I have been having the same issue with syslog server on server 2012 R2 since last week. I have been trying to install v9.5.2 (as RC 9.6 wasn't out yet) and the install would get to the point of starting the syslog server service only to fail every time. It kept telling me to install the service using a member of the administrators group. I installed it using the Local System account. The manger.exe and service.exe files were on the machine but the service would never start. After reading your post, I went into EMET and added those two .exe applications for exceptions. I disabled all mitigations for the two and then re-ran the installer for syslog. Everything installed fine and the service started up allowing me to open the manager. I will have to mess with the mitigations to see if there is a specific one that will allow the service to run. Try this out and see if it allows you to install kiwi.
↧
Re: Kiwi Syslog 9.5 Release Candidate is now Available!
↧
Re: Kiwi Syslog 9.5 Release Candidate is now Available!
I just installed the RC yesterday. The only problem I have and I have already submitted a ticket on it, is the Hostnames are showing up as 0.0.0.0 instead of the actual hostname or IP address. In case SolarWinds needs to know, theCase # 1118924.
↧
↧
Re: Kiwi Syslog 9.5 Release Candidate is now Available!
I have it installed on 2012 R2 with no issues. Services start fine. I had to make sure that I installed it as an Administrator, and that I check the properties of the install file to make sure it was not blocked.
↧
Re: Kiwi Syslog 9.5 Release Candidate is now Available!
Engineering team is aware of this "0.0.0.0" issue. KSS 9.6 RTM will have it fixed.
↧
Re: Kiwi Syslog 9.5 Release Candidate is now Available!
Do you have a date when the RTM will be available?
↧
↧
Re: Kiwi Syslog 9.5 Release Candidate is now Available!
Kurt, we don't provide release dates for RTM or GA for any products. We should have a fix out shortly for you. I'll notify you when we do.
Jeff
↧
Re: Kiwi Syslog 9.5 Release Candidate is now Available!
ok. Thank you.
↧
Re: Kiwi Syslog 9.5 Release Candidate is now Available!
Keep us posted on how it goes!
↧
Re: Kiwi Syslog 9.5 Release Candidate is now Available!
↧
↧
Re: Kiwi Syslog 9.5 Release Candidate is now Available!
We are talking about the Kiwi Syslog 9.6 RC. This thread was originally about the 9.5 release, but a comment was posted to it.
↧
Kiwi to forward the original server name
We are filtering incoming messages in our Kiwi server to catch specific error conditions, successfully wrote a filter to meet our needs, wrote a trap to forward the message to our Orion server, but we want to have the original ip address (preferably the server name) in the message forwarded to the Orion server, not the ip address of the Kiwi server. In the trap the "Forward SNMP Trap without changing" and "Retain original source address of the SNMP Trap" are set. Are their any other Kiwi settings or actions that can be done to get the originating server address forwarded to the Orion server, not the address of the Kiwi server?
↧
messages overflowed and oversize message
Recently I was poking around in setup on Kiwi Syslog and noticed a couple of alerts that were not turned on. We have had Syslog for many years and I had left them off because it was a default setting. So now they are on and we are getting alerts about "# messages overflowed the message queue this hour."
I have several questions:
1. If messages are overflowing, are they lost? In other words, these are messages that will not show up in the logs?
2. I found information on how to increase the buffer size at this link: Kiwi Syslog Daemon. It refers to changing a registry key. But, I can't find the registry key to edit. Any ideas on how to get the reg keys in there or why I don't have them?
3. In the statistics in the alert, there are counts of Errors - Oversize message. Could this be causing the messages to overflow? Is there a quick and easy way to figure out which device is sending the oversize messages?
4. Is this why it is turned off by default? I'm half joking here about all of my questions.
Thanks,
castlemve
↧
Re: Kiwi Syslog 9.5 Release Candidate is now Available!
kurtrh - RC2 is now in the portal with a fix for your issue.
↧
↧
Re: Kiwi Syslog 9.5 Release Candidate is now Available!
Thank you. Just got done installing it and everything looks fine now.
↧
Re: messages overflowed and oversize message
If the messages overflow the buffer they are never processed by the syslog engine and are lost.
For the buffer registry entry make sure you are looking in the correct part of the registry. Kiwi syslog is a 32bit app and runs in WOW. The help file includes info on this. If the key does not exist you can add it.
OVersize messages are just messages that are larger than the maximum message length set in 'Modifiers'. I believe the default is 1024 characters. We set ours to 8192. This would not be causing the overflows, that is simply too many messages for the server to handle. Increasing the buffer size will help but only to lessen the impact of a short spike. If the messages are coming in faster than the server can process them the larger buffer will also eventually fill and drop messages. Larger buffers also impact the time that a message is processed. When our buffer(750000) is full we are processing messages that are 20-25 minutes old.
There is not a default way to determine the hosts sending oversize messages. I'm guessing it could be scripted but haven't looked at it. With the max size set to 8192 we rarely see oversize messages.
I think the alerting for the message queue is important but probably not something the majority of the Kiwi customers would need. By the time you have overflows your server is over capacity and you've dropped messages. The max message count alert is a better indicator of impending issues.
↧
Event log forwarder not forwarding log messsages when login to a domain account.
Hi,
First I am new here.
Currently, I am having an issue where I login as a domain user from my windows PC no logs were forwarded to my syslog server. I did a test log and it works correctly, but only when I login as a local user from my computer.
Overall, when i login as a local user it forwards log messages according to the subscription and preview functionality. When i tried login as a domain user, it do not work?
I would be appreciated if you would assist me with this issue.
↧
Re: Event log forwarder not forwarding log messsages when login to a domain account.
I have the same issue with the event log forwarder, I have it running on w2k8r2 and w2k12r2 servers.
↧
↧
syslog server service will not stay running
I had this the syslog server on a 2003 box - moved to 2012 R2 and the service will not stay running - anyone have any ideas or have run into this issue?
↧
Re: Event log forwarder not forwarding log messsages when login to a domain account.
Have you checked to see if the service is running? In my case I manually start it and it stops on it's own I'm going open a case to see if support will help with my issue, but I won't hold by breath because it's a free product
↧
SolarWinds LogForwarder 1.2 NOT WORKING
I have installed the kiwi syslog server 9.5 and I am using the SolarWinds LogForwarder 1.2 on all the other servers and endpoints to send the logs to the kiwi syslog server.
I noticed that I am not receiving any logs from the servers only network devices (switches, routers, etc.) I checked to see if the Log Forwarder for Windows is running, and I noticed that it was not. I manually started the service, and then sometime after that the service stopped. I checked the event viewer application log and saw the following each in a separate entry
- Service started successfully.
- Server Initialization Failed. See previous event messages for reason.
- SolarWinds Event Log Forwarder for Windows; Service Stopped.
I have the SolarWinds LogForwarder 1.2 installed on w2k8r2 and w2k12r2 servers. I opened the log forwarder service log and I saw this
1/26/2017 4:57:57 PM - SolarWinds Event Log Forwarder for Windows; Service Started.
1/26/2017 4:58:58 PM - Configuration File Reloaded at 1/26/2017 4:58:58 PM
1/26/2017 5:30:10 PM - Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
1/26/2017 5:30:10 PM - Configuration File Reloaded Failed at 1/26/2017 5:30:10 PM
1/26/2017 9:24:23 PM - Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
1/26/2017 9:24:23 PM - Configuration File Reloaded Failed at 1/26/2017 9:24:23 PM
1/26/2017 9:27:29 PM - Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
1/26/2017 9:27:29 PM - Configuration File Reloaded Failed at 1/26/2017 9:27:29 PM
1/26/2017 9:27:33 PM - Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
1/26/2017 9:27:33 PM - Configuration File Reloaded Failed at 1/26/2017 9:27:33 PM
1/26/2017 9:27:41 PM - Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.
1/26/2017 9:27:41 PM - Configuration File Reloaded Failed at 1/26/2017 9:27:41 PM
Can anyone help?
↧