Solarwinds Kiwi Syslog Server

Kiwi Syslog Server is a Syslog server that is built by Solarwinds. There are 2 tiers of licenses available.  In order to export, you need to have a current trial or licensed version of Kiwi Syslog.

Documentation for Kiwi Syslog

• All Kiwi Syslog Server Documentation:

https://documentation.solarwinds.com/en/success_center/kss/content/kss_documentation.htm

• Administrator Guide

https://documentation.solarwinds.com/en/success_center/kss/content/kss_administrator_guide.htm

There are 2 ways to export logs from Kiwi Syslog:

• Method 1: Copy log files directly from the logs directory

  • Quicker, but not as straightforward as log file names vary based on configuration
  • Relatively easy

• Method 2: Create an export filter in Kiwi Syslog Web Access

  • More steps involved, but allows finer grain selection of logs
  • Much slower

Permission requirements for accessing logs

To access Kiwi Syslog Server logs, you need to have the following:

• Administrator access on the Kiwi Syslog Server

• Correct license for Kiwi Syslog Server

• • A licensed version of Kiwi Syslog Server
  • https://documentation.solarwinds.com/en/success_center/kss/content/kss_installguide_feature_comparison.htm

• URL for Kiwi Syslog Web Access

  • Credentials (username and password)
  • Note: This used with the export filter method in Kiwi Syslog Web Access
  • Note: Default username during installation is Administrator

Method 1: Copy log files directly from the logs directory

This method enables you to get all logs needed are from Kiwi Syslog directly.

To export logs from Kiwi Syslog:

• Open the Kiwi Syslog

  

• Click on the Setup button to open the Kiwi Syslog Server Setup

  

  • Navigate to Rules...Default (if using the default rule set)...Actions...Log to file.

    • Copy the path from “Example of actual path and file name:” field.

    • In this screenshot, the path would be:
      C:\Program Files (x86)\Syslogd\Logs

      

• Go to Start...Run

  • In the open field enter the following: explorer "

    Example: “explorer C:\Program Files (x86)\Syslogd\Logs”

    

• Copy the last 30 days of syslog messages to a folder. These will be the logs that are shared with Oort.

  • If you have autorotation setup, you will need to copy the files with the dates covering the last 30 days.

    

Method 2: Create an export filter in Kiwi Syslog Web Access

This method allows you to collect logs remotely through a web browser using the Kiwi Syslog Web Access web application.

To start the process, open up a browser and go to the URL of your Kiwi Syslog Web Access server:

• Log in with your credentials

  

• Go to Filters

  

• Click on Add

  

• Click on Add Filter Item

  • Filter Field: Date

  • Predicate: IS

  • Field Operator: Greater than

  • Filter Expression: YYYY-MM-DD

    • Please enter a date that is 30 days back from the day you are pulling your logs

    • Note: you can use the calendar icon on the right to select the date

      

• Optional: Reduce the log export by an additional field like host_name.

  • You can add additional Filter Items to reduce the export scope

  • Enter the host IP addresses you would like to export logs from

  • You can export multiple hosts by adding OR operators between them

  • Note: pay attention to the operator on the far right side

    

• Click Save Filter

• Go to the Events Tab

  • Change Filter to “Export Filter for Logs”
  • Click >| icon to go to the last page of the logs
  • Copy the last page number from the left of the >| icon.

  

• Click on Export to CSV

  

• Select Page Range

  • First page: 1

  • Last page: “last page number” copied from 2 steps back

  • Note: “last page number” should still be on the bottom of the screen

    

• Click Export

  • This export process can take quite some time.
  • Once the Download dialog box shows up from your browser, save the file
  • These are the logs that will be shared with Oort