Guy's Ezine 159 - Syslog and the Free Kiwi Utility
If you are even a minor expert on routers and the syslog protocols, then I suggest
that you cut to the chase and
download the free Kiwi Syslog Server.
As I write the rest of this ezine, I have in my mind a competent computer
techie who has little knowledge of routing protocols.
My twin aims are to give you an introduction to syslog, and provide a good
free analyzer so that you can investigate error messages that routers,
switches and firewalls are already sending on your network. Such
knowledge is particularly useful for troubleshooting security breaches and
virus attacks.
Guy's
Review of the Kiwi Syslog Server
Syslog is a UDP protocol that transports messages from Cisco routers and
other network devices. These log messages are invaluable for
troubleshooting network problems; they are particularly useful for
detecting security breaches. The
free Kiwi Syslog Server captures these datagrams and analyzes their log
messages so that you can 'see'
what's happening in your ethernet cables.
You only have to see the word Daemon, as in Syslog Daemon, to realize
that this UDP protocol originated in UNIX. I say protocol, but all
that syslog does is transport event messages from routers and other
network hardware. Syslog's success and
universal adoption is based on simplicity, it's just not fussy about
what sort of event log messages it transports. As a result syslog has
become the de-facto standard for system management and event reporting
in heterogeneous networks.
A syslog daemon is merely a device / program / entity that
listens for the UDP syslog packets. Thus the skill lies in what
you do with the information in these message logs, and this where the
Kiwi Syslog Server comes into play.
Free Download of Kiwi Syslog Server
The actual Kiwi install was easy. I extracted the files from the zip, ran setup
noting that the program's files were copied to the Program Files\syslogd\
(The last 'd' is not a typo, but 'd' for daemon). The hardest
decision during install is
whether to opt for the Daemon Service, or to select the (Daemon) Windows Application
mode. If you change your mind about Windows syslog, just run setup
again.
The distress I felt at not seeing any proper network messages reminded me of
God's reply to Seamus when he complained that he never won the lottery.
'Give me a chance Seamus, and at least buy a ticket'. If you have
no messages, give Kiwi a chance and show it a router.
Alternatively, install
'Snare', so that you divert the Windows Server log messages to the Kiwi Syslog
application and get some action.
Solution Get Snare and See Windows Event Logs with Kiwi
An ideal way of running Kiwi through its paces is to
divert the built-in Windows event logs into the Kiwi Server running in Application
mode. This is especially useful
if you have a machine with no router available to test a Windows syslog
application. In this
scenario what you need is to download and install the
Snare program, then watch out for the setup menu which links the
Kiwi Daemon to
the native Windows system and application logs.
Caution. By syslog standards, the Windows Event Logs are certainly
verbose and maybe obscure. My point is that this configuration won't give
you the full flavour of
what logging syslog network messages from a router could achieve.
Free Download of the Kiwi Syslog Server
A company called RedPeril introduced a bonus system to persuade their techies to
improve security on their network. Under the scheme the company gave the
techies a bonus of £300 a month, however, for each critical or error
message in the log they deducted £1.
RedPeril provided a Syslog Analyzer along with a day's training, then
the techies set about monitoring and tuning their networks. The
plan was that techies would now work intelligently trying to eliminate network problems,
and in the process earn themselves a good bonus.
At the end of the first month my friend 'Mad' Mick owed the
company £76 as he had 376 errors coming from his networks.
Sometime during the second
month 'Mad' Mick deleted the logs and claimed the entire £300 bonus.
When the company found out in the third month they sacked Mick.
Testing the Kiwi Syslog provides a great opportunity to evaluate your overall strategy for
examining message logging.
I guarantee that just evaluating the logs will give you at least three good ideas
to improve your network.
The Kiwi analyzer receives, logs, from network devices, such as
routers, switches, Unix hosts, and other syslog-enabled devices.
Features include PIX, LinkSys firewall logging, SNMP trap and TCP
support
Kiwi has a 'Rules Engine' for filtering on time of day, queue
length and other criteria. It is also versatile, and co-operative
because it can send an SNMP trap to utility that collects and analyzes
Simple Network Management Protocol messages. Thus, all the tools are there in the Kiwi Windows Syslog application to
perform trend analysis of the log message statistics.
Types of Computer Logs
- Syslog from routers and other network devices - Capture and
interpret with Kiwi Syslog
Server
- Windows (System, Application, Security) - Inspect with Event Viewer
- Database Logs. Many applications, for example Exchange and SQL
have one or more additional logs. Each database application will
have its own application for reading at least some of these logs.
Windows logs produce a text record of all manner of actions that the operating
system performs. What to do with all this information? How
much information to record? It can get to the ridiculous point
that the operating system slows down because it spends all its time
writing to the logs. It can get so sad that the operating system
keeps recording that a log is full. Funny, but only when it
happens to someone else.
More
Ideas for Reviewing your Log Strategy
Here are questions to get you started on with your review of logging.
- Do you check both security and application logs?
- Should you filter logs for only critical and error messages, or
add all the information stuff?
- Are you collecting logs for just the server, or also the
Network?
- Is there an alert on changes to the security log?
- To what extent does logging slow down the server?
- Is logging by-passed when the system is under sever load.
- What more do I need to know about your logging? For
example, control logging on the hardware device.
- Free Download of the Kiwi Syslog Server
Summary of Windows Syslog Analyzing
Logs are full of information for troubleshooting network problems.
When something really goes wrong then
surely there will be an error message in the log - if only we can find
that record and interpret the event. What will help to analyze such
network messages on a Windows computer is the Kiwi Syslog Server.
A clever system such as the Kiwi Syslog server can
provide extra vital information such as group events so that you can see
how long the problem has existed, and gain valuable clues from the time
patterns.
Finally, a great log analyzer, such as Kiwi, will anticipate problems
and make you a better administrator.
Free Download of Kiwi Syslog Server
Guy Recommends: Tools4ever's UMRA
Tired of writing scripts? The User Management Resource Administrator solution
by Tools4ever offers an alternative to time-consuming manual processes.
It
features 100% auto provisioning, Helpdesk Delegation, Connectors to more than
130 systems/applications, Workflow Management, Self Service and many other
benefits. Click on the link for more information on
UMRA.
Will and Guy's Humour
This week Will and Guy offer an amusing review of safety at work,
incidentally this has proved our most popular page for January.
Safety is a major concern at the manufacturing company where
I work. So I'm constantly preaching caution to the workers I
supervise. 'Does anyone know,' I asked a few guys, 'what the
speed limit is in our parking lot?'
The long silence that followed was interrupted when one of
them piped up. 'That depends. Do you mean coming to work or
leaving?'
See our PowerShell Presentation - Safety at work.
See more interesting free computer utilities
Here are my reviews of more useful computer tools. Most of these programs are free, while others
are major applications, but time-limited. One common theme is that
Solarwinds give you a free specialist utility, and then
supply a more comprehensive suite for larger organizations. To let you
into a secret; for small networks the free tool is all you'll ever need.
• E 202 Permissions Monitor •
E 190 Network Device Monitor •
E 181 Config Generator
• E 166 IPAM •
E 161 OB IT •
E 159 Kiwi Syslog Review •
E 156 Windows Network Monitor
• Real Time
Netflow Analyzer •
Syslog Utility • Ezines
Home • Ezines
Home
|
