Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Kiwi Syslog Server > Kiwi Syslog Server Getting Started Guide > Configure devices to send syslog messages > Troubleshoot Kiwi Syslog Server

Troubleshoot Kiwi Syslog Server

Kiwi Syslog Server Getting Started Home

If you have configured devices to send messages but Kiwi Syslog Server does not receive them, use the following troubleshooting tips to resolve the problem.

Send a test message

The test message can help you determine where to focus your troubleshooting efforts.

From the Kiwi Syslog Service Manager console, select File > Send test message to local host.

If Kiwi Syslog Server does not display the test message

File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif

Verify that the Syslogd service is running. From the console:

  1. Select Manage > Show the Syslogd service state.

    The lower-left corner of the console window shows one of the following states: Uninstalled, Running, Stopped, or Not Responding.

  2. If the service is Stopped or Not Responding, select Manage > Start the Syslogd service.
File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif

Verify that Kiwi Syslog Server is configured to listen for UDP messages on port 514.

  1. From the console, select File > Setup.
  2. Under Inputs, click UDP.
  3. Verify that Listen for UPD is selected, and the port is 514.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/gs-troubleshooting-upd-enabled.png

File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif

Verify that no other service is using port 514.

  1. Open a command prompt and enter:

    netstat -ano

    The command prompt displays a list of active ports and the ID of the process that is bound to them.

  2. Find the UDP port that ends in 514 and note the corresponding process ID.

    In the following example, the process ID is 11344.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/gs-process-id.png

  3. Open the Windows Task Manager and click the Process tab.
  4. In the PID column, locate the process ID from the previous step.

    The process associated with this PID should be Syslogd_Service.exe.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/gs-task-manager-pid.png

  5. If a different process is associated with this PID, right-click the process and select End task.

    The port is now available to Kiwi Syslog Server.

  6. Stop and restart the Kiwi Syslog Server service.
    1. In the Kiwi Syslog Server Manager console, select Manage > Stop the Syslogd service.
    2. Select Manage > Start the Syslogd service.

File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif

Verify that the rule to log and display messages is enabled and that the correct display is selected.

  1. In the Kiwi Syslog Server Setup dialog, verify that the Default rule is selected, and that the Display and Log to file actions are selected.

  2. Click the Display action to view details, and note the Display number.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/gs-troubleshooting-display-enabled.png

  3. Verify that the same display number is selected in the Kiwi Syslog Service Manager console.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/gs-troubleshooting-display-number.png

If Kiwi Syslog Server displays the test message, but not other messages

If Kiwi Syslog Server displays the test message but not messages from external devices, then firewall, connectivity, or configuration issues could be the problem.

File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif

Send a test message using the free syslog message generator, Kiwi SyslogGen.

  1. Go to www.kiwisyslog.com/downloads.aspx and download Kiwi SyslogGen.
  2. Install Kiwi SyslogGen on the computer where Kiwi Syslog Server is installed.
  3. Enter the computer's IP address as the Target IP address, and send a test message.

  4. If the test message from the local computer is successful, install Kiwi SyslogGen on a different computer and send a test message.
    • If you do not receive messages sent from a different computer:

      • Verify that the firewall is allowing traffic to pass through on the port and protocol selected.
      • If the firewall is allowing traffic, check for an anti-virus program that has traffic-blocking functionality.

      Add exceptions as needed, and then repeat the test.

    • If you receive messages from Kiwi SyslogGen, continue with the following troubleshooting steps.
File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif From the sending device, ping the computer where Kiwi Syslog Server is installed to verify network connectivity.
File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif

Check the device configuration. (See the vendor's documentation for details.)

  • Verify that the device is syslog-capable.

  • Verify that message logging is enabled.

  • Verify that the device has been configured to send syslog messages to Kiwi Syslog Server.

  • Verify the protocol and port.

Some devices must be rebooted before configuration changes take effect.

File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif

If the device is sending TCP messages or SNMP traps, verify that Kiwi Syslog Server is configured to listen for that protocol on the designated port.

  1. From the console, select File > Setup.
  2. Under Inputs, click the protocol that the device uses.
  3. Verify that Listen is selected, and verify the port number and other options for that protocol.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/gs-troubleshooting-listen-tcp.png

In addition, verify that no other service is using the required port. (Follow the instructions in the previous section, but substitute the appropriate port number and protocol.)

File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif Ping a host name from the command prompt to verify that DNS resolution is working as expected.
File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif

If the device does not include a priority in its messages, verify that Kiwi Syslog Server allows messages with no priority.

  1. In the Kiwi Syslog Server Setup dialog, click Modifiers.
  2. Verify that Allow messages with no priority is selected.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/gs-troubleshooting-no-priority.png

    If a message does not include a priority, Kiwi Syslog Server uses the default priority level and facility.

If the problem still exists

If the previous troubleshooting tips did not resolve the issue, try the following.

File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif

Check the Kiwi Syslog Server error log file, errorlog.txt, for information that could help. This file is located in the installation directory. The default location is:

C:\Program Files (x86)\Syslogd\errorlog.txt

If the error log says that Kiwi Syslog Server is unable to bind to a port, stop the service using that port and restart Kiwi Syslog Server.

File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif Restart the computer on which Kiwi Syslog Server is installed.
File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif

In DNS Resolution settings, clear the options to resolve IP addresses.

  1. In the Kiwi Syslog Server Setup dialog, click DNS Resolution.
  2. Clear both options to resolve IP addresses.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/gs-troubleshooting-resolve-ip-addresses.png

File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif

In E-mail settings, clear the options to send alarm messages and statistics.

  1. In the Kiwi Syslog Server Setup dialog, click E-mail.
  2. Clear Send syslog alarm messages and Send syslog statistics.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/gs-troubleshooting-email-alarm.png

File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif

Reset Kiwi Syslog Server to its default rules and settings. (This removes any rules that you have added.)

  1. In the Kiwi Syslog Server Setup dialog, click Defaults/Import/Export.
  2. Click Load default Rules and settings.
  3. Click Yes to accept the changes.
File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/020/020/checkbox.gif

If the problem still exists, open a support ticket.

Support is available to customers with a licensed version of Kiwi Syslog Server who are under active maintenance.

Last modified
10:56, 28 Feb 2017

Tags

Classifications

Public