Troubleshoot KSS NG

If you have configured devices to send messages but Kiwi Syslog Server NG (KSS NG) does not receive them, use the following troubleshooting tips to resolve the problem.

Send a test message to KSS NG

The test message can help you determine where to focus your troubleshooting efforts.

1. From the KSS NG navigation bar, select Setup > Settings> Test Message.

2. Select the protocol and complete the relevant fields for your test message. Click Apply.

3. Once you have applied your changes, click Test.

A green toast message will appear in the upper-right corner of the user display if the test message sends successfully.

If the test message is not displayed, continue with If KSS NG does not display the test message. If the message is displayed, continue with If KSS NG displays the test message, but not other messages.

If KSS NG does not display the test message

Verify that KSS NG is configured to listen for UDP messages on port 514

1. From the navigation bar, choose Setup > Rules > Settings.
2. Under Inputs, click the UDP tab.

3. Verify that Listen to UDP syslog messages is checked, and the port is 514.

   

Verify that no other service is using port 514

1. Open a command prompt on the server where the installation is deployed and enter:

   netstat -ano

   A list of active ports and the ID of the process that is bound to them is displayed.

2. Find the UDP port that ends in 514 and note the corresponding process ID.

   In the following example, the process ID is 5560.

   

3. Open the Windows Task Manager and click the Process tab.

4. In the PID column, locate the process ID from the previous step.

   The process associated with this PID should be Syslogd_Service.exe.

   

5. If a different process is associated with this PID, right-click the process and select End task.

   The port is now available to KSS NG.

6. In Task Manager, select the Kiwi Syslog Server NG service and click End Task to stop the service.

7. Open the KSS NG application and sign in to start the service again.

Verify that the rule to log and display messages is enabled and that the correct display is selected

1. Under Setup > Rules, verify that the default rule is selected, and that the Log to display action is enabled.

2. Click the Display action to view details, and note the Display number.

   

3. Verify that the same display number is selected in the Dashboard.

   

Check the startup debug file using command line parameters

You can check the startup debug file if KSS NG does not appear to be receiving messages on the port specified by the Inputs setup option. This debug file helps you ensure that the sockets initialized correctly.

The startup debug command creates a debug file that contains the results from the program startup and socket initialization routines. The debug file is created in the installation directory, and the file name is based on the program file it was used with (as described below).

Command line value	DEBUGSTART
Applies to	Syslogd.exe, Syslogd_Service.exe, and Syslogd_Manager.exe
Files created	When run with: The file name is: Syslogd.exe Syslogd_Startup.txt Syslogd_Service.exe Syslogd_Service_Startup.txt Syslogd_Manager.exe Syslogd_Manager_Startup.txt

If KSS NG displays the test message, but not other messages

If KSS NG displays the test message but not messages from external devices, then firewall, connectivity, or configuration issues could be the problem.

Send a test message using the free syslog message generator, Kiwi SyslogGen

1. Go to the Kiwi Syslog Free Products and Utilities page and download Kiwi SyslogGen.
2. Install Kiwi SyslogGen on the device where KSS NG is installed.
3. Enter the device's IP address as the Target IP address, and send a test message.
4. If the test message from the local device is successful, install Kiwi SyslogGen on an alternative configured device and send a test message.
   • If you do not receive messages sent from the alternative device:
     • Verify that the firewall is allowing traffic to pass through on the port and protocol selected.
     • If the firewall is allowing traffic, check for an anti-virus program that has traffic-blocking functionality.
     • Add exceptions as needed, and then repeat the test.
   • If you receive messages from Kiwi SyslogGen, continue with the following troubleshooting steps.

Verify the device network connectivity with KSS NG

From the sending device, ping the device where KSS NG is installed to verify network connectivity.

Check the device configuration

See the device vendor's documentation for details on configuring your device.

• Verify that the device is syslog-capable.
• Verify that message logging is enabled.
• Verify that the device has been configured to send syslog messages to KSS NG.
• Verify the protocol and port.

Some devices must be rebooted before configuration changes take effect.

If the device is sending TCP messages or SNMP traps, verify that KSS NG is configured to listen for that protocol on the designated port

1. In the navigation bar, select Setup > Settings and click the Inputs tab.
2. Click the corresponding tab of the protocol that the device uses.
3. Verify that Listen is selected, and verify the port number and other options for that protocol.

   

In addition, verify that no other service is using the required port by following the example, but substituting the appropriate port number and protocol.

Verify DNS resolution is working as expected

Ping a host name from the command prompt to verify that the DNS resolution is working as expected.

If the device does not include a priority in its messages, verify that KSS NG allows messages with no priority

1. In the Kiwi Syslog Server NG Setup dialog, click Modifiers.
2. Verify that Allow messages with no priority is selected.

   

   If a message does not include a priority, KSS NG uses the default priority level and facility.

Additional troubleshooting if the problem is not resolved

If the previous troubleshooting tips did not resolve the issue, try the following.

Check the KSS NG error logs for information

Error logs are located in the installation directory. The default location is: C:\ProgramData\SolarWinds\KiwiSyslogService\logs

If the error log says that KSS NG is unable to bind to a port, stop the service using that port and restart KSS NG.

Restart the computer where KSS NG is installed

Clear the options in the KSS NG DNS settings to resolve IP addresses

1. In the KSS NG navigation bar, choose Setup > Settings and select the DNS tab.
2. Uncheck the options to resolve IP addresses.

   

If the problem still exists, open a support ticket.

Support is available to customers with a licensed version of KSS NG who are under active maintenance.