Clik here to view.
Re: Can't setup syslog with a Cisco ASA 5505
In Kiwi disable the ASA rule you created and create a rule with no filters and an Action to display. This way the console will display anything being sent to the server. Also, confirm that Windows...
View ArticleRe: Filter ASA messages with regex
I am definitely not a a RegEx expert, but this would be cool to do. Hopefully someone can chime in. Right now I just have my ASA email me when those type of messages are generated
View ArticleRe: Setting up a syslog server help....
Without getting too technical, like bkyle said, you have to know what it is you want to focus on. I have a couple of rules setup for my firewalls. One that simply dumps everything to log files, and...
View ArticleRe: Filter ASA messages with regex
I think I achieved this but I'm not sure. I can't reproduce those messages. This is what I've done 1 rule let's say "Customer A devices"1 filter Including devices by hostname like this "^XYZ"2 filter...
View ArticleClik here to view.
Kiwi Syslog Display Showing Kernel.Error
Dear all, Recently we have deploied a Kiwi Syslog, after a couple of days it starting to show Kernel.Error in the Priority Column. Does anybody faced similar issue, if so, how did you solve it ?
View ArticleClik here to view.
Re: Kiwi Syslog Display Showing Kernel.Error
This is not actually an error with Kiwi Syslog. That is how the syslog is classified. Kernel is the facility. Please see this link: Kiwi Syslog Server Error is the level. Please see this link:...
View ArticleClik here to view.
Where would I find stored filters on server in the event of copying...
Where would I find stored filters on server in the event of copying configurations to another server?
View ArticleRe: Where would I find stored filters on server in the event of copying...
Filters are stored in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SolarWinds\Syslogd\Rules. When you export the settings to an INI file, the filters should be included in that file.
View ArticleRe: Kiwi Syslog 9.5 Release Candidate is now Available!
We've been having problems getting kiwi syslog server to start under windows server 2012 R2. EMET won't allow the service to start. Has anyone gotten this to work under windows server 2012 R2? This...
View ArticleClik here to view.
Re: Kiwi Syslog Console Crashing Constantly After Upgrading 9.5.0 To 9.5.1
That's good Will... I can't even get syslog service to run under Windows 2012 R2... EMET won't allow the service to run... My partner here James T. has a case open on it 999667. I'm going to keep your...
View ArticleRe: Limiting Size of Log file
For the log file size issue you can set size or age limits for any logging action. We set ours to rotate at 250MB .
View ArticleRe: Log variable
I'm not sure how the second batch file is running... is that another action item in the rule? In the script that is setting VarGlobal01 you can add the function Fields.ActionLog to file. In the help...
View ArticleRe: Limiting Size of Log file
Building on what kstone said, if you use log file rotation, we do not recommend using an auto-split values.
View ArticleRe: Kiwi seems to lag behind
at 10k per minute you're at ~600k per hour. That's a healthy amount of messages but well within the capabilities of the Kiwi engine. I'm not sure how you identified that it's 250k messages behind, I...
View ArticleRe: Kiwi seems to lag behind
I would also recommend checking your message buffer size: Kiwi Syslog Server
View ArticleRe: Limiting Size of Log file
Usually with an IP or hostname you should be fine. With something such as %DateISO, when the day changes and you are using a maximum log file age, you can get a small file that is a few bytes.
View ArticleRe: Kiwi seems to lag behind
Thanks for the follow up. We're in the middle of a DDOS attack (off and on for days now) so I'll have to look back into this when I have a bit more time. The attack is why I was trying to get this to...
View ArticleRe: Kiwi seems to lag behind
Sorry to hear that geesh! DDOS could blow up your logs for sure.
View Article