6 Replies Latest reply on Nov 30, 2017 1:29 PM by rschroeder

    Blank Emails and incorrectly formatted emails

    jay.chandrasekar

      Hi, I am evaluating Kiwi version 9.6.3.3. I have been using Filters/Actions to run a script and send an email which works fine.  However, what's odd is sometimes, the email is blank or incorrectly formatted (This seems to happen randomly). Here's the format that I setup in Kiwi.

       

       

      Here are some messages that show up correctly.

       

      Log from Kiwi for Citrix Application Firewall for Host 192.168.40.10

       

      Source IP  of User: 192.168.40.1

      User Name Executing Command: nsroot

      Date & Time: 2017-11-21 |  23:47:49

       

      Command Executed:  show HA node"

      Command Status: Command Successful

       

      Here's one that does not show up correctly (incorrectly formatted)

      Log from Kiwi for Citrix Application Firewall for Host 192.168.40.10<br/><br/>Source IP  of User: 192.168.40.1<br/>User Name Executing Command: nsroot<br/>Date & Time: 2017-11-21 |  23:46:13<br/><br/>Command Executed:  login nsroot "********""<br/>Command Status: Command Successful<br/>

      Log from Kiwi for Citrix Application Firewall for Host 192.168.40.10<br/><br/>Source IP  of User: 192.168.40.1<br/>User Name Executing Command: nsroot<br/>Date & Time: 2017-11-21 |  23:48:07<br/><br/>Command Executed:  set HA node -haStatus ENABLED -haSync DISABLED -haProp ENABLED -helloInterval 200 -deadInterval 3 -failSafe OFF -maxFlips 0 -maxFlipTime 0"<br/>Command Status: Command Successful<br/>

       

      Here's one that's empty (params)

       

      Log from Kiwi for Citrix Application Firewall for Host 192.168.0.1

       

      Source IP  of User: {Empty}

      User Name Executing Command: {Empty}

      Date & Time: 2017-11-21 |  23:53:00

       

       

      Command Executed:  {Empty}

      Command Status: {Empty}

       

      Here's one that has empty params and incorrectly formatted.

      Log from Kiwi for Citrix Application Firewall for Host 192.168.0.1<br/><br/>Source IP  of User: {Empty}<br/>User Name Executing Command: {Empty}<br/>Date & Time: 2017-11-21 |  23:43:43<br/><br/>Command Executed:  {Empty}<br/>Command Status: {Empty}<br/>

       

      At the same time, I am getting these messages in email, I am looking at the syslog display to verify they show up correctly there and they do.

       

      Suggestions?

        • Re: Blank Emails and incorrectly formatted emails
          bkyle

          Jay,

           

           

          If you try to relay mail from the Kiwi Syslog server, do you have any issues?

          • Re: Blank Emails and incorrectly formatted emails
            rschroeder

            Rather than solely relying on Thwack, I recommend opening a Support Ticket with Solarwinds Support, placing the appropriate level of priority.  Typically SW Support gets to cases without "site down" status within two or three days, and often resolves the issue within two weeks.

             

            I've been running Kiwi Syslog for a long time, but have not seen this particular problem, hence my suggestion to contact Support.  Information that might be useful to include pertains to the source of the syslog messages:

            • Do the correctly-formatted messages come from the same host that partakes in the incorrectly-formatted messages?
              • If so, you may have a Kiwi bug
              • If not, verify the sending conditions from each of the servers are identical.  Each one should be fully resolvable in DNS, use the same kinds of credentials and authentications, and use identical formats for sending to Kiwi.
            • Do all of the messages (properly formatted and improperly formatted) trigger the same Kiwi Syslog rule?
            • Do they all use the same parameters for source & destination?

             

            I think your task is to identify what's different or unique about the improperly formatted messages.  The devices and conditions that trigger them, DNS resolution, authentication, etc. Once you've found what different about the conditions that cause the problem messages, you may be able to correct the issue.  Could it be something within you mail server solution, or something unusual about the syslog message coming to Kiwi?

             

            Do you include servers and Kiwi and DNS and security in your Change Management Solution?  If so, and if you can identify the date this problem began, you may be able to correlate scheduled changes with the date of the first occurrence of the problem.  Then you may have a path to follow through Change Management to discover the smoking gun.

            1 of 1 people found this helpful