Use debug logs to troubleshoot in KSS NG
You can use debug logs in Kiwi Syslog Server NG (KSS NG) to troubleshoot issues related to both back end and front end web server work flows. This can include issues with port binding, incoming traffic, execution of rule actions, service errors, state of servers, user sessions and activities, requests, and user-facing errors.
By default, debug logs are logged to C:\ProgramData\SolarWinds\KiwiSyslogService\logs and named by date.
Configure number of logs received with log levels
Before you start using debug logs, you can configure the amount of information that is logged in C:\Program Files (x86)\SolarWinds\Kiwi Syslog Server NG\appsettings.json.
In the .json file, configure the log level in "Default": "Warning" in the following example.
"Serilog": {
"MinimumLevel": {
"Default": "Warning",
In this example, only logs that are set to the Warning log level and higher will be logged. If you do not specify MinimumLevel, the default log level is Information. See the log level table below, sorted from least to most critical.
| Level | Description |
|---|---|
Verbose
|
The Verbose level contains the highest volume of information. It is rarely enabled for a production application. |
Debug
|
The Debug level is used for internal system events that are not observable, but useful for determining how the event occurred. |
Information
|
The Information level uses events that describe what is happening in the system and its relevant responsibilities and functions. These events are observable actions. |
Warning
|
The Warning level is used when service is degraded, endangered, or behaving outside its expected parameters. |
Error
|
The Error level is used when functionality is unavailable or there is an issue in the system. |
Fatal
|
The Fatal level is the most critical level and demands immediate attention. |
SolarWinds recommends that you decrease the log level under regular conditions and increase the log level during troubleshooting.
Troubleshoot a specific issue
Review the following steps if you want to troubleshoot a specific issue you are experiencing in KSS NG:
- Stop the KSS NG service.
- Navigate to
C:\ProgramData\SolarWinds\KiwiSyslogService\logsand remove all logs. - Restart KSS NG and repeat the steps needed to reproduce the issue.
- Review the new logs and archive them.
Examples of debug logs
See the following examples of debug logs using different log levels.
Information level logs for port binding
2023-05-08 04:06:34.535 -05:00 [INF] EventId: 1011 - Syslog Collector started on TCP Endpoint 0.0.0.0:1468 2023-05-08 04:06:34.535 -05:00 [INF] EventId: 1011 - Syslog Collector started on IPv6 TCP Endpoint [::]:1468 2023-05-08 04:06:34.535 -05:00 [INF] EventId: 1018 - Syslog Collector started on 0.0.0.0 UDP Port 514 2023-05-08 04:06:34.535 -05:00 [INF] EventId: 1018 - Syslog Collector started on :: IPv6 UDP Port 514 2023-05-08 04:06:34.535 -05:00 [INF] C:\WINDOWS\system32\config\systemprofile\AppData\Local\SolarWinds\KiwiSyslogService\Settings\sw.snmp.encoding.config not found
Information level log for incoming traffic
2023-05-08 04:06:34.535 -05:00 [INF] Syslog message parsed, Src:10.140.191.89,Hostname:10.140.191.89,DateTime:,Discard:False,IsLegacy:True,Severity:1,Facility:4,Level:Alert,Message: This is a test message
Information level logs for actions that have executed
2023-05-08 05:07:34.535 -05:00 [INF] Action 'DisplayBufferActionInfoBL' executed, ActionResult=Changed, Total=1 2023-05-08 05:07:34.536 -05:00 [INF] Action 'BulkInsertActionInfoBL' executed, ActionResult=Changed, Total=2 2023-05-08 05:07:34.537 -05:00 [INF] Action 'LogToFileInfoBL' executed, ActionResult=Changed, Total=3
Information level log for the state of the web server
2023-05-08 05:07:34.535 -05:00 [INF] Now listening on: https://0.0.0.0:5000
Error level log for a service error
2023-05-08 05:07:34.535 -05:00 [ERR] UDP Socket Exception occuring during shutdown. Error: System.Net.Sockets.Exception (10004)
Information level logs for user sessions and activities
2023-05-08 05:07:34.535 -05:00 [INF] ("ClientID":"webapp","AuthenticationMethod":"SharedSecret","Category":"Authentication", "Name": "Client Authentication Success","EventType":"Success"
2023-05-08 05:07:34.538 -05:00 [INF] ("Username":"admin","Provider":null,"ProviderUserId":null,"SubjectId":"0","DisplayName":null,"Endpoint":"Token","ClientId":"webapp")