Network Troubleshooting

How can I set alarms?

In Kiwi Syslog Server, you can create, configure, and modify alarms from the File menu. Navigate to the Setup dialog box and select the Alarms node. From there, select the type of alarm you’d like to activate and input the appropriate threshold. Finally, select the preferred notification method for the alert (which can include an audible alarm, auto-running executable programs, or sending a notification by email).

Kiwi Syslog Server contains four primary alarms:

• Min message count: This alarm will activate if Kiwi Syslog Server receives fewer messages per hour than the specified baseline. A per-hour message count below this threshold could be a sign Kiwi Syslog Server isn’t receiving messages—a potential syslog troubleshooting issue that needs to be resolved quickly to ensure continued visibility into system logs.
• Max message count: In contrast, this alarm will activate if Kiwi Syslog Server receives more messages per hour than the specified cut-off. 
• Disk space usage: This alarm will activate if the amount of available disk space on the drive hosting Kiwi Syslog Server falls below the selected baseline. This alert can also be configured to automatically close TCP connections or to pause logging to the disk drive when available drive space is below the appointed threshold.
• Message queue monitor: This alarm will activate when the Kiwi Syslog Server message queue overflows more frequently than the maximum number of times selected. The alarm will also trigger if the queue contains more than the allowed threshold of messages waiting to be processed.

Which Kiwi Syslog Server features are helpful in network troubleshooting?

Kiwi Syslog Server offers a centralized platform for comprehensively organizing, monitoring, and managing your syslog data for your entire network. The application includes useful network troubleshooting tools and capabilities to help streamline the process.

First and foremost, Kiwi Syslog Server collects syslog messages and SNMP traps from devices and Linux and Unix hosts across your entire network. Not only does Kiwi Syslog Server support syslog collection for an unlimited number of devices (including IPv4 and IPv6 devices), but it is also built to have capacity for up to two million inbound syslog messages per hour. While this may sound like a lot of log data to sort through when you’re troubleshooting, Kiwi Syslog Server’s intuitive web console makes it simple to search and filter through collected syslog messages. The centralized dashboard can display up to 25 different log views at once, making it possible to tailor your filtering criteria to the specifics of your troubleshooting investigation. What’s more, Kiwi Syslog Server can create graphs of various syslog statistics for improved at-a-glance comprehension and insight.

Kiwi Syslog Server also includes intelligent and customizable alert capabilities designed to keep you aware of performance issues and other potential problems worth looking into. When an alert is triggered, you’ll receive information about the alert type, kind of syslog message, message source, the time the alarm was triggered, and more.

What types of actions are built-in to react to syslog messages?

Kiwi Syslog Server is designed to streamline your troubleshooting efforts and includes several built-in actions allowing you to respond the moment the application detects something noteworthy in your system logs.

These built-in actions include the ability to send email notifications and reports, run executable scripts, launch external programs, and write logs to files, databases, or Windows event logs. Kiwi Syslog Server also lets you direct where logs are written to based on the source device, IP address, date, hostname, and other key variables. You can also forward your syslog messages and SNMP traps to different hosts, as well. This set of built-in actions gives you greater control over how your system logs are stored, organized, and managed, and allows deeper insights into your network operations.

How does network troubleshooting work in Kiwi Syslog Server?

SolarWinds Kiwi Syslog Server receives syslog messages and SNMP traps from your network hardware and devices, making it easier to identify when firewalls, switches, routers, and other business-critical elements are experiencing issues.

Kiwi Syslog Server’s network troubleshooting software features include numerous customization options, allowing you to set and modify rule-based actions to meet the specific needs and criteria of your network.

These rule-based actions, such as those mentioned above, make it possible to establish how Kiwi Syslog Server processes the messages and SNMP traps it receives. Each rule includes filters and follow-up actions you can modify to align with the requirements of your systems. Without filters in place, the rules will apply to all received syslog messages and SNMP traps—which can be useful in some network troubleshooting instances but may not be the most efficient course of action during all investigations.

Kiwi Syslog Server enables you to set rules to write syslog messages to specific files, send email notifications when the server detects urgent log messages requiring immediate attention, or run scripts on messages containing particular keywords. You can set and apply up to 100 rules in Kiwi Syslog Server, each of which can include up to 100 filters and 100 trigger actions.

This not only grants you granular controls over syslog monitoring and management, but also makes it possible to automatically archive your logs to assist you with compliance with industry standards and regulations. Kiwi Syslog Server can help you demonstrate compliance with SOX, PCI-DSS, FISMA, and other regulatory standards and includes a built-in scheduler for initiating automated archiving and clean-up processes. Furthermore, the scheduler can be used to automate some log management functions, as well, such as compressing, encrypting, transferring, and renaming syslog files.