Re: 'How much traffic can Kiwi Syslog Server handle?'
Hi en zed, One of the advantages of Papertrail is that you can easily filter out "noise" from your log stream and it's not counted against your log ingestion limit. You can see more on how to do that...
View ArticleRe: Discarding Traps in Kiwi
My goal is to have Kiwi discard certain messages based on their content. NPM's Syslog server had a discard option and I'm looking for something similar in Kiwi.Is a complex filter with an Exclude...
View ArticleRe: Some messages show up in Wireshark, but are not captured by Kiwi Syslog
Hi bkyle and HolyGuacamole Windows UAC was already turned off. Windows Firewall was setup to allow Kiwi Syslog Server, but I completely turned it off to try again. The server (Windows 2008 R2) is...
View ArticleRe: Discarding Traps in Kiwi
That is how I recommend excluding (discarding) traffic. Try it and see if that works for you.
View ArticleRe: Some messages show up in Wireshark, but are not captured by Kiwi Syslog
Wireshark see data at the NIC level: where as, Kiwi Syslog sees the data after it has gone the the NIC and been processed by the operating system.
View ArticleRe: Some messages show up in Wireshark, but are not captured by Kiwi Syslog
Thanks bkyle Are there any settings (either in Syslog, or the OS) that I might look at adjusting to help improve this?
View ArticleRe: Some messages show up in Wireshark, but are not captured by Kiwi Syslog
I would see about getting someone to disable your Anti-virus software.
View ArticleClik here to view.
Re: Some messages show up in Wireshark, but are not captured by Kiwi Syslog
You may also want to check your AV logs
View ArticleRe: Discarding Traps in Kiwi
No luck. It appears that the rule changes I make aren't taking effect at all. Is there a known issue or bug possibly?
View ArticleClik here to view.
Forward syslog events to QRadar
I'm trying to forward events from Kiwi Syslog to QRadar SIEM. In Kiwi Syslog setup, I created an Action: Forward to another host; gave it the QRadar appliance's IP as the Destination IP; selected...
View ArticleRe: Forward syslog events to QRadar
Are you trying to forward Windows events or received syslogs?
View ArticleClik here to view.
Re: Forward syslog events to QRadar
I have Windows security events going to Kiwi, and I'm trying to forward those to QRadar via syslog (UDP 514).
View ArticleRe: Any known issues with D-Link DSL-2500U?
Thanks! I downloaded WireShark but haven’t had time to set it up yet. It will involve some fiddling with hardware and stuff so I’ll probably only tackle it on the weekend. But I’ll try the netstat...
View ArticleRe: Automate SolarWinds Event Log Forwarder?
Our team uses SCCM to deploy it. I don't have specifics but I would see it as installing the MSI then copying an existing config file to the install folder and restarting the service. Be aware that if...
View ArticleRe: Event Log Forwarder - Where is the Audit Failure Type?
Same problem here and it isn't fixed in the latest version. Almost a year has passed and still no solution?
View ArticleRe: Event Log Forwarder - Where is the Audit Failure Type?
As a temporary workaround, please manually edit the CFG file (LogForwarderSettings.cfg) and change<keywords><string>Audit Success</string><string>Audit...
View ArticleRe: Adding new rules via .ini file?
BUMP. Still would like an official comment from SolarWinds.
View ArticleRe: Event Log Forwarder - Where is the Audit Failure Type?
Already tried that, but it's no workaround for this problem.The issue remains
View Article