Forum Discussion
Field Extraction for Cisco Meraki
Hi everyone! I was having some issues with integrating Cisco Meraki for a customer. I did some google-fu and found an answer here. I now have an rsyslogd setup going to a unique meraki.log and th...
I just reviewed this and have a need to review how to get Cisco Meraki implemented into Azure Sentinel. I do not have any logs from a Meraki device to run this against but wanted to confirm if you got this worked as a saved function for parsing?
In my research, there are others that said using SYSLOG-NG over RSYSLOG was a better option and wasn't sure if you have anything to mention about that?
Thank you
I have no preference between rsyslog vs syslogng. All the customers I've worked with recently have had Linux distributions where rsyslog was the default so we went along with that.
As far as a saved function goes, this is what I used for 2 or 3 different customers after writing it for the first customer. Note that since I originally did this work there seems to be more work completed by the MSFT team for Meraki (at least in terms of workbooks.) There may be work on this which is more recent.
As far as a saved function goes, this is what I used for 2 or 3 different customers after writing it for the first customer. Note that since I originally did this work there seems to be more work completed by the MSFT team for Meraki (at least in terms of workbooks.) There may be work on this which is more recent.