Cisco Meraki Configuration On-Premises

  • Updated

    Configuring Cisco Meraki to forward events

    Following are the steps to configure your Cisco Meraki device:

    To configure Cisco Meraki device to forward syslog events, follow the below steps.

    • You can forward syslog messages from Meraki MX security appliances, MR access points, and MS switches.
    • Log into the Meraki dashboard.

    Picture5.png

    • Go to Network-wide > Configure > General.

    Picture6.png

      • Click Add a syslog server.
      • Enter the forwarder IP address.
      • Enter 11558 in the Port field.
      • In the Roles field, select all logging roles, including (if applicable) Appliance Event Log, Switch Event Log, and Wireless Event Log.

    Picture7.png

    • Click Save.
      Now the configuration is completed, and logs will start ingesting into chronicle.

    Sample Logs

    The following are the logs that Cisco sends to Chronicle.

    <134>1 1688624159.974875708 Silver_Boca_FW01 ip_flow_start src=10.0.0.1 dst=0.0.0.0 protocol=tcp sport=59017 dport=443 translated_src_ip=192.168.1.1 translated_port=59017

     

    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.