In yesterday’s tweet, a friend left a message to read the kiwi syslog article, and it is under the win system, so arrange it today:
1. Installation of Kiwi_Syslog
download link:
链接:https://pan.quark.cn/s/008c896fae84
提取码:ckJa
1. Download kiwi_syslog_server, after decompression, run Kiwi_Syslog_Server_9.5.0.setup.exe, click I Agree;
2. The default option, then click Next to continue
3. The default option, click Next
4. (The meaning here seems to be to install the log acquisition service of the web page. I don’t understand it specifically. If you don’t install it, it will not affect the normal use.) I will remove the tick here, and then click Next
5. Default settings
6. The default path, click install
6. If you are prompted to install .net 3.5 here, click Install
(If it prompts that it cannot be installed, just close it, and the installation program will continue, but you need to manually install .net 3.5 after the installation is complete)
7. Cancel the check mark Finish after completion
8. After the installation is complete, end the process of syslogd_service in the task manager
9. Copy SolarWinds.Licensing.Framework.dll and ufmod.dll in the "Keygen Registration Machine" folder to the software installation directory "C:Program Files (x86)Syslogd" to overwrite
10. Open the Kiwi Syslog Server Console program on the desktop
11. Click Help>>Enter license details above to select the second option and click Next
12. Click Copy ID
13. Then open the "keygen.exe" in the "Keygen registration machine" folder just now
14. Copy the ID in, fill in the username casually, and the default time is fine
15. Then click Generate! Export the file to any directory
16. Then go back to the software point import just now, and select the file you just exported
17. After clicking Finish, a serial number bullet box will appear, just click Close
This completes the installation and registration
Two, configuration
1. Click File>>Setup in the upper left corner
2. Select Log to file on the left
3. Here you can set the storage location and storage format of the log file
The default way to save the SNMP data collected by kiwi syslog software is: save the logs of all devices in a file in order of date and time, and generate a file every hour. This kind of saving method is not conducive to querying the log information of each device, so in the newer version, the method of saving separately by device IP address is added, but the setting options on the software are not clearly indicated, so it is generally easy to ignore Lose. It should be manually typed in the save path and file name options in the log to files tab: sys%IPAdd4.txt as shown below
After setting, click Apply
4. Click Shedules on the left, and then click "New" in the upper left corner to configure scheduled tasks
- Schedule field to add log plan frequency (by hour, record once every 6 hours, record 4 times a day)
- Source field (set the path for temporary storage of logs)
- Destination field (set the final log storage directory)
What I set here is to record once every 6 hours, and the others are default
Here is the last location to save the log file, which can be set at will. Here is my default path
5. Click Input>UDP on the left to modify the value of Date encoding to Utf-8 to prevent some logs with Chinese characters from being garbled
This configuration is done
Note: If there is no problem with the above operations, you need to restart the server before it can be used normally
3. Settings of the sender (for example: firewall or windows)
1. For the firewall, the setting method of each brand is different. Here I am the firewall of Wangshen
Please refer to the device documentation for details
2. Windows settings are as follows
Need to download Evtsys first
链接:https://pan.quark.cn/s/98b757564e9f
提取码:ZzER
After decompression, first select the corresponding system file
Then copy all the files in the folder to the "C:WindowsSystem32" directory
Open Windows Command Prompt
(Start > Run > Enter CMD and press Enter to enter the Windows command prompt)
enter
evtsys.exe -i -h 192.168.100.1;
Notes:
- -i means install as a system service
- -h specifies the IP address of the log server
The ip address here is changed to the server address of Kiwi_syslog just configured
and then start the service
net start evtsys
After starting, there will be a Chinese prompt: the service has been started successfully
The command to uninstall the service is
net stop evtsys
evtsys -u
Settings for other devices
1. Cisco client device configuration
Enter conf mode configuration
R1#configure t
R1(config)#logging on #开启日志服务
R1(config)#logging host 192.168.100.100 #定义日志服务器IP地址
R1(config)#logging facility local7 #定义facility级别,默认为7
R1(config)#logging trap 7 #定义severity级别(0-7;日志记录级别 7表示全部启用)
R1(config)#logging source-interface e0 #日志发出使用的端口
R1(config)#exit
R1#show logging
2. Examples of Huawei devices
system-view
[Sysname] info-center enable #开启信息中心
[Sysname] info-center loghost 192.168.100.100 channel loghost #指定向日志主机输出日志信息的通道为 loghost 通道
[Sysname] info-center source default channel loghost debug state off log state off trap state off #关闭所有模块日志主机的 log、trap、debug 的状态(注意:由于系统对各通道允许输出的系统信息的缺省情况不一样,所以配置前必须将所有模块的需求通道(本例为loghost )上log、trap、debug 状态设为关闭,再根据当前的需求配置输出相应的系统信息。可以用display channel 命令查看通道的状态)。
[Sysname] info-center source default channel loghost log level informational #允许输出信息的模块为所有模块 source:default
display channel loghost #查看通道状态