Forum Discussion
Sentinel & Cisco Meraki?
David Caddick I had to do it for a customer and it worked just fine using the Syslog server.
Hi GaryBushey
can you please confirm the sentinel table in which you are getting Meraki events. It is like custom log or coming under syslog ?
- They will show up under syslog.
Hi mperrotta
Thanks for your reply. I did the same and event getting under syslog are not complete, they are truncating the events(by : in Rawdata).
Refer below details
Actual logs 1:
Mar 27 14:00:38 1.1.1.1 987654321.123456789 MerakiXXYY urls src=yy.yy.yy.yy:40206 dst=xxx.xxx.x.xx:443 mac=AA:AA:AA:BB:BB:BB request: UNKNOWN https://aaa.vbvbvb.com/...SyslogMessage 1:
40206 dst=xxx.xxx.x.xx:443 mac=AA:AA:AA:BB:BB:BB request: UNKNOWN https://aaa.vbvbvb.com/...Actual logs 2:
Mar 27 14:00:56 1.1.1.1 987654321.123456789 MerakiYYXX flows allow src=yy.yy.yy.yy dst=xxx.xxx.x.xx mac=FF:FF:FF:FF:FF:FF protocol=udp sport=60000 dport=1234SyslogMessage 2:
FF:FF:FF:FF:FF protocol=udp sport=60000 dport=1234have you observed same issue if not can you please help the method you followed.
Thanks in advance
- We are seeing the same symptom as well. We currently have a support case open to look into this. If we find the solution, I will update you.
