- What’s your ENow AppGov Score? Free Microsoft Entra ID app security assessment - Thu, Nov 30 2023
- Docker logs tail: Troubleshoot Docker containers with real-time logging - Wed, Sep 13 2023
- dsregcmd: Troubleshoot and manage Azure Active Directory (Microsoft Entra ID) joined devices - Thu, Aug 31 2023
Logging is not a process we view as exciting, for the most part. However, logging is an essential part of visibility into what is going on in critical systems. It enables troubleshooting, enforcing security, and auditing.
Most devices and software have a way to perform logging and even send logging information to a syslog server. Sending your logs to a syslog server is a great way to aggregate them in one place that can be monitored, which provides visibility into your environment as a whole.
In this review of SolarWinds Kiwi Syslog Server, we will take a look at a syslog server offering from SolarWinds that provides great features and functionality for managing syslog messages, SNMP traps, and even Windows event logs.
Feature overview
What is SolarWinds’s Kiwi Syslog Server? It is a syslog aggregation and management tool for network and systems engineers that enables receiving syslog messages and SNMP traps from network devices. This can include routers, switches, firewalls, and even Linux/Unix hosts. This can even include Windows hosts that are configured for forwarding the Windows Event Logs to the Kiwi Syslog Server for aggregation.
Key features
Kiwi Syslog Server offers a lot of really great features, including the following:
- Ability to centrally manage all your syslog messages in one place – Provides a centralized, easy-to-use web console to view, search, and filter syslog messages. The web console provides up to 25 log display views that you can customize according to your filter criteria. Kiwi Syslog Server also provides you with graphs of syslog statistics over specific time periods.
- Configure and receive real-time alerts based on syslog messages – The intelligent alert functionality can notify you when predefined metrics are met based on time, type of syslog message, source, etc. You can send email alerts, instant messages, play sounds, send a pager or SMS, and perform other actions.
- Automatic responses to syslog messages – Automation is key in reacting to syslog information. Kiwi Syslog Server enables triggering email notifications and reports, running scripts or external programs, logging to a file, Windows event log, or database, splitting written logs by device, IP, hostname, data, or other message/time variables, or forwarding syslog messages or SNMP traps to other hosts or systems (SIEM).
- For regulatory compliance, and storing and archiving logs – You may need to log syslog messages to disk, files, and ODBC-compliant databases. You can set up the integrated scheduler to run automated archive and cleanup tasks. Log retention kicks in to meet the policy you have defined. You can compress, encrypt, move, rename, and delete logs based on your needs as well.
- Event log forwarder – Using SolarWinds’s free Event Log Forwarder (which is a separate download), Windows hosts can forward event logs to Kiwi Syslog Server as syslog messages. When logs are received in Kiwi, you can perform log management actions on the Windows events.
Licensing and scaling
Kiwi Syslog Server is licensed according to the number of syslog server installations. Each installation of Kiwi Syslog Server is priced starting at $295 per server installation. The great thing about the Kiwi Syslog Server is that it supports an unlimited number of devices for syslog collection.
This pricing structure works out to be extremely economical since you can aggregate an unlimited number of devices that log to your Kiwi server. Many well-known syslog solutions charge you by the number of nodes you are monitoring or even the number of messages you are collecting. In comparison, the flat cost of the solution will work out very well for many.
Regarding scalability, it is designed to handle up to two million messages per hour. The “unlimited” number of devices you would be able to support with an installation would, in effect, depend on how many messages are being generated in the environment. Kiwi Syslog Server supports log collection from both IPv4 and IPv6 devices.
Installing Kiwi Syslog Server
I found the installation process to be painless with the downloaded installer. The installation wizard asks most of the basic questions you're familiar with from Windows installers.
One point to note: .Net 3.5 is required for the Kiwi Syslog Server installation. If you run the installer before installing .Net 3.5, you will see the following error pop up as you run the installer. You will need to install .Net and then rerun the installation of Kiwi Syslog Server. Other than a few missing prerequisites, the installation of Kiwi Syslog Server completed without issue fairly easily. The installation of the prerequisites was taken care of easily with the installer.
Kiwi Syslog Server console and web access
After you install Kiwi Syslog Server, you will see two different shortcuts appear for the Kiwi Syslog Server:
- Kiwi Syslog Server Console
- Kiwi Syslog Web Access
The Kiwi Syslog Server Console is the “fat client” Service Manager that allows you to see the syslog messages coming to the Kiwi Syslog Server and configure various settings, including:
- Import and export settings
- Test the Kiwi Syslog Server
- Start, stop, and ping the Syslogd service
- Control debug options
- Setup of the Kiwi Syslog Server – DNS setup, scripting, formatting, appearance, email configuration, alarms, inputs, and other configuration options
Kiwi Syslog Server Console
Configuring nodes
I set about adding a couple of different event log sources for the Kiwi Syslog Server – a network switch and a Windows Server virtual machine. I found both extremely easy to configure and had no issues with Kiwi Syslog Server receiving the messages.
The first device I configured to use with the Kiwi Syslog Server was a Cisco small business switch. Below, I am simply configuring the IP address for the Log Server, which is the IP address of my Kiwi Syslog Server.
Configuring a Cisco switch to target the Kiwi Syslog Server for logging
Events for the Cisco switch start appearing in the Kiwi Syslog Server
On a Windows host VM, I configured the SolarWinds Event Log Forwarder to forward events from the Application and System Windows Event logs.
After installing the Event Log Forwarder, I quickly started getting the defined Windows Event log events that were sent to the Kiwi Syslog Server. One feature I like is the ease with which you can search for specific events. In the search field, I am simply typing the name of my Windows server and these entries are instantly highlighted.
Collecting Windows Event Logs in Kiwi Syslog Server
Configuring rules, filters, and alerts
The power of having a single solution aggregating all the syslog messages in one location is that you can have a single centralized installation that monitors the messages and triggers off certain types of logs that come through. This allows you to automate notifications and other actions.
Kiwi Syslog Server uses Rules, Filters, and Actions. These allow configuring rules to monitor your logs, and then trigger on various filters you define to result in a specific action or series of actions. To configure a new Rule, navigate to File > Setup.
Creating a new rule in Kiwi Syslog Server to filter data and perform actions
As you can see below, you can perform a wide range of actions including sending emails, writing to a database, running scripts, and sending alerts to third-party notification solutions.
Kiwi Syslog Server allows you to create rules with a large number of possible actions
Impressions and final thoughts
Overall, I found the SolarWinds Kiwi Syslog Server to be an easy-to-install, easy-to-use, solid solution for collecting event logs for most types of devices, including Windows Servers. It is a reasonably priced application that does what most will want in a syslog solution that offers a few notches above the normal basic features.
The Kiwi Syslog Server Web Access portal provides a readily accessible solution via web connectivity so you can monitor syslog messages from various devices via the console, in addition to any alerts you have configured.
Subscribe to 4sysops newsletter!
The rules, filters, and actions are great features that allow you to automate your solution based on the needs of the environment when various messages are collected by the Kiwi Syslog Server. SolarWinds offers a 14-day fully featured trial version of the Kiwi Syslog Server so you can try out all the features before you buy into the solution. Check out the download here.
Read the latest IT news and community updates!
Join our IT community and read articles without ads!
Do you want to write for 4sysops? We are looking for new authors.
