Re: How Do I add a Mac Address Field or Column?
Hi, I'm not sure if i understand the request. The syslog protocol itself doesn't support MAC address info (see e.g. RFC 5424 - The Syslog Protocol). And the software can't figure it out even from...
View ArticleRe: Kiwi Syslog Forwarding
The Test in the "Forward to another host" works great in Test , but i am not getting any syslog thats is sent to the kiwi syslog
View ArticleClik here to view.
Forward to another host ?
Hello, ser I am using kiwi syslog server 9.3.3.I have installed log forwarder and configured it to send log number 528 Security log form event viewer.I am getting the log inside the kiwi syslog server...
View ArticleMessage filter on a source ip in Real time
I am trying to apply a filter on the syslog messages i am receiving from a firewall for any kind of Denied traffic. For this, i am required to apply a counter of 100 to denied messages from a specific...
View ArticleRe: Forward to another host ?
It doesn't seem to work no matter what i change , the syslog test does work and i do get the logs sent to the SIEM System . Do i need to configure anything else inside the kiwi syslog server? thank you
View ArticleRe: Forward to another host ?
The configuration seems fine to me, Just make sure that if you fitering the host addresses at SIEM Qradar side, you have added the fixed source IP address you mentioned in Kiwi.Rest you already...
View ArticleRe: Forward to another host ?
I am not using any filter it set to none. the RFC 3164 doesn't work at all and agian i seem to get only test messages and not the actual logs. When i test the "forward to host" i get this:...
View ArticleClik here to view.
Kiwi Syslog Manager no longer starts
Running Kiwi Syslog 9.1. Can no longer start the Syslog Manager. The actual service is running though and it's collecting data.I have tried stopping/starting the service, and also re-installing the...
View ArticleSyslog Web Access doesn't show data since archive
I archived the log file in the setup of the Kiwi Syslog Service Manager. I went to Schedule and created an archive/zip schedule. After I set it up I clicked run now since I wanted to immediately...
View ArticleRe: Solarwinds Kiwi Syslog
I install in windows server 2003 R2 Ent. Ed. SP2 but is showing Unlicensed Version 9.3 on Top of the screen.Menu and Icons are disabled already. Any suggestion host it will be use as free after 14days...
View ArticleFiltering out certain messages in Kiwi Syslog...
Hello, I am in a situation where I need to filter out a certain string. It is a little complicated however. The string(s) I am trying to filter out usually looks like this: "port D10-High collision or...
View ArticleClik here to view.
Re: Solarwinds Kiwi Syslog
Good morning, same problem here. New server, new installation and the welcome screen or splashscreen at startup says: "Your evaluation is expired"
View ArticleRe: Message filter on a source ip in Real time
Guys, is there any one who has any idea about filtering logs based on a specific string?? (like an IP or username)
View ArticleRe: Filtering out certain messages in Kiwi Syslog...
I believe you can even do it with AND operation like: port D AND -High collision or drop rate. This is the easiest wayThe other is to put the digit check "port D[0-25]-High collision or drop rate." I...
View ArticleHow to detect clients that stop sending Syslog messages to the server
How do you detect specific clients that have not sent syslog messages to the server in a specified amount of time?
View ArticleRe: Filtering out certain messages in Kiwi Syslog...
Thanks for your reply So far I have tried the "port D[1-16]-High collision" and that did not work. The hard part about this is that there is no space between "D[1-16]" and "-High collision"
View ArticleRe: Filtering out certain messages in Kiwi Syslog...
@fmradio516, I apologize for the late response here, but my notifications from SW aren't getting through to me for some reason. Anyway, there are several options here without getting into scripting....
View ArticleRe: How to detect clients that stop sending Syslog messages to the server
Here's what I do: My first rule processes all messages and runs a script to collect some stats. I used this as an example: http://thwack.solarwinds.com/docs/DOC-63853 and then modified it to do a bunch...
View ArticleRe: Message filter on a source ip in Real time
oss, I've got to strip out some specifics, but I have a script that does something similar to what you're looking for. I just get an hourly report on it instead of acting on it, but it's still...
View Article