Kiwi Syslog Server: Product Overview & Guided Tour
Articles,  Blog

Kiwi Syslog Server: Product Overview & Guided Tour

Kiwi Syslog Server is an affordable log management tool for IT admins. It lets you collect, filter, alert, forward, and store log messages. Kiwi Syslog Server listens to syslog messages and SNMP traps from network devices such as routers, switches and firewalls, and Linux® and Unix® servers. You can also enable Kiwi Syslog Server to receive Windows® event logs in syslog format for further log management actions such as filtering and alerting. Kiwi Syslog Server can be installed as an application or Windows service. Most users choose to install as a service, this allows Kiwi Syslog to continue processing messages even when the program window is closed or the user is not logged in. The desktop console allows you to monitor syslog messages in real-time. Kiwi Syslog Server listens for messages on UDP port 514, as this is the default port designated for devices sending syslog messages as defined in the RFC standard 5426. Kiwi Syslog can be configured to listen to any other UDP port, and can also listen for syslog messages over TCP, as well as SNMP traps. If sources are sending messages on the same port as specified in Kiwi Syslog Server, messages will automatically appear in the console. Kiwi Syslog Server processes syslog messages through a set of customizable rules based on a combination of filters and actions that you specify. Filter allows you to refine incoming messages by Priority, IP Address, Hostname, Message Text, Time of Day, and Input Source. Action allows you to execute from a set of built-in actions which include displaying log messages on the console, logging to a file or database, forwarding messages to another host, running an external program, sending email messages, syslog messages, or SNMP traps running a script, or logging to Kiwi web access. On the initial launch of Kiwi Syslog Server, there is a default rule that contains no filter, but has two pre-configured actions: Display and Log to File. Since no filter is set, all incoming messages will be displayed on the monitoring console, as well as, logged to a text file. The Log to File action in this default rule is configured to automatically create a daily file with the current date appended to the file name. By default, these files will be saved indefinitely. Later in the video, we’ll show you how to create a custom retention schedule. You can add new filters, modify these actions, or build new rules as desired. Kiwi Syslog Server provides 25 virtual displays which can be renamed for convenience to monitor messages based on custom filter conditions. Kiwi Syslog Server also allows for custom DNS resolution to display the device’s hostname in lieu of the source IP address. Let’s create a new Rule to filter the display messages with the string “Logoff” in the message text. To begin, click on ‘File’, ‘Setup.’ Right-click on ‘Rules’ and select ‘Add Rule.’ Rename it to “Logoff Messages.” Right-click on ‘Filters’ and chose ‘Add Filter.’ Rename it to “Filter Logoff.” Select ‘Message Text’ from the Field menu leaving the filter type as simple. Enter “Logoff”, in quotes in the Include field. Now, let’s create a second filter. Rename it to “Warning Priority” then select ‘Priority’ from the Field menu. Click on the ‘Warn Column’ to highlight Finally, click on the green check to select. Right-click on ‘Actions’ and choose ‘Add Action.’ Rename the action to “Display.” Select ‘Display’ from the action menu, then select ‘Display 01’ from the Display number menu. Add a second action. Rename it as “Email.” Select ‘E-mail message’ from the Action menu. Enter the email recipient, sender, subject and message content. Now click ‘OK.’ This rule will execute the filters and actions in a sequential order. Once the filter conditions are met, the messages will first be displayed on the screen, and then sent as an email message. The log monitoring console also provides the option to view syslog statistics in intuitive charts. Triggering alerts when certain syslog messages are received is one of the most popular features in Kiwi Syslog Server. The advanced filter conditions allow you to set flags, counters and thresholds to trigger alerts. You can specify the number of times a filter condition is met in a given time interval. If, for example, a certain number of login failures occur within 10 minutes, or if a filter condition is not met in a given timeframe such as a scheduled task not completing. Alerting is most commonly done via email. You can customize the email fields including sender ID, recipient ID, email subject and body content. There are a variety of options to enter variables in the email body that can automatically populate the time, date, message content, IP address and/or hostname based on the message received. Kiwi Syslog Server comes with a built-in web access utility allowing you to view, monitor and modify filter settings remotely from any web browser. By simply clicking on any message field, Kiwi Syslog Server will populate all related messages. Let’s select the facility of ‘Cron’, the level of ‘Critical’ and the message text of ‘Failed.’ You can remove any of these by clicking on their respective ‘X.’ You can also save this filter for future use. In addition, filters can be created from scratch on the Filters tab. Simply click ‘Add Filter Item.’ Choose the Filter field, ‘Predicate’ and ‘Field Operator.’ as well as the ‘Filter Expression.’ There are also options for highlighting messages, adjusting message rows per page and user management. Log Forwarder for Windows is a free, optional agent that lets you monitor Windows event logs. This tool converts Windows event logs into syslog format and forwards them to Kiwi Syslog Server. In the Log Forwarder console on the Windows host, you can select the event types you wish to forward to Kiwi Syslog Server, and define the default syslog facility for these events. Go to Syslog Servers and specify the IP address and port number of the Kiwi Syslog server(s). These events will then appear on your Kiwi Syslog Server and be processed through your set of rules. The Log Forwarder agent can be deployed on any number of Windows servers or workstations as required. Kiwi Syslog Server can perform log retention, archival and clean-up actions to help enterprises and Federal agencies meet compliance requirements such as PCI-DSS, HIPAA, SOX and other regulatory standards. The Schedules engine in Kiwi Syslog Server can be used to compress and archive logs, as well as delete logs based on their date or size. Let’s run through the creation of a new archive and clean-up schedule. Let’s say you would like to archive your log files every three months, and delete files older than one year. First you must create an archiving schedule. Go to ‘File’, then ‘Setup.’ Right-click on ‘Schedules’ and choose ‘Add New Schedule.’ Rename the schedule to “Archive.” On the Schedule tab, move the slider to ‘Day.’ On the Source tab, populate the Source Location with the path containing your log files. Under File age, click on ‘At Least’ and set it to ‘3 Months Old.’ On the Destination tab, populate the Destination Location with the path where you want to store archived logs. There are additional options for compressing with password encryption, as well as sending notifications upon task completion. Now, let’s create a second schedule to delete old files. Select ‘Clean-up’ from the Task Type menu. On the Schedule tab, move the slider to ‘Day.’ On the Source tab, populate the Source Location with the same path that was used as the Destination Location in the previous archive schedule that we created. Under File Age, select ‘At Least’ and set to ‘1 Year Old.’ Finally, on the Clean Up Notifications tab, check ‘Send Notification Report by Email’ and populate the recipient field. There are also options for removing empty folders. Simplify syslog management with Kiwi Syslog Server. For more information on Kiwi products, contact [email protected]


Leave a Reply

Your email address will not be published. Required fields are marked *