Cisco Meraki

Overview

The Cisco Meraki device includes wireless, switches, security, EMM (enterprise mobility management), communications, and security cameras, all centrally managed from the web. Cisco Meraki can produce DHCP, firewall, VPN, and web proxy logs. All of these log types are supported in InsightOps.

Before You Begin

Cisco Meraki products support the standard RFC 5424 syslog implementation, meaning that syslog messages will be sent unencrypted.

You can configure Meraki to store syslog messages on a server by following the directions from their documentation.

Once Meraki logs are stored on a log aggregator or SIEM of your choice, you can utilize the Log Aggregator collection method to ingest those logs into InsightOps, using TCP to encrypt the messages.

How to Configure This Event Source

  1. From your dashboard, select Data Collection on the left hand menu
  2. At the top right of the page, select Add Data
  3. Select the DHCP icon from the Security Data section
  4. Select your collector, and optionally name your event source
  5. From the list of event source options, choose Cisco Meraki
  6. Choose a timezone, or optionally choose a US timezone
  7. Optionally choose to send unfiltered logs
  8. Choose configurations for the advanced settings
  9. Select either Listen for Syslog or Log Aggregator; both require that you specify a port and a protocol.
    • Optionally choose to Encrypt the event source if choosing TCP
  10. Optionally choose for Cisco Meraki to send Firewall and VPN data to InsightOps.

Advanced Event Source Settings

Inactivity Timeout Threshold: specify in minutes how long the event source should be active before it enters an error state. Active Failover Partner: If you have two DHCP servers configured in an active/passive relationship, optionally specify the active partner.