Quantcast
Channel: THWACK: Message List - Kiwi Syslog
Viewing all 2141 articles
Browse latest View live

Additional MIB files support

January 18, 2018, 9:47 am
$
0
0

We have a custom made device that is sending SNMP traps. The vendor has created several MIB files to translate OID values, unfortunately the MIB files cannot be provided to Solarwinds to create a new MIB database file.

 

Does anyone know if it is possible to add additional MIB files to the MIB database file without Solarwinds assistants?

If the above is not support, can anyone recommend an alternative on how OID values can be translated? Or how OID values and exported from a MIB file?

 

Many Thanks

 

Adam

Search

Re: Additional MIB files support

January 18, 2018, 1:21 pm
$
0
0

MIB files are compiled by our development team.  Is there a reason that you are needing to translate the OID values?

Custom script to append an ID number to syslog event?

January 18, 2018, 8:13 pm
$
0
0

I am new to Kiwi syslog and don't know much about using Jscript.  I'm reading that I need to create a script if I want a custom field added to my custom file format.  I wanted to do a simple task of appending a specific ID number at the end of each event that is written to the syslog file.  There is a repository that I send my syslog files to but the parser for that system needs the specific ID for my system to be at the end of each event message within the file.  This is not the correct syntax but I want to do something like the following for example:

 

original message would look like = 2018-Jan-4 19:37:17 host IP 10.1.1.1 event message

modified message would look like = 2018-Jan-4 19:37:17 host IP 10.1.1.1 event message SystemID:12345678987654321

 

Function Main()
    'Text to append to raw message
    appendID = "SystemID:12345678987654321"

    'get the raw message
    modifiedRawMessage = Fields.VarRawMessageText
  
    'Append text to message
    modifiedRawMessage = Append(modifiedRawMessage, appendID)

    'Overload message text with modified one.
    Fields.VarRawMessageText = modifiedRawMessage

    'Return success
    Main = "OK"
End Function

 

 

Can someone help me with getting the syntax correct?

 

Thank you in advance.

Re: Additional MIB files support

January 19, 2018, 12:46 am
$
0
0

The SNMP traps that are captured by Kiwi Syslog Server are not user friendly and just consist of several OID values. The easiest way to translate these OID values is with the device MIB files. However if I cannot add these MIB files to the MIB database without Solarwinds assistance, I need to find another way to translate the OID values into user friendly messages instead. An alternative was to use a VBscript to take the SNMP trap, look for certain OID values and change them manually: e.g.

 

Function Main()

' Replace OID values with readable values within the message text field

Field.VarCleanMessageText = Replace(Field.VarCleanMessageTest, "1.3.6.1.4.1.2345.1.1.0.6", "Client Address")

Field.VarCleanMessageText = Replace(Field.VarCleanMessageTest, "1.3.6.1.4.1.2345.1.1.0.10", "Client Port")

Field.VarCleanMessageText = Replace(Field.VarCleanMessageTest, "1.3.6.1.4.1.2345.1.1.0.11", "Event Source")

Field.VarCleanMessageText = Replace(Field.VarCleanMessageTest, "1.3.6.1.4.1.2345.1.1.0.21", "Event Timestamp")

' Return OK to tell syslog that the script ran correctly.

Main = "OK"

 

End Function

 

However to manually translate the OID values from the MIB files is a task in itself and to be honest I don't really understanding how to read a MIB file in the first place. I wondered if there was a tool to extract all the OID values and their readable values?

Re: Custom script to append an ID number to syslog event?

January 19, 2018, 9:04 am
$
0
0

You need two small changes(assuming this is VBscript).  The first is to add a space at the beginning of your AppendId string:

 

appendID = " SystemID:12345678987654321"

 

This will get the formatting you showed in the example.

 

The second change is how you concatenate the strings:

 

modifiedRawMessage = modifiedRawMessage& appendID

Is there any limitation of usage for the Free Version

January 21, 2018, 9:07 pm
$
0
0

Currently we're using the free version only to get logs from one device (firewall). Since we're a company, is it ok to just use the Free Version for as long as we need it for that one device, or do we actually have to buy the commercial license? Is there any term of usage that describes this?

More Displays?

January 22, 2018, 9:13 am
$
0
0

Is it possible using Kiwi Syslog Service Manager for syslog to use more than the defaulted 24/25 display screens?

Re: Is there any limitation of usage for the Free Version

January 22, 2018, 10:10 am
Search

Re: More Displays?

January 22, 2018, 10:25 am

Re: Is there any limitation of usage for the Free Version

January 22, 2018, 6:28 pm
$
0
0

So basically as long as we use only up to 5 devices, then we can use the free version forever, even though it's for company use?

Kiwi Syslog Web Access - set filters for last 24-hours, 48-hours, or 7 days

January 30, 2018, 9:14 am
$
0
0

I was just wondering if there is a way to set filters for last 24-hours, 48-hours, or 7 days etc in the syslog web access?

Solarwinds event log forwarder for windows - tracking failed logins in AD failing

January 31, 2018, 6:24 am
$
0
0

Trying to send failed login attempts to the syslog and getting error as follows XXXXXXX.domain.gov.uk MSWinEventLog 2 Security 128 Tue Jan 30 16:32:42 2018 4771 Microsoft-Windows-Security-Auditing N/A Audit Failure XXXXXX.domain.gov.uk 14339 The description for Event ID 4771 from source Microsoft-Windows-Security-Auditing cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.If the event originated on another computer, the display information had to be saved with the event.The following information was included with the event: 4258. FormatMessage failed with error 1815, The specified resource language ID cannot be found in the image file. Using Version 1.2.0.114 on server Windows 2012 R2 Datacenter

 

completed the hack to actually get the failed logins  <string>0x10000000000000</string>

 

Can anyone solve this - using SolarWinds-LogForwarder-FreeTool-v1.2.0

Re: Kiwi Syslog Server limitations

February 13, 2018, 3:16 pm
$
0
0

Only the free version limits the number of device that can send to Kiwi Syslog Server.

Re: Kiwi Log Viewer Registration not saving

February 23, 2018, 3:56 am
$
0
0

my company is bought log forwarder 2.1.0 but i try that make registration i receive error like below. i tryed with your guide but nothing

 

sorry, the registration details are incorrect. please copy the registration details from your e-mail and try again. if problem persist, please contact sales@kiwisyslog.com

 

what i can to do?

log forwarder error

February 23, 2018, 6:15 am
$
0
0

i installed log forwarder 2.1.0 on my windows server 2008. i set my kiwi syslog server, i configured subscription for sending system logs from my server. when i click to test button, the test is ok, but in event viewer i receive in log solariwinds.net i receive message

 

Unable to setup Windows Event Log subscribers. Subscribe failed with error 15001, The specified query is invalid.

 

also, my kiwisyslogserver does not receives messages. where is problem

Search

Re: Kiwi Log Viewer Registration not saving

February 23, 2018, 8:50 am
$
0
0

How are you adding the license details?   Are you copying it to the clipboard, and then applying the license from clipboard?

Re: log forwarder error

February 23, 2018, 8:53 am
$
0
0

Can you post a screenshot of your subscription?

Re: log forwarder error

February 23, 2018, 10:23 am
$
0
0

the screenshoot of my log forwarder is below

i tryed with domain admins acount in  users field but nothing

Re: Kiwi Log Viewer Registration not saving

February 23, 2018, 12:18 pm
$
0
0

I tryed with copyng to clipboard and i tryed with manual method but everytime i receive error like above.

Re: log forwarder error

February 23, 2018, 1:24 pm
$
0
0

As a test, try selecting only Error, and click Next.

Viewing all 2141 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>