Need assistance to check Splunk Kiwi Syslog to see if logs from a firewall are being received.

Syslog settings for a firewall was changed to send logs to Kiwi syslog server. I was asked to validate if logs from the firewall is being received in the Kiwi Syslog. I am not familiar with Splunk or the Kiwi Syslog. I RDP into the server that host the Kiwi Syslog. I noticed two apps (Kiwi Syslog Service Manager and Kiwi Syslog Web Access). What app would i use to see if logs from a firewall are being received? If I need to use Kiwi Syslog Service Manager, how can I validate if the logs from the firewall are being received?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Splunk web interface?
btanExec ConsultantCommented:
I believe you are saying FW log send to kiwi syslog server (not splunk which is another provider and mainly a SIEMS which can recv log too). The online reference is useful starter
- The how-to and manual (like "Kiwi Syslog Web Access") are useful too

...See the "Configuring Syslog enabled devices" and to your FW if it is in the list and see log config to confirm it is proper. You can actually have rule in helping surfacing upon the FW log receipt
When a message is received by Kiwi Syslog Daemon it is tested against each Rule in turn from the top down until either all Rules have been tested against, or a Stop Processing action is encountered. The next message is then tested in turn and so on...

For the actions within a rule to be fired, all the preceding filters of that rule must first be TRUE. When you have more than one filter specified within a rule each filter is effectively ANDed together not ORed. In this scenario we have created two filters:
a Simple IP address filter.
a Simple Message text filter.

The two defined actions, Display and Log to file will only fire if the message that is currently being processed matches both of these filters, i.e. it comes from IP address AND it contains the words "link down" OR "link up" within the message text part of the syslog message.

If the message does not meet these requirements then both filters will not be TRUE and therefore the actions will not fire.

...Then it is checking the traffic stats and "The main display window" in the link section or using past "Kiwi Logfile viewer " to view the list of IP (like hostname), the ip of the FW should be indicated as the source reaching the kiwi server

...Any errors, such as the server is unable to write a message to a log file or has a problem archiving the log files an error will be logged in the error log text file. You can check out the file name is: InstallPath\Errorlog.txt. Also any other errors that are encountered by Kiwi Syslog Server are also recorded in this file.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.