Documentation forKiwi Syslog Server

Use debug logs to troubleshoot in KSS NG

You can use debug logs in Kiwi Syslog Server NG (KSS NG) to troubleshoot issues related to both back end and front end web server work flows. This can include issues with port binding, incoming traffic, execution of rule actions, service errors, state of servers, user sessions and activities, requests, and user-facing errors.

By default, debug logs are logged to C:\ProgramData\SolarWinds\KiwiSyslogService\logs and named by date.

Configure number of logs received with log levels

Before you start using debug logs, you can configure the amount of information that is logged in C:\Program Files (x86)\SolarWinds\Kiwi Syslog Server NG\appsettings.json.

In the .json file, configure the log level in "Default": "Warning" in the following example.

"Serilog": {
    "MinimumLevel": {
      "Default": "Warning",

In this example, only logs that are set to the Warning log level and higher will be logged. If you do not specify MinimumLevel, the default log level is Information. See the log level table below, sorted from least to most critical.

Level Description
Verbose The Verbose level contains the highest volume of information. It is rarely enabled for a production application.
Debug The Debug level is used for internal system events that are not observable, but useful for determining how the event occurred.
Information The Information level uses events that describe what is happening in the system and its relevant responsibilities and functions. These events are observable actions.
Warning The Warning level is used when service is degraded, endangered, or behaving outside its expected parameters.
Error The Error level is used when functionality is unavailable or there is an issue in the system.
Fatal The Fatal level is the most critical level and demands immediate attention.

SolarWinds recommends that you decrease the log level under regular conditions and increase the log level during troubleshooting.

Troubleshoot a specific issue

Review the following steps if you want to troubleshoot a specific issue you are experiencing in KSS NG:

  1. Stop the KSS NG service.
  2. Navigate to C:\ProgramData\SolarWinds\KiwiSyslogService\logs and remove all logs.
  3. Restart KSS NG and repeat the steps needed to reproduce the issue.
  4. Review the new logs and archive them.

Examples of debug logs

See the following examples of debug logs using different log levels.

Information level logs for port binding

2023-05-08 04:06:34.535 -05:00 [INF] EventId: 1011 - Syslog Collector started on TCP Endpoint 0.0.0.0:1468 
2023-05-08 04:06:34.535 -05:00 [INF] EventId: 1011 - Syslog Collector started on IPv6 TCP Endpoint [::]:1468
2023-05-08 04:06:34.535 -05:00 [INF] EventId: 1018 - Syslog Collector started on 0.0.0.0 UDP Port 514
2023-05-08 04:06:34.535 -05:00 [INF] EventId: 1018 - Syslog Collector started on :: IPv6 UDP Port 514
2023-05-08 04:06:34.535 -05:00 [INF] C:\WINDOWS\system32\config\systemprofile\AppData\Local\SolarWinds\KiwiSyslogService\Settings\sw.snmp.encoding.config not found

Information level log for incoming traffic

2023-05-08 04:06:34.535 -05:00 [INF] Syslog message parsed, Src:10.140.191.89,Hostname:10.140.191.89,DateTime:,Discard:False,IsLegacy:True,Severity:1,Facility:4,Level:Alert,Message: This is a test message

Information level logs for actions that have executed

2023-05-08 05:07:34.535 -05:00 [INF] Action 'DisplayBufferActionInfoBL' executed, ActionResult=Changed, Total=1
2023-05-08 05:07:34.536 -05:00 [INF] Action 'BulkInsertActionInfoBL' executed, ActionResult=Changed, Total=2
2023-05-08 05:07:34.537 -05:00 [INF] Action 'LogToFileInfoBL' executed, ActionResult=Changed, Total=3

Information level log for the state of the web server

2023-05-08 05:07:34.535 -05:00 [INF] Now listening on: https://0.0.0.0:5000

Error level log for a service error

2023-05-08 05:07:34.535 -05:00 [ERR] UDP Socket Exception occuring during shutdown. Error: System.Net.Sockets.Exception (10004)

Information level logs for user sessions and activities

2023-05-08 05:07:34.535 -05:00 [INF] ("ClientID":"webapp","AuthenticationMethod":"SharedSecret","Category":"Authentication", "Name": "Client Authentication Success","EventType":"Success"
2023-05-08 05:07:34.538 -05:00 [INF] ("Username":"admin","Provider":null,"ProviderUserId":null,"SubjectId":"0","DisplayName":null,"Endpoint":"Token","ClientId":"webapp")