Configuring Cisco Meraki to forward events
Following are the steps to configure your Cisco Meraki device:
To configure Cisco Meraki device to forward syslog events, follow the below steps.
- You can forward syslog messages from Meraki MX security appliances, MR access points, and MS switches.
- Log into the Meraki dashboard.
- Go to Network-wide > Configure > General.
- Click Add a syslog server.
- Enter the forwarder IP address.
- Enter 11558 in the Port field.
- In the Roles field, select all logging roles, including (if applicable) Appliance Event Log, Switch Event Log, and Wireless Event Log.
- Click Save.
Now the configuration is completed, and logs will start ingesting into chronicle.
The following are the logs that Cisco sends to Chronicle.
<134>1 1688624159.974875708 Silver_Boca_FW01 ip_flow_start src=10.0.0.1 dst=0.0.0.0 protocol=tcp sport=59017 dport=443 translated_src_ip=192.168.1.1 translated_port=59017