Forum Discussion
Field Extraction for Cisco Meraki
Hi everyone! I was having some issues with integrating Cisco Meraki for a customer. I did some google-fu and found an answer here. I now have an rsyslogd setup going to a unique meraki.log and th...
I just reviewed this and have a need to review how to get Cisco Meraki implemented into Azure Sentinel. I do not have any logs from a Meraki device to run this against but wanted to confirm if you got this worked as a saved function for parsing?
In my research, there are others that said using SYSLOG-NG over RSYSLOG was a better option and wasn't sure if you have anything to mention about that?
Thank you
I have no preference between rsyslog vs syslogng. All the customers I've worked with recently have had Linux distributions where rsyslog was the default so we went along with that.
As far as a saved function goes, this is what I used for 2 or 3 different customers after writing it for the first customer. Note that since I originally did this work there seems to be more work completed by the MSFT team for Meraki (at least in terms of workbooks.) There may be work on this which is more recent.
As far as a saved function goes, this is what I used for 2 or 3 different customers after writing it for the first customer. Note that since I originally did this work there seems to be more work completed by the MSFT team for Meraki (at least in terms of workbooks.) There may be work on this which is more recent.
I did not think so with rsyslog or syslog-ng and thank you for the update. From what I was able to see today, here are the options that are available when looking into logs:
CiscoMeraki -- does not display any logs
CiscoMerakiFIW -- does display logsSo it would appear you are correct that MSFT team has made some changes with regards to this data connector, which is still in preview.When I tried your query about, it did not accept RawData. I do appreciate that you found a way to do this before the changes did get made.
Thank you