Documentation forKiwi Syslog Server NG

Troubleshoot Kiwi Syslog Server

If you have configured devices to send messages but Kiwi Syslog Server does not receive them, use the following troubleshooting tips to resolve the problem.

For more information, you can check out the SolarWinds Academy and watch our video Troubleshooting 'Not Receiving Messages'.

Send a test message to Kiwi Syslog Server

The test message can help you determine where to focus your troubleshooting efforts.

From the Kiwi Syslog Service Manager console, select File > Send test message to local host.

If Kiwi Syslog Server does not display the test message

1. Verify that the Syslogd service is running

  1. From the console, select Manage > Show the Syslogd service state.

    The lower-left corner of the console window shows one of the following states: Uninstalled, Running, Stopped, or Not Responding.

  2. If the service is Stopped or Not Responding, select Managed > Start the Syslogd service.

2. Verify that Kiwi Syslog Server is configured to listen for UDP messages on port 514

  1. From the console, select File > Setup.
  2. Under Inputs, click UDP.
  3. Verify that Listen for UPD is selected, and the port is 514.

3. Verify that no other service is using port 514

  1. Open a command prompt and enter:

    netstat -ano

    A list of active ports and the ID of the process that is bound to them is displayed.

  2. Find the UDP port that ends in 514 and note the corresponding process ID.

    In the following example, the process ID is 11344.

  3. Open the Windows Task Manager and click the Process tab.
  4. In the PID column, locate the process ID from the previous step.

    The process associated with this PID should be Syslogd_Service.exe.

  5. If a different process is associated with this PID, right-click the process and select End task.

    The port is now available to Kiwi Syslog Server.

  6. Stop and restart the Kiwi Syslog Server service.
    1. In the Kiwi Syslog Server Manager console, select Manage > Stop the Syslogd service.
    2. Select Manage > Start the Syslogd service.

4. Verify that the rule to log and display messages is enabled and that the correct display is selected

  1. In the Kiwi Syslog Server Setup dialog, verify that the Default rule is selected, and that the Display and Log to file actions are selected.

  2. Click the Display action to view details, and note the Display number.

  3. Verify that the same display number is selected in the Kiwi Syslog Service Manager console.

If Kiwi Syslog Server displays the test message, but not other messages

If Kiwi Syslog Server displays the test message but not messages from external devices, then firewall, connectivity, or configuration issues could be the problem.

1. Send a test message using the free syslog message generator, Kiwi SyslogGen

  1. Go to www.kiwisyslog.com/downloads.aspx and download Kiwi SyslogGen.
  2. Install Kiwi SyslogGen on the device where Kiwi Syslog Server is installed.
  3. Enter the device's IP address as the Target IP address, and send a test message.
  4. If the test message from the local device is successful, install Kiwi SyslogGen on an alternative configured device and send a test message.
    • If you do not receive messages sent from the alternative device:
      • Verify that the firewall is allowing traffic to pass through on the port and protocol selected.
      • If the firewall is allowing traffic, check for an anti-virus program that has traffic-blocking functionality.
      • Add exceptions as needed, and then repeat the test.
    • If you receive messages from Kiwi SyslogGen, continue with the following troubleshooting steps.

2. Verify the device network connectivity with Kiwi Syslog Server

From the sending device, ping the device where Kiwi Syslog Server is installed to verify network connectivity.

3. Check the device configuration

See the device vendor's documentation for details on configuring your device.

Some devices must be rebooted before configuration changes take effect.

4. If the device is sending TCP messages or SNMP traps, verify that Kiwi Syslog Server is configured to listen for that protocol on the designated port

  1. From the console, select File > Setup.
  2. Under Inputs, click the protocol that the device uses.
  3. Verify that Listen is selected, and verify the port number and other options for that protocol.

In addition, verify that no other service is using the required port by following the example, but substituting the appropriate port number and protocol.

5. Verify DNS resolution is working as expected

Ping a host name from the command prompt to verify that the DNS resolution is working as expected.

6. If the device does not include a priority in its messages, verify that Kiwi Syslog Server allows messages with no priority

  1. In the Kiwi Syslog Server Setup dialog, click Modifiers.
  2. Verify that Allow messages with no priority is selected.

    If a message does not include a priority, Kiwi Syslog Server uses the default priority level and facility.

Additional troubleshooting if the problem is not resolved

If the previous troubleshooting tips did not resolve the issue, try the following.

1. Check the Kiwi Syslog Server errorlog.txt for information

This file is located in the installation directory. The default location is: C:\Program Files (x86)\Syslogd\errorlog.txt

If the error log says that Kiwi Syslog Server is unable to bind to a port, stop the service using that port and restart Kiwi Syslog Server.

2. Restart the computer where Kiwi Syslog Server is installed

3. Clear the options in the KSS DNS Resolution settings to resolve IP addresses

  1. In the Kiwi Syslog Server Setup dialog, click DNS Resolution.
  2. Clear both options to resolve IP addresses.

4. Clear the options in KSS E-mail settings to send alarm messages and statistics

  1. In the Kiwi Syslog Server Setup dialog, click E-mail.
  2. Clear Send syslog alarm messages and Send syslog statistics.

5. Reset Kiwi Syslog Server to its default rules and settings

Resetting KSS to the default settings removes any rules that you have added.

  1. In the Kiwi Syslog Server Setup dialog, click Defaults/Import/Export.
  2. Click Load default Rules and settings.
  3. Click Yes to accept the changes.

6. If the problem still exists, open a support ticket.

Support is available to customers with a licensed version of Kiwi Syslog Server who are under active maintenance.