How to Integrate Kiwi Syslog Web Access with Active Directory
When you are using SolarWinds Kiwi Syslog in a multi-user environment it’s beneficial to use the Active Directory integration for creating user accounts. This way you can control who has access to the Kiwi Syslog Web Access interface through AD rather than trying to keep track of multiple local user accounts.
The AD integration in Kiwi uses LDAP over tcp port 389 to connect to a domain controller and search for a security group and inspect its member.
When a member of that group signs in using their domain credentials it creates a local user in the web client with a synchronized password to their AD account.
The setup for this is super simple.
Prerequisites for Kiwi Syslog Web Active Directory Integration:
The server or workstation that Kiwi Syslog is installed on must be joined to the domain you wish to use for creating user accounts.
Steps for Setting Up the Active Directory Settings in Kiwi Syslog Web Access
- Create a security group in Active Directory to use for controlling authentication to Kiwi Syslog (e.g. KiwiSyslogUsers).
- Add the user accounts to the above created security groups that you wish to be able to log into Kiwi Syslog Web Client.
- Open Kiwi Syslog Web Access in your browser of choice using the Administrator account you created at install and navigate to Admin -> Active Directory Settings
- Enter the Domain URL (LDAP url or FQDN of a Domain Controller) of your Active Directory environment:
ldap://DomainController1:389/ou=Groups ,dc=npgdom,dc=com
Or
DomainController1.npgdom.com - Leave the Authentication Type blank to default to Secure. Change if you use a different Authentication Type for LDAP. If you don’t know, leave it blank.
- Enter the name of the security group you created in Step 1 in the User Groups field. You can use multiple user groups by separating them with a semi-colon.
- Click Save AD Settings.
- Edit the Windows firewall of the Domain Controller you chose in Step 4 to allow TCP 389 in from the server or workstation that is running the Kiwi Syslog software.
- Edit any firewalls in between the Domain Controller you chose and the workstation or server that is running Kiwi Syslog to allow TCP 389 in to the Domain Controller you chose from the workstation or server running Kiwi.
Testing Logging into Kiwi Syslog Web Access with a Domain Account
- Navigate to the login url of your Kiwi Syslog server. In my case it’s http://VMKIWI:8088.
- Log in using domain\username of an account that is a member of your KiwiSyslogAccess group (e.g. npgdom\thedude or npgdom\thedudet).
- **NOTE** A message will appear telling you to log in again. It’s easy to miss because it looks like an authentication failure message. Log in again to actually log in. The first log in attempt created the local account within Kiwi Syslog. The second actually logs in.
- Gaze in wonder at your successful log in.
I’d like to make a note here that the AD integration seems to only support Standard Users. I could not figure out how to get Kiwi to create a web user with the Administrators role or how to edit a user created through the AD integration to be a member of the Administrators role.
You’ll just have to resort to administrating the software using the software’s local admin account and using the software with domain accounts.
I did find the following quote on the SolarWinds Thwack forums for an older version that stated:
“If you want to setup a domain user account as an administrator, you can do so by going into the account maintenance, click add new account, set the username as domain\username, put in a temporary password, and apply the administrator role. Once that is setup, the domain user can login as domain\username as an administrator.“
I didn’t have luck with this but you might. I was content with how it was working for me at this point and didn’t see the need to fiddle with it anymore.
Finally, keep an eye out on the Kiwi Syslog NG (Next Generation) Beta. It seems SW is currently overhauling and modernizing Kiwi Syslog which is sorely needed.
It is still not logging.
Not logging syslogs or not logging in? Either way, check firewalls and check logs on the machine to look for any error messages or dropped/missing packets. As for logging in with AD credentials, the settings in this tutorial definitely work up to the current version. Usually, it’s a configuration issue with the domain/dc/gp, device sending the logs, or a firewall/router between. If you could do some more troubleshooting and collecting of information we can dig further to find the issue.