Also, there are some good example scripts provided by application in C:\program files(x86)\Syslogd\Scripts. They should have enough info to get you started on most scripting tasks.
↧
Re: Parsing Kiwi Syslog Data
↧
Re: Kiwi Syslog Server - Mail error: Server certificate failed
Are you able to relay mail from the Kiwi Syslog server using the exact same information?
↧
↧
Re: Parsing Kiwi Syslog Data
Hello kstone,
Thank you for the quick response.
I used the test script that comes with Kiwi that flips dog and cat using the Fields.VarCleanMessageText variable and that works.
I see that in your script that you reference two environment variables Fields.VarCleanMessageText which would populate anything using CleanMsg and arrsplits which would populate anything with split(CleanMsg, ",")
Function Main()
CleanMsg = Fields.VarCleanMessageText
arrSplits = split(CleanMsg, ",")
Fields.VarCleanMessageText = arrsplits(2) & VbCrLf & arrSplits(7) & VbCrLf & arrSplits(8) & VbCrLf & arrSplits(12)
Main = "OK"
End Function
x=o
wscript.echo "arrSplits(" & x & "): " & item & VbCrLf
x=x+1
next
If I run a test it says Unexpected Next on line 23. If I could get this to work with some data, I could probably reverse engineer the script to gather the data I need.
↧
Re: Kiwi Syslog Server - Mail error: Server certificate failed
Not 100% sure I understood your question but I will say that if I pull up Outlook, I can access email normally.
↧
Re: Parsing Kiwi Syslog Data
That actually won't work correctly as a Kiwi script if you put the wscript.echo in it. I have that in my script as a section to write a debug file, I changed it to an echo statement to simplify it for you but Kiwi won't show that output.
All you need is this:
Function Main()
CleanMsg = Fields.VarCleanMessageText
arrSplits = split(CleanMsg, ",")
Fields.VarCleanMessageText = arrsplits(2) & VbCrLf & arrSplits(7) & VbCrLf & arrSplits(8) & VbCrLf & arrSplits(12)
Main = "OK"
End Function
↧
↧
Re: Parsing Kiwi Syslog Data
That worked out Great!!
Thank you for taking the time to help me with this!!
-Mike
↧
List of Devices
I have scanned the forums and I haven't stumbled upon any information regarding my question.
Is there a way to determine which devices are sending logs to the Kiwi Syslog Server?
Our maintenance ended already and I was assigned to this task of assessing our syslog server. I am trying to get information on how long the logs were retained and what devices are sending those. I have explored both the web access and server console to no avail.
Appreciate the help.
↧
Re: List of Devices
I create a rule to log by hostname. Add an action to 'Log to File' add your file path and then use the 'Insert Autosplit value' link to select the Hostname variable. You can also do this manually by adding %Hostname to your file name or path.
If you want to keep the log entries set a suitable log rotation. To just see the last time a host checked in set the total number of files to 1 and the max log file size to 2 or 3k. That will only keep a few log entries before rotating and you will always have one file per host with the latest update time.
↧
Re: List of Devices
Thanks for the help, I tried this and it works. However, there seems to be no details of which devices are sending. I saw two server hostnames and IP addresses on the diagnostic logs. However, I'm not sure if these are the devices configured to send logs to Kiwi as I am fairly new to this system.
↧
↧
Strip OIDs / sysUpTime from trap message sent from Kiwi to Orion NPM
Hi everyone,
We're using Kiwi Syslog Server to forward syslog events as traps to Orion NPM.
The syslog events are generated by a Powershell script which parses a log file and sends each matching row as an individual SNMP trap to Orion.
Is it possible to strip all of the OID information from the alert message?
The script we're using is this one: Send syslog using PowerShell
I appreciate any help or pointers
Thanks in advance!
↧
Re: Strip OIDs / sysUpTime from trap message sent from Kiwi to Orion NPM
Hi again,
The solution was so simple that I can't even understand why I didn't try it first
I just forwarded the syslogs to another host (Orion NPM). That way we got rid of the unwanted information.
Kind regards,
Erik
↧
The list of Windows Update that conflicts with Kiwi Syslog Server
Hi,
I use Kiwi Syslog Server on Windows Server 2016.
I got an error on Kiwi Syslog Server due to conflict with Windows Update several times.
1) Performed on April 26, 2017
*Environment
- Windows Server 2016
- Kiwi Syslog Server version 9.5.2
The following patchs were installed by Windows Update successfully.
KB4015217
KB890830
Then KSS is unable to load and presents the following error:
---------------------------
Syslogd
---------------------------
Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid
---------------------------
2) Performed on May 19, 2017
*Environment
- Windows Server 2016
- Kiwi Syslog Server version 9.6.1
The following patchs were installed by Windows Update successfully.
KB3150513
KB4019472
KB890830
KB4013418
Then KSS is unable to load and presents the following error:
---------------------------
Syslogd
---------------------------
Component 'XceedZip.dll' or one of its dependencies not correctly registered: a file is missing or invalid.
---------------------------
[Resolution]
Both cases, I uninstalled and re-installed Kiwi Syslog Server.
Please refer:
3) Performed on June 21, 2017
*Environment
- Windows Server 2016
- Kiwi Syslog Server version 9.6.1
The following patchs were installed by Windows Update successfully.
(KB3186568)
(KB4023834)
(KB4022715)
(KB890830)
(KB3150513)
Then KSS is unable to load and presents the following error:
---------------------------
Syslogd
---------------------------
Component 'XceedZip.dll' or one of its dependencies not correctly registered: a file is missing or invalid.
---------------------------
[Resolution]
I uninstalled and re-installed Kiwi Syslog Server.
==================================
4) Performed on April 3, 2018
*Environment
- Windows Server 2016
- Kiwi Syslog Server version 9.6.3
The following patchs were installed by Windows Update successfully.
KB4089510
Then KSS is unable to load and presents the following error:
---------------------------
Syslogd
---------------------------
Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid
---------------------------
[Resolution]
I uninstalled and re-installed Kiwi Syslog Server.
==================================
==================================
5) Performed on June 29, 2018
*Environment
- Windows Server 2016
- Kiwi Syslog Server version 9.6.3
The following patchs were installed by Windows Update successfully.
KB4284833
2018-06 x64 ベース システム用 Windows Server 2016 の累積更新プログラム (KB4284833)
Then KSS is unable to load and presents the following error:
---------------------------
Syslogd
---------------------------
Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid
---------------------------
[Resolution]
I uninstalled and re-installed Kiwi Syslog Server.
==================================
メッセージ編集者: JTC Osaka After Windows Update(2018-June), KSS can not start again.
=========================================================
6)
Performed on Nov 22, 2018
*Environment
- Windows Server 2016
- Kiwi Syslog Server version 9.6.3
The following patchs were installed by Windows Update successfully.
--------------------------
2018-11 x64 ベース システム用 Windows Server 2016 更新プログラム (KB4465659)
2018-11 x64 ベース システム用 Windows Server 2016 の累積更新プログラム (KB4467691)
悪意のあるソフトウェアの削除ツール x64 - 2018 年 11 月 (KB890830)
--------------------------
Then KSS is unable to load and presents the following error:
---------------------------
Syslogd
---------------------------
Component 'KiwiSocket.ocx' or one of its dependencies not correctly registered: a file is missing or invalid
---------------------------
[Resolution]
I uninstalled and re-installed Kiwi Syslog Server.
メッセージ編集者: JTC Osaka 2018/11/29 15:31
==================================================================
7)
Performed on March 4, 2019
*Environment
- Windows Server 2012 R2
- Kiwi Syslog Server version 9.6.6.1
The following patchs were installed by Windows Update successfully.
--------------------------
- 2019-02 x64 用 Windows 8.1 および Server 2012 R2 の .NET Framework 3.5、4.5.2、4.6、4.6.1、4.6.2、4.7、4.7.1、4.7.2 用セキュリティおよび品質ロールアップ (KB4487080)
- 2019-02 x64 ベース システム用 Windows Server 2012 R2 向けセキュリティ マンスリー品質ロールアップ (KB4487000)
- 悪意のあるソフトウェアの削除ツール x64 - 2019 年 2 月 (KB890830)
--------------------------
Then KSS is unable to load and presents the following error:
---------------------------
Syslogd
---------------------------
Component 'ipdaem160.ocx' or one of its dependencies not correctly registered: a file is missing or invalid
---------------------------
[Resolution]
I uninstalled and re-installed Kiwi Syslog Server.
メッセージ編集者: JTC Osaka 2019/03/04 10:44
↧
Kiwi Syslog server would not start
I installed the free version of the Kiwi Syslog server (version 9.6) on Windows server 2016, and it would not start - please note that I do not have internet access on this Windows server.
↧
↧
Re: Kiwi Syslog server would not start
Are there any errors in the error log? C:\program files (x86)\SyslogD\errorlog.txt
That may provide some idea of what is happening.
↧
Re: Kiwi Syslog server would not start
Hello there,
Here is the content of the C:\program files (x86)\SyslogD\errorlog.txt:
2019-03-05 13:01:04 *** INTERNAL PROGRAM ERROR - Please contact http://www.kiwisyslog.com/support/ ***
2019-03-05 13:01:04 Service Version =9.6.6.1 | Error Number: -2147467259 | Description: The requested address is not valid in its context | Module Name: Syslogd.frm | Procedure Name: InitialiseSockets | Line Number: 150 | Date and time: 3/5/2019 1:01:04 PM
2019-03-05 13:01:14 *** INTERNAL PROGRAM ERROR - Please contact http://www.kiwisyslog.com/support/ ***
2019-03-05 13:01:14 Service Version =9.6.6.1 | Error Number: -2147467259 | Description: The requested address is not valid in its context | Module Name: Syslogd.frm | Procedure Name: InitialiseSockets | Line Number: 150 | Date and time: 3/5/2019 1:01:14 PM
2019-03-05 13:01:26 *** INTERNAL PROGRAM ERROR - Please contact http://www.kiwisyslog.com/support/ ***
2019-03-05 13:01:26 Service Version =9.6.6.1 | Error Number: -2147467259 | Description: The requested address is not valid in its context | Module Name: Syslogd.frm | Procedure Name: InitialiseSockets | Line Number: 150 | Date and time: 3/5/2019 1:01:26 PM
As I mentioned, the server is not connected to the internet...
Thanks again,
George
↧
Re: Kiwi Syslog server would not start
What is the volume of syslogs that you are receiving?
↧
Kiwi Syslog Service Manager could not receive log from Solarwinds Log Forwarder
Server OS: Windows server 2016
Client OS: Windows 10 pro build 1511
Kiwi syslog service manager: Licensed 9.6
Kiwi syslog message generator: v2.2
Solarwinds event log forwarder: v1.2
Firewall status: both server and client are off.
I'm trying to use Solarwinds event log forwarder to forward client's event logs to server's syslog manager through TCP, but nothing shows up (Ports and IP address are done correctly). Activating license was my last resort, but result doesn't change.
I then tried using Kiwi syslog message generator, message finally received by syslog manager but after every one message was sent, TCP connection is constantly being cut off. Tried sending messages using UDP too, turns out UDP does nothing at all, no message no nothing (Again, ports are fine). Tried this method Kiwi Syslog Server service is halting regularly - SolarWinds Worldwide, LLC. Help and Support , doesn't work. Tried reinstalling syslog manager, no luck.
I tried to install Splunk on the server pc, and I managed to connect successfully with client's pc through TCP, which means there were no issues with the ports and connection.
Any help would be appreciated!
↧
↧
Re: Kiwi Syslog Service Manager could not receive log from Solarwinds Log Forwarder
Hi zhenle1994
Did you restart KSS service?
Please see my case:
https://thwack.solarwinds.com/message/355363#355363
Workaround for my case: To use UDP protocol.
↧
Re: Kiwi Syslog Service Manager could not receive log from Solarwinds Log Forwarder
Hi,
By KSS you mean Kiwi Syslog service? Yes, I do this all the time. UDP does not work at all, even using Kiwi Syslog message generator, whereas TCP works.
Update: I just downloaded the latest version which is Kiwi Syslog 9.6.7, TCP messages sent from Kiwi message generator does not being cut off anymore, but still could not receive log from client pc.
↧
Cannot login to web console after upgrade to 9.6.7
I just did a migration from Kiwi Syslog 9.6.1 to the latest 9.6.7. Now I cannot login to the web console at all, with any account. The error I receive is:
Exception of type 'System.Web.HttpUnhandledException' was thrown.
Status Code: 500
System.Web.HttpUnhandledException: Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.NullReferenceException: Object reference not set to an instance of an object.
at _Event.Page_Load(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
--- End of inner exception stack trace ---
at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.events_aspx.ProcessRequest(HttpContext context)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Resource: http://localhost:8088/Events.aspx
Referrer: http://localhost:8088/Gateway.aspx?ReturnUrl=/Events.aspx
I attempted a reinstall of 9.6.7. I also rebooted the server.
I am dead in the water, so to speak and need to get back in to run audit reports. Any help would be incredibly appreciated.
↧