How to Migrate from Kiwi Syslog Server to WinSyslog

Migrating from Kiwi Syslog Server to WinSyslog is straightforward once you understand the key differences in configuration approach. This guide walks you through the process step by step.

Understanding the Differences

Kiwi Syslog Server uses a filter-based approach to process syslog messages, while WinSyslog uses a more flexible rule-based processing system. Here’s how they compare:

Terminology Mapping

Key Architectural Differences

Kiwi Syslog Server:

• Filter-based message processing
• Actions tied to filters
• GUI-driven configuration

WinSyslog:

• Rule-based processing with conditions
• Unlimited rules and actions
• Rule-based configuration with GUI client
• Multiple independent server instances supported

Migration Steps

Step 1: Document Your Current Configuration

Before beginning migration, document your existing Kiwi Syslog Server setup:

• Export or screenshot all filters and their conditions
• Note all actions (database destinations, email alerts, file logging)
• Document database connection details
• List all custom fields and formatting
• Record port configurations (typically UDP 514)
• Note any SNMP trap configurations

Step 2: Install WinSyslog

1. Download WinSyslog from winsyslog.com/download
2. Run the installer
3. During installation, choose to install:
   • WinSyslog Service (required)
   • WinSyslog Configuration Client (required for configuration)
   • Interactive Syslog Server (optional, for real-time viewing)
4. Complete the installation wizard

Step 3: Configure Syslog Server Instance

1. Open the WinSyslog Configuration Client
2. Create a new Syslog Server instance:
   • Go to “Services” section
   • Click “Add Service”
   • Select “Syslog Server”
3. Configure listening parameters:
   • Set UDP port (typically 514)
   • Enable TCP if needed
   • Configure TLS for secure transport (if required)
4. Bind to appropriate network interfaces

Step 4: Create Rules for Message Processing

For each Kiwi Syslog filter, create a corresponding WinSyslog rule:

1. In the Rules section, click “Add Rule”
2. Set rule conditions based on your Kiwi filter criteria:
   • Match messages by priority
   • Match by message content
   • Match by source IP/hostname
   • Combine multiple conditions
3. Set rule name (use descriptive names like “Critical Messages” or “Firewall Logs”)

Step 5: Configure Actions

Based on your Kiwi Syslog actions, configure WinSyslog actions:

Database Actions

If you log to a database in Kiwi:

1. Add “Write to Database” action to your rule
2. Configure ODBC connection:
   • Select database provider
   • Enter connection string or DSN
   • Test connection
3. Map fields to database columns
4. Configure table creation if needed

File Logging Actions

If you log to files in Kiwi:

1. Add “Write to File” action
2. Configure file location and naming pattern
3. Set rotation policies
4. Configure archive settings

Email Alert Actions

If you send email alerts in Kiwi:

1. Add “Forward via Email” action
2. Configure SMTP settings:
   • SMTP server address
   • Port and authentication
   • From/To addresses
3. Customize email template
4. Set conditions for when to send

Forward Actions

If you forward messages in Kiwi:

1. Add “Forward via Syslog” action
2. Configure destination syslog server
3. Set forwarding protocol (UDP/TCP/TLS)
4. Configure message transformation if needed

Step 6: Test the Configuration

Before going live, thoroughly test your migrated configuration:

1. Send test syslog messages to the server
2. Verify messages are received correctly
3. Check database entries (if applicable)
4. Verify log files are created correctly
5. Test email alerts
6. Verify forwarding (if configured)
7. Check Windows Event Log integration (if used)

Configuration Mapping Examples

Example 1: Critical Message Alert

Kiwi Syslog Server:

• Filter: Priority >= Emergency
• Action: Send Email Alert

WinSyslog:

• Rule Condition: SyslogPriority <= 3 (Emergency/Critical)
• Action: Forward via Email
• Action: Write to Database

Example 2: Database Logging

Kiwi Syslog Server:

• Filter: All Messages
• Action: Log to SQL Server Database

WinSyslog:

• Rule Condition: Match all (no specific condition)
• Action: Write to Database
• Configure ODBC connection to SQL Server
• Map all syslog fields to database columns

Example 3: File Archival

Kiwi Syslog Server:

• Filter: All Messages
• Action: Write to Daily Log File

WinSyslog:

• Rule Condition: Match all
• Action: Write to File
• Configure filename pattern with date variables
• Set rotation to daily

Key Advantages in WinSyslog

Migrating to WinSyslog provides several benefits:

• Multiple Instances: Unlike Kiwi, WinSyslog can run multiple independent syslog servers on the same machine
• Flexible Rules: Create complex rules with multiple conditions and actions
• Better Database Support: Any ODBC-compliant database (not limited to SQL Server and MySQL)
• Enhanced Performance: Proven handling of high message volumes
• Standards Compliance: Full RFC 3164 and RFC 5424 support
• Better Integration: Seamless integration with rsyslog for cross-platform logging

Troubleshooting Tips

If you encounter issues during migration:

1. Check Service Status: Ensure WinSyslog service is running
2. Verify Port Access: Confirm port 514 is not blocked by firewall
3. Review Error Logs: Check Windows Event Log for WinSyslog service errors
4. Test Database Connection: Use ODBC Test tool before configuring database action
5. Message Format Issues: Verify message format matches expected RFC standards
6. Rule Conflicts: Ensure rule order is correct (rules are processed top to bottom)

Getting Help

If you need assistance during migration:

• Contact WinSyslog support via the Support Portal
• Response time: 1-2 business days (often same day during German office hours)
• Reference the WinSyslog documentation
• Check the FAQ section for common issues

Related Articles

• What are the key differences between Kiwi Syslog Server and WinSyslog?
• Configuration & Setup Documentation
• WinSyslog Manual

Note: This migration guide is based on Kiwi Syslog Server (Legacy) version 9.8.3. If you’re using Kiwi Syslog Server NG, some configuration details may differ.