Kiwi Syslog Daemon軟體說明

摘要:Kiwi Syslog Daemon軟體說明

kiwi syslog是一個免費的syslog軟體(也有要收費的版本),它除了可以蒐集log之外,還可以將蒐集的log轉送,方法很簡單,在kiwi syslog的setup中有一個action,這個action是用來告訴kiwi syslog蒐集到log後要做些什麼,在action上面點"右鍵",就可以新增action,選擇forward選項,就可以告訴kiwi syslog要把蒐集到的syslog送到哪,不過kiwi syslog預設的編碼是system,也就是系統預設編碼(windows的話就是big5),所以如果要收UTF-8編碼的話,記得要在UDP那裡將系統編碼改為UTF-8,這樣kiwi轉送時就會幫你把UTF-8轉成big5送給你想送達的syslog server

Kiwi Syslog Daemon 可以自網路設備接收 Syslog 訊息,並且即時顯示報表,可以依照接收的訊息來執行許多操作,訊息可以依照主機名稱、主機 IP 位址、優先權、訊息文字或日期時間來過濾。

Syslog 訊息甚至可以當成「Event」來處理:

- 於捲動視窗顯示訊息。
- 將訊息記錄為文字檔。
- 將訊息轉送給別台機器上的 Kiwi Syslog Daemon。
- 記錄到 ODBC 資料庫。
- 記錄到 NT 應用程式事件記錄 (NT Application Event Log)。
- 透過 SMTP 郵件傳送服務將訊息以 E-mail 寄給他人。
- 觸發音效警鈴。
- 執行外部應用程式。
- 傳送「SNMP Trap」訊息。
- 利用「NotePager Pro」傳送簡訊通知。


Kiwi Syslog Daemon 特色及優點

Kiwi Syslog Daemon 是免費的 Windows Syslog 工具,它從路由器、交換器、Unix 及任何支援 Syslog 的主機接收、記錄、顯示及轉送 Syslog 訊息,並有許多可以客製化的選項。

其特色包含了:

* PIX 防火牆監測。
* LinkSys 家庭防火牆監測。
* SNMP Trap 及 TCP 支援。
* SNMP MIB parsing。
* Ability to filter - parse - 修改訊息及透過 VBScript/JScript 引擎執行動作。
* Service 版可以使用於 Windows NT/2000/XP/2003。


免費版的特色:

* 圖形介面的 Syslog 管理。
* 訊息與接收時就能即時顯示。
* 以 10 種虛擬顯示來組織您的訊息。
* 記錄或轉送所有訊息,或依優先順序、日期時間記錄、傳送。
* 自動依優先順序或日期時間切割記錄檔。
* 透過 UDP、TCP 或 SNMP 接收訊息。
* 透過 UDP 或 TCP 轉送訊息。
* 透過自訂排程來儲存記錄檔。
* 每小時的訊息聲音或 E-mail 警示。
* 記錄檔大小的聲音或 E-mail 警示。
* E-mail 自動傳送每日 Syslog 流量狀態報表。
* 最小化到系統工作列。
* 當轉送訊息至其他 Syslog 主機時,維護來源位址。
* 圖形化的 Syslog 狀態趨勢分析(最近 24 小時/最近 60 分鐘)。
* 以 Syslog 訊息暫存來確保高負載時訊息不流失。
* 選用的網域名稱移除功能提供來源主機 IP 位址 DNS 解析。
* 最多 100 筆 DNS 快取, 以確保 DNS 的快速解析。
* 最多 10 線程的主動式 DNS 解析。
* 內建五種面板,可以變更程式外觀。
* 可以選擇顯示字型、顯示色彩、背景圖片。
* 也可以開啟為 NT 服務。
* RFC3164 傳送及接收選項。
* 完善的說明。
* 免費版無時間限制。


付費版本的額外功能(除了免費版的功能之外,付費版提供更多的彈性):


增加了自動切割記錄檔選項:

* 主機名稱
* 主機 IP 位址
* 網域名稱
* 訊息文字 WELF 格式標籤


增加了過濾選項:

* 依 IP 位址、主機名稱、訊息文字過濾。
* 過濾不想要的主機訊息或依主機名稱作不同的記錄。
* 當訊息包含指定的關鍵字時,執行一個動作。

增加的動作:

* 強大的指令碼引擎,可以過濾、分析、自訂統計及執行動作。
* 記錄到 ODBC 資料庫 (Access/SQL/Oracle/MySQL/Informix 等)。
* 寫入記錄到 Windows NT 應用程式事件記錄。
* 當符合過濾條件時,可以播放指定的音效檔。
* 透過郵件轉寄接收的 Syslog 訊息。
* 當符合過濾條件時,傳送 Syslog 訊息到其他主機。
* 傳送 SNMP trap (Version 1 或 Version 2)。
* 當符合過濾條件時,執行指定的外部程式。
* 直接傳送數值給指定的外部程式,郵件訊息或 Syslog 訊息,例如:
- 訊息文字
- 訊息時間
- 訊息日期
- 主機名稱
- 設備
- 層級
- 警示觸發數值
- 目前 Syslog 統計數值


增加的緩衝儲存:

* 20000 個 Syslog 訊息暫存,確保高負載時不流失訊息。
* 1000 個電子郵件訊息暫存,確保高負載或郵件主機當機時不流失郵件訊息。
* DNS 快取可以支援最多 20000 筆資料。
* 最多 200 線程的主動式 DNS 解析。


增加的警示選項:

* 當達到警示條件時,播放指定的音效檔。
* 當達到警示條件時,執行指定的外部程式,可以是呼叫器或簡訊傳送程式。


付費版的好處(額外功能):

* 在管理及檢查 Kiwi Syslog Daemon 所產出的記錄檔上有更大的彈性,針對大型網路尤其詳盡,可提供大量的適時、適當狀態及事件資訊來用於網路管理,額外的自動分割記錄檔選項讓收集的訊息更容 易儲存成獨一無二的記錄檔,如此一來,便可以針對指定的設備、事件、狀態或其他項目產生報告。
* 額外的過濾選項讓後繼的動作控制更為強大、簡單。
* 大量的額外動作可以依據接收的訊息、過濾器、規則的結果自動啟動,特別是警示方法的增加,能夠更加符合行動商務的趨勢。
* 更大的緩衝能力,大幅增加了可以支援的網路規模,也因此提供了更可靠的高負載及防錯能力。
* 額外的警示選項。


其他好處:

* 優先 E-mail 支援,您的技術支援請求將優先於免費版用戶處理。
* 您的名字將出現於「Help→About」視窗,並顯示您已購買 Kiwi Syslog Daemon 完整版。
* 維護合約有效期間,無限制的免費版本升級。
----------------------------------------------------------------------------------
Kiwi Syslog Daemon receives syslog messages from network devices, and displays them in real-time. Actions can be performed on received messages and messages can be filtered by host name, host IP address, priority, message text or time of day.

Syslog messages can then be processed using events like:

* Display the message in the scrolling window
* Logging the message to a text file
* Forward the message to another syslog daemon
* Log to an ODBC database
* Log to the NT Application Event Log
* E-mail the message to someone via SMTP
* Triggering a sound alarm
* Running an external program
* Send an SNMP Trap message
* Page someone using NotePager Pro


Kiwi Syslog Daemon Features and Benefits

Kiwi Syslog Daemon is a freeware Syslog Daemon for Windows. It receives, logs, displays and forwards Syslog messages from hosts such as routers, switches, Unix hosts and any other syslog enabled device. There are many customisable options available.

Some of the features include:

* PIX firewall logging.
* LinkSys home firewall logging.
* SNMP Trap and TCP support.
* SNMP MIB parsing.
* Ability to filter - parse - modify messages and take actions via VBScript/JScript engine.
* A Service edition is available for use on Windows NT/2000/XP/2003.


Features of the Free version

* GUI based syslog manager
* Messages are displayed in real-time as they are received
* 10 virtual displays for organizing your messages
* Message logging or forwarding of all messages, or based on priority or time of day.
* Auto Split the log file by priority or time of day
* Receives messages via UDP, TCP or SNMP
* Forwards messages via UDP or TCP
* Automatic log file archiving based on a custom schedule
* Messages per hour alarm notification with audible sound or e-mail
* Log file size alarm notification with audible sound or e-mail
* Daily e-mailing of syslog traffic statistics
* Minimizes to the system tray
* Maintains source address when forwarding messages to other syslog hosts
* Syslog statistics with graph of syslog trends (Last 24 hrs/Last 60 mins.)
* Syslog message buffering ensuring messages are not missed under heavy load
* DNS resolution of source host IP addresses with optional domain removal
* DNS caching of up to 100 entries to ensure fast lookups and minimise DNS lookups
* Pre-emptive DNS lookup using up to 10 threads
* Comes with 5 cool skins to change the look of the program
* Selectable display font, display color, and background wallpaper
* Also available as an NT Service
* RFC3164 send and receive options
* Context based help
* Free for use for as long as you want


Additional features in the licensed version:
In addition to the features available in the freeware version, the registered version offers more flexibility:
Additional Auto Split log file options:

* Host name
* Host IP address
* Domain name
* WELF format tags in message text

Additional filtering options:

* Filter on IP Address, Hostname, or Message text.
* Filter out unwanted host messages or take a different logging action depending on the host name.
* Perform an action when a message contains specific keywords.

Additional actions:

* Powerful scripting engine for filtering, parsing, custom statistics and performing actions
* Log to an ODBC database. (Access/SQL/Oracle/MySQL/Informix etc)
* Write logs to the Windows NT application Event Log
* Play the sound file of your choice when the filter conditions are met.
* Forward the received Syslog messages via e-mail.
* Send a Syslog message to another host when the filter conditions are met.
* Send an SNMP trap (Version 1 or Version 2)
* Run an external program of your choice when the filter conditions are met.
* Pass values from the received Syslog message to an external program, e-mail message or Syslog message, such as:

* Message text
* Time of message
* Date of message
* Hostname
* Facility
* Level
* Alarm threshold values
* Current Syslog statistics

Additional buffering:

* A buffer for 20000 Syslog messages to ensure you don't miss messages under heavy load.
* A buffer for 1000 e-mail messages to ensure all e-mail gets through under heavy load or if the mail server is unavailable temporarily.
* The DNS cache will hold up to 20,000 entries.
* The DNS pre-emptive lookup can spawn up to 200 threads.

Additional alarm options:

* Play the sound file of your choice when an alarm condition is reached.
* Run an external program when an alarm condition is reached. This could be a pager or SMS program.

Benefits of the licensed versions' additional features:

* Greater flexibility in managing and inspecting log files produced by Kiwi Syslog Daemon. Particularly in larger networks, the ability to provide timely and relevant status and event information is of great value to the network manager. The additional Auto Split log file options support this ability by easy and natural segregation of incoming messages into unique log files. These can then be used to create reports on specific devices, events, conditions, or other items of specific interest to your organisation.
* Additional Filtering options for greater and simpler control of subsequent actions.
* A large number of additional actions that can be automatically initiated as a result of incoming messages, filters, and rules. In particular, the increase in notification methods meets the needs of an increasingly mobile business culture.
* A much larger buffering capacity. This increased capacity greatly increases the scale of the network that can be supported, as well as more reliably handling peak busy periods or message spikes.
* Additional alarm options.
* Priority e-mail support. Your support requests will be actioned before freeware users of the product.

Other benefits:

* Your support requests will be actioned before freeware users of the product.
* Your name will appear in the 'help about' window, showing you have purchased the full version of Kiwi Syslog Daemon.
* You will also get that warm fuzzy feeling, knowing you have supported the further development of the program. Unlimited updates during the period of your software maintenance plan.