How do I configure remote syslog logging for a Cisco Meraki Device

This article will describe the steps required to configure Cisco Meraki to send syslog messages to the RocketAgent Syslog Server

To configure Cisco Meraki to send log data to RocketCyber Firewall Analyzer,

  1. Open your Meraki dashboard.
  2. Select a device.
  3. Select Alerts & Administration.
  4. Scroll down to the Reporting section
    syslog servers meraki
  5. Click Add a syslog server.
  6. Type the IP address of your RocketAgent Syslog Server in the Server IP field
  7. Type port number 514 in the Port field.
  8. Choose which types of events to send in the Roles box, we require the following roles:
    1. Event Log —The messages from the dashboard under Monitor > Event Log.
    2. Flows — Inbound and outbound traffic flow-generated syslog messages that include the source, destination, and port numbers.
    3. URL— HTTP GET requests generating syslog entries.
    4. IDS Alerts - Sends messages related to IDS detections

       The following roles are recommended:

    1. Security Event - Sends messages related to general security events
    2. Security Filtering File Scanned - Sends messages related to file scans
    3. Security Filtering Disposition Change - Sends messages related to file scan results

When the Flows role is enabled on an MX security appliance, logging for individual firewall rules can be enabled/disabled on the Security appliance > Configure > Firewall page, under the Logging column: