Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Cisco Meraki Solution

Silver Contributor
When using the Cisco Meraki Solution, do we need to configure the Cisco Meraki connector and associated syslog export before installing the solution?
3 Replies
Hey Dean, having a look through that connector you can do things in any order you want. It is just a function to parse syslog.

You can forward syslog using the instructions provided in the data connector (which gets you to install the agent onto a linux vm, then send the Meraki syslog to the vm, the vm then sends it to Sentinel), or you can forward it up any number of other ways (using syslog-ng, or another kind of appliance you may already have). Then just install the function to your workspace - https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Parsers/CiscoMeraki/CiscoMeraki.txt

You can install the function without having the logs there yet

Thanks for the explanation, I think that this clarified something for me. I was under the impression that when I installed the Meraki solution from the content hub, that I would not need to also install the Meraki connector from the Data Connectors page but I think that both are required.
The source of my confusion is the reuse of the phrase "data connector". The documentation for the solution uses this to mean a custom connector in a logic app, which is totally separate from the agent installation process described on the Cisco Meraki Data connector instructions page
Yep you are 100% right, sometimes the data connectors are all encompassing and they will deploy whatever is needed for you (often an Azure function, or API connections or whatever else) and sometimes they are really just a guide on how to go and do it manually.

The Meraki stuff is especially confusing, having gone and looked at the content hub listing they are basically totally different.

Cisco Meraki Data Connector - connects to your devices themselves and retrieves syslog from them
Cisco Meraki Solution on the Content Hub - connects to the Cisco Meraki web portal and retrieves information from there