Syslog Server - Event Logs

M3D
Here to help

Syslog Server - Event Logs

Hello,

 

I am having an issue with my Meraki Switch MX68W and getting the device to communicate with my Solarwind Kiwi Syslog Server.

 

My Meraki is set to the ip 192.168.128.1

My Kiwi is on IP address 192.168.128.34 running as a service on a windows 10 pro desktop with a static IP.

 

I have verified that my Kiwi is listening on UDP port 514 while my Meraki is broadcasting to 192.168.128.34 on UDP port 514, It is set to broadcast the roles : URLS, Security Events, and Appliance event Logs. I can see the Meraki is generating events when I look in event logs but my Kiwi is not receiving and Event Logs from the Meraki. There is no Firewall rule preventing information on Port 514 either. 

 

Is there something I am missing to make this work?

10 Replies 10
BrechtSchamp
Kind of a big deal

Are you successfully receiving syslog messages from other devices?

 

Perhaps you can do a packet capture on the port the messages should be going out on to see if they're at least being sent.

M3D
Here to help

I can confirm that my Meraki is sending Syslog packets from 192.168.128.1.42868 > 192.168.128.34.514.

 

I checked both the display and the log to file and The Kiwi does not seem to be receiving them.

BrechtSchamp
Kind of a big deal

I know you mentioned the not being any firewall rules blocking it, but what about any software based firewalls on the server itself? Have you checked those?

 

Also inside kiwi I remember vaguely you need to configure which sources you're interested in. Have you done that?

M3D
Here to help

I specifically added into the software firewall and antivirus software an exception for port 514. 

 

For Kiwi you do and don't have to specify the source you can specify the ip that the syslogs should be coming from but you can also set it to accept all traffic on that port.

BrechtSchamp
Kind of a big deal

Okay. What about a packet capture on the server? Do you see the packets arrive there?

M3D
Here to help

Yes I just ran Wireshark the server is indeed receiving packets on port 514. 

 

BrechtSchamp
Kind of a big deal

Hmm so probably a Kiwi problem. Progress! Have a look through this:

https://documentation.solarwinds.com/en/Success_Center/KSS/Content/KSS_GSG_troubleshooting.htm

M3D
Here to help

Ive read through all the self help documents nothing I did helped.

M3D
Here to help

Since there was solution found for Kiwi I went for another system which works thank you for all your help

BrechtSchamp
Kind of a big deal

You're welcome. I wonder what went wrong. I may install it myself and give it a try.

Get notified when there are additional replies to this discussion.