

really need help on this.....

 

cheers

 

dan
  • 0

    Bad news:   The problem is that the Orion Windows Event Forwarder hashes the message so that only the Orion Syslog Server can read it.  

    Good news:  We're coming out with an updated SolarWinds Log Forwarder for Windows that will work with both Orion Syslog and Kiwi Syslog.   It will be made available to customers current on maintenance for either product.  Please send me a private message and we can discuss your options now in more detail.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.