To do this, you'll need some information. Primarily, you'll need the location of the file(s) Kiwi writes the syslog messages to.
For this example, lets assume you have some Cisco devices and the KIwi rules put their events in C:\Program Files\Solarwinds\Kiwi\var\log\ciscoasa.log.
- In the LEM console, find the Agent on the Kiwi server (under Manage --> Nodes). Click the gear, go into Connectors on that node.
- Find the Cisco PIX and IOS connector in the list of Connectors. Click the gear and select NEW.
- There will be a log location field. Change that to the path of the log. In this example, you'd enter "C:\Program Files\Solarwinds\Kiwi\var\log\ciscoasa.log"
- Save and start the connector
You should start seeing events pretty quickly. You can apply the same logic to other vendors as well.
Pro Tip: Don't just have Kiwi dump every message from every device in one giant file. Break them out by vendor/device type to avoid conflicts for the LEM connectors like those listed here:
Table of Conflicting Devices
Ensure the devices in each of these groups are logging to distinct local facilities on your LEM appliance. For example, if a device in Group 1 is logging to local1, make sure a device in Group 2 is not also logging to that facility.
| Group | Devices |
|---|---|
| Group 1 | Cisco ASA Cisco IOS Cisco PIX |
| Group 2 | Cisco Catalyst (CatOS) |
| Group 3 | Cisco Wireless LAN Controller (WLC) |
| Group 4 | Dell PowerConnect |
I'd add that NXOS devices also cause conflicts if events go to the same files/places as other Cisco log messages.