Forum Discussion
Sentinel & Cisco Meraki?
David Caddick I had to do it for a customer and it worked just fine using the Syslog server.
Hi GaryBushey
can you please confirm the sentinel table in which you are getting Meraki events. It is like custom log or coming under syslog ?
- mperrottaMar 31, 2020Brass ContributorThey will show up under syslog.
- Dev_ChoudharyMar 31, 2020Brass Contributor
Hi mperrotta
Thanks for your reply. I did the same and event getting under syslog are not complete, they are truncating the events(by : in Rawdata).
Refer below details
Actual logs 1:
Mar 27 14:00:38 1.1.1.1 987654321.123456789 MerakiXXYY urls src=yy.yy.yy.yy:40206 dst=xxx.xxx.x.xx:443 mac=AA:AA:AA:BB:BB:BB request: UNKNOWN https://aaa.vbvbvb.com/...SyslogMessage 1:
40206 dst=xxx.xxx.x.xx:443 mac=AA:AA:AA:BB:BB:BB request: UNKNOWN https://aaa.vbvbvb.com/...Actual logs 2:
Mar 27 14:00:56 1.1.1.1 987654321.123456789 MerakiYYXX flows allow src=yy.yy.yy.yy dst=xxx.xxx.x.xx mac=FF:FF:FF:FF:FF:FF protocol=udp sport=60000 dport=1234SyslogMessage 2:
FF:FF:FF:FF:FF protocol=udp sport=60000 dport=1234have you observed same issue if not can you please help the method you followed.
Thanks in advance
- mperrottaMar 31, 2020Brass ContributorWe are seeing the same symptom as well. We currently have a support case open to look into this. If we find the solution, I will update you.