It seems that both Orion SyslogService and NCMSyslogService are running on your server. They are probably fighting to know which one can bind the UDP port 514.
I would recommend you to disable the NCMSyslogService and see if that helps.
In command line type:
net stop SolarWindsNCMSyslogService
sc config SolarWindsNCMSyslogService start= disabled
Yes there is a space between the '=' and 'disabled' ;-).
No luck. It the service just starts/stops immediatly. Here is the entire process recorded by the solarwinds log service:
- Syslog ruleset of 1 rules loaded from database at 3/12/2009 8:19:04 AM
- Solarwinds Syslog Service Started
- Error: Port 514 on IP Address 0.0.0.0 is already open. Change the 'LocalIPAddress' parameter in the configuration file to another IP address or port
- TCP Listening Disabled
- Solarwinds Syslog Service Stopped
Error: Port 514 on IP Address 0.0.0.0 is already open.
Could you check which application is binding the udp port 514?
in command line type:
netstat -abo > netstat_results.txt
review the text file and check which app is listening on the udp port 514.
By default the port number is named syslog.
here is an example of the line you need to check:
UDP hostname:syslog *:* 1664 [SyslogService.exe]
I don't know it's it's changed in newer versions, but all I saw was syslogd_service.exe:
TCP Server:3300 XVMSLR001.ofda.gov:0 LISTENING 1188
UDP Server:1039 *:* 1188
UDP Service:syslog *:* 1188
I see . Kiwi Syslog server is already listening on the udp port 514.
Have a look at this thread to know how to change the port on which is listening the Orion Syslog service and make the appropriate changes in Kiwi to forward the messages to the new port.
So basically I did something stupid. I had installed Kiwi Syslog Service on the SolarWinds server, so it was naturally conflicting. Seems all is well now.