KIWI Syslog configuration

Recommended for you: Get network issues from WhatsUp Gold. Not end users.

Log server Kiwi+Syslogd+8.3.7 crack version

The Window collection server log evtsys_exe_32

By default, kiwi uses UDP port 514 to receive the log data, the log can be received after successful installation

Use the command netstat - ano server listening state, if the service is not up, then restart the service Kiwi Syslog Daemon

Task: to the log was stored in G:\event, history log was stored in G:\eventold, automatically delete 1 a month before the log record

The first step: the new rules of CiscoRouter

1 new Filters IP: collected from the 192.168.0.1 log

image

2 new Action Display01: the collected data displayed on the first screen software(00-09)

image

3 new Action Log to file: set the log path to save G:\event

image

If you enable Enable Log File Rotaion, set the Maximum log file 1 Day (s) every day to save a day of the log, and naming format for Cisco.txt.001, Cisco.txt.002, and so on keeping a log
Here we do not set

The second step: settings are saved every log, delete 1 months ago the old log plan

1 new schemes of Save File, set the frequency of once a day, the other default

image

The source path G:\event set the backup log

image

Destination

Every day the source path move the file to the target folder G:\eventold, and built to date named folder, so the source path just save the log book

image

image

Archive Options

You can move the file compression settings, or to trigger the running of a program, here we do not set

Archive Notifications

If the software email option sets the mail account, but also through the setting, the daily report sent to the specified mailbox

2 new schemes of Clean Up

Source need to delete a month before the log file G:\eventold

image

 

Cisco Logging configuration

logging on
logging host 192.168.0.x
Logging facility local7 will record the event type is defined as local7
Logging trap warning will record the definition of event severity level warningl from the start, all the way to the emergency level events are recorded in the specified syslog server
Logging source-interface loopback0 the specified event recording a transmission source address for the loopback0 IP address
When service timestamps log datetime send event recording contains time marker
This configuration

Window Logging configuration

After decompression is the two files evtsys.dll and evtsys.exe, the two files are copied to the c:\windows\system32 directory. (64 bit system(c:\windows\SysWOW64\)

Open a Windows command prompt (start > run enter CMD)

C:\>evtsys –i –h 192.168.0.2

-i said the installation into the system service     -h the specified log server IP address

Open the Group Policy Editor (windows -> run enter gpedit.msc), set in the windows security settings > > local policy > audit strategy, open you need to record the windows log. Real time evtsys will judge whether the new windows log, then the new generated log into syslogd recognizable format, through the UDP port 3072 is sent to the syslogd server.

Uninstall: 1. net stop evtsys  2. evtsys –u

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download

Posted by Brent at December 22, 2013 - 4:18 AM