Forum Discussion
Sentinel & Cisco Meraki?
Hi GaryBushey
can you please confirm the sentinel table in which you are getting Meraki events. It is like custom log or coming under syslog ?
Hi mperrotta
Thanks for your reply. I did the same and event getting under syslog are not complete, they are truncating the events(by : in Rawdata).
Refer below details
Actual logs 1:
Mar 27 14:00:38 1.1.1.1 987654321.123456789 MerakiXXYY urls src=yy.yy.yy.yy:40206 dst=xxx.xxx.x.xx:443 mac=AA:AA:AA:BB:BB:BB request: UNKNOWN https://aaa.vbvbvb.com/...SyslogMessage 1:
40206 dst=xxx.xxx.x.xx:443 mac=AA:AA:AA:BB:BB:BB request: UNKNOWN https://aaa.vbvbvb.com/...Actual logs 2:
Mar 27 14:00:56 1.1.1.1 987654321.123456789 MerakiYYXX flows allow src=yy.yy.yy.yy dst=xxx.xxx.x.xx mac=FF:FF:FF:FF:FF:FF protocol=udp sport=60000 dport=1234SyslogMessage 2:
FF:FF:FF:FF:FF protocol=udp sport=60000 dport=1234have you observed same issue if not can you please help the method you followed.
Thanks in advance
