The Cisco Meraki device includes wireless, switches, security, EMM (enterprise mobility management), communications, and security cameras, all centrally managed from the web. Cisco Meraki can produce DHCP, firewall, VPN, and web proxy logs. All of these log types are supported in InsightIDR.
Before You Begin
Cisco Meraki products support the standard RFC 5424 syslog implementation, meaning that syslog messages will be sent unencrypted.
You can configure Meraki to store syslog messages on a server by following the directions here: https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Server_Overview_and_Configuration.
How to Configure This Event Source
- From your dashboard, select Data Collection on the left hand menu.
- When the Data Collection page appears, click the Setup Event Source dropdown and choose Add Event Source.
- From the “Security Data” section, click the DHCP icon. The “Add Event Source” panel appears.
- Choose your collector and event source. You can also name your event source if you want.
- Choose the timezone that matches the location of your event source logs.
- Optionally choose to send unfiltered logs.
- Configure any Advanced Event Source Settings.
- Configure inactivity timeout threshold in minutes.
- Select a collection method.
- Optionally choose to Encrypt the event source if choosing TCP by downloading the Rapid7 Certificate.
- Click Save.