Documentation forKiwi Syslog Server

Troubleshoot Kiwi Syslog Server NG

If you have configured devices to send messages but Kiwi Syslog Server NG does not receive them, use the following troubleshooting tips to resolve the problem.

Send a test message to Kiwi Syslog Server NG

The test message can help you determine where to focus your troubleshooting efforts.

  1. From the Kiwi Syslog Server NG navigation bar, select Setup > Settings> Test Message.

  2. Select the protocol and complete the relevant fields for your test message. Click Apply.

  3. Once you have applied your changes, click Test.

A green toast message will appear in the upper-right corner of the user display if the test message sends successfully.

If Kiwi Syslog Server NG does not display the test message

1. Verify that Kiwi Syslog Server is configured to listen for UDP messages on port 514

  1. From the navigation bar, choose Setup > Rules > Settings.
  2. Under Inputs, click the UDP tab.

  3. Verify that Listen to UDP syslog messages is checked, and the port is 514.

2. Verify that no other service is using port 514

  1. Open a command prompt on the server where the installation is deployed and enter:

    netstat -ano

    A list of active ports and the ID of the process that is bound to them is displayed.

  2. Find the UDP port that ends in 514 and note the corresponding process ID.

    In the following example, the process ID is 5560

  3. Open the Windows Task Manager and click the Process tab.

  4. In the PID column, locate the process ID from the previous step.

    The process associated with this PID should be Syslogd_Service.exe.

  5. If a different process is associated with this PID, right-click the process and select End task.

    The port is now available to Kiwi Syslog Server NG.

  6. Stop and restart the Kiwi Syslog Server service.
    1. In Task Manager, select the SolarWinds Kiwi Syslog service and click End Task.

    2. Open the Kiwi Syslog Server NG application and sign in to start the service again.

3. Verify that the rule to log and display messages is enabled and that the correct display is selected

  1. Under Setup > Rules, verify that the default rule is selected, and that the Log to display action is enabled.

  2. Click the Display action to view details, and note the Display number.

  3. Verify that the same display number is selected in the Dashboard.

If Kiwi Syslog Server NG displays the test message, but not other messages

If Kiwi Syslog Server NG displays the test message but not messages from external devices, then firewall, connectivity, or configuration issues could be the problem.

1. Send a test message using the free syslog message generator, Kiwi SyslogGen

  1. Go to the Kiwi Syslog Free Products and Utilities page and download Kiwi SyslogGen.
  2. Install Kiwi SyslogGen on the device where Kiwi Syslog Server NG is installed.
  3. Enter the device's IP address as the Target IP address, and send a test message.
  4. If the test message from the local device is successful, install Kiwi SyslogGen on an alternative configured device and send a test message.
    • If you do not receive messages sent from the alternative device:
      • Verify that the firewall is allowing traffic to pass through on the port and protocol selected.
      • If the firewall is allowing traffic, check for an anti-virus program that has traffic-blocking functionality.
      • Add exceptions as needed, and then repeat the test.
    • If you receive messages from Kiwi SyslogGen, continue with the following troubleshooting steps.

2. Verify the device network connectivity with Kiwi Syslog Server NG

From the sending device, ping the device where Kiwi Syslog Server NG is installed to verify network connectivity.

3. Check the device configuration

See the device vendor's documentation for details on configuring your device.

Some devices must be rebooted before configuration changes take effect.

4. If the device is sending TCP messages or SNMP traps, verify that Kiwi Syslog Server NG is configured to listen for that protocol on the designated port

  1. In the navigation bar, select Setup > Settings and click the Inputs tab.
  2. Click the corresponding tab of the protocol that the device uses.
  3. Verify that Listen is selected, and verify the port number and other options for that protocol.

In addition, verify that no other service is using the required port by following the example, but substituting the appropriate port number and protocol.

5. Verify DNS resolution is working as expected

Ping a host name from the command prompt to verify that the DNS resolution is working as expected.

6. If the device does not include a priority in its messages, verify that Kiwi Syslog Server NG allows messages with no priority

  1. In the Kiwi Syslog Server Setup dialog, click Modifiers.
  2. Verify that Allow messages with no priority is selected.

    If a message does not include a priority, Kiwi Syslog Server NG uses the default priority level and facility.

Additional troubleshooting if the problem is not resolved

If the previous troubleshooting tips did not resolve the issue, try the following.

1. Check the Kiwi Syslog Server NG error logs for information

Error logs are located in the installation directory. The default location is: C:\ProgramData\SolarWinds\KiwiSyslogService\logs

If the error log says that Kiwi Syslog Server NG is unable to bind to a port, stop the service using that port and restart Kiwi Syslog Server NG.

2. Restart the computer where Kiwi Syslog Server is installed

3. Clear the options in the KSS NG DNS settings to resolve IP addresses

  1. In the Kiwi Syslog Server NG navigation bar, choose Setup > Settings and select the DNS tab.
  2. Uncheck the options to resolve IP addresses.

6. If the problem still exists, open a support ticket.

Support is available to customers with a licensed version of Kiwi Syslog Server NG who are under active maintenance.