Forum Discussion

Dean_Gross's avatar
Dean_Gross
Silver Contributor
Jan 05, 2022

Cisco Meraki Solution

When using the Cisco Meraki Solution, do we need to configure the Cisco Meraki connector and associated syslog export before installing the solution?
  • m_zorich's avatar
    m_zorich
    Iron Contributor
    Hey Dean, having a look through that connector you can do things in any order you want. It is just a function to parse syslog.

    You can forward syslog using the instructions provided in the data connector (which gets you to install the agent onto a linux vm, then send the Meraki syslog to the vm, the vm then sends it to Sentinel), or you can forward it up any number of other ways (using syslog-ng, or another kind of appliance you may already have). Then just install the function to your workspace - https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Parsers/CiscoMeraki/CiscoMeraki.txt

    You can install the function without having the logs there yet

    • Dean_Gross's avatar
      Dean_Gross
      Silver Contributor
      Thanks for the explanation, I think that this clarified something for me. I was under the impression that when I installed the Meraki solution from the content hub, that I would not need to also install the Meraki connector from the Data Connectors page but I think that both are required.
      The source of my confusion is the reuse of the phrase "data connector". The documentation for the solution uses this to mean a custom connector in a logic app, which is totally separate from the agent installation process described on the Cisco Meraki Data connector instructions page
      • m_zorich's avatar
        m_zorich
        Iron Contributor
        Yep you are 100% right, sometimes the data connectors are all encompassing and they will deploy whatever is needed for you (often an Azure function, or API connections or whatever else) and sometimes they are really just a guide on how to go and do it manually.

        The Meraki stuff is especially confusing, having gone and looked at the content hub listing they are basically totally different.

        Cisco Meraki Data Connector - connects to your devices themselves and retrieves syslog from them
        Cisco Meraki Solution on the Content Hub - connects to the Cisco Meraki web portal and retrieves information from there

Share

Resources