Meraki

Community

Meraki Logs into Office 365 Cloud App Security

Solved
BRYANQ1234
Here to help
‎Mar 13 2018 9:19 AM
‎Mar 13 2018 9:19 AM

Meraki Logs into Office 365 Cloud App Security

I am trying to pull the Meraki logs into Microsoft's Cloud App Security dashboard. Does anyone have experience with this? Each time we have tried, we get the below error message. 

 

Failed
Parsing failed for all logs.
Event_log.csv
  •  Log format does not match the expected format for Meraki - URLs log.

 

Microsoft provides an example log but there is not much instruction past this. 

 

Here is the Microsoft Help Article...

https://support.office.com/en-us/article/Web-traffic-logs-and-data-sources-for-Office-365-Cloud-App-...

1 Accepted Solution
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Mar 13 2018 1:03 PM
‎Mar 13 2018 1:03 PM

According to the MS page you supplied it only supports Merakis URLs Log not the Event log that you are trying to import. You probably need to set it up as a Syslog connection and select URLs as the role.

 

https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Server_Over...

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

10 Replies 10
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Mar 13 2018 1:03 PM
‎Mar 13 2018 1:03 PM

According to the MS page you supplied it only supports Merakis URLs Log not the Event log that you are trying to import. You probably need to set it up as a Syslog connection and select URLs as the role.

 

https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Server_Over...

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to BlakeRichardson
BRYANQ1234
Here to help
‎Mar 19 2018 12:05 PM
‎Mar 19 2018 12:05 PM

Thank you, this worked for us! 

0 Kudos
In response to BRYANQ1234
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Mar 19 2018 12:26 PM
‎Mar 19 2018 12:26 PM

Excellent glad to hear it.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to BRYANQ1234
KarbonX1
Getting noticed
‎Mar 21 2018 3:33 PM
‎Mar 21 2018 3:33 PM

@BRYANQ1234Did you just send the syslogs to a receiver and then export, and manually import into CAS, or did you setup the log receiver VM/docker image to handle the syslog directly?

0 Kudos
In response to KarbonX1
BRYANQ1234
Here to help
‎Mar 27 2018 1:10 PM
‎Mar 27 2018 1:10 PM

@KarbonX1 So we setup an Linux VM on Azure and this is sending logs directly to CAS. Let me know if you have specific questions. I had to task one of our contractors to help with this but I can get further details if needed. 

 

thank you! 

0 Kudos
In response to BRYANQ1234
AlexT
New here
‎May 18 2018 4:14 AM
‎May 18 2018 4:14 AM

@BRYANQ1234 I was wondering if you could help out with a question i have. I have setup an VM Ubuntu with docker and linked it to the CAS but i am getting an error:

 

"Failed
Parsing failed for all logs.
  •  
     
    SyslogCatchAll-2018-04-23.txt
     
    Log format does not match the expected format for Meraki - URLs log."
     
 Did you do anything special on the VM to make the logformat work with CAS
 
 
Thank you!
/Alex
0 Kudos
In response to BlakeRichardson
NoorA
New here
‎Dec 23 2018 3:37 AM
‎Dec 23 2018 3:37 AM

Hello, I have a clarification question, can office 365 cas receive and analyze Meraki logs directly or it must be a manual export import? 

Thank you

0 Kudos
In response to NoorA
Dartanian14
Comes here often
‎Feb 7 2020 11:06 AM
‎Feb 7 2020 11:06 AM

Has anyone come up with an easy method for this? I have a robust analyzer but no run of the mill syslogger. 

0 Kudos
In response to Dartanian14
wskidmore
Comes here often
‎Feb 7 2020 4:26 PM
‎Feb 7 2020 4:26 PM

The current implementation only accepts url logs as stated above.  You will have to deploy a Cloud Discovery server on-prem or in Azure.  Once completed you forward your logs to this server on UDP 514 and the logs will start flowing into your Cloud App Security Portal.

 

https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery

0 Kudos
Dartanian14
Comes here often
‎Mar 16 2020 12:11 PM
‎Mar 16 2020 12:11 PM

So we got this up and running with an on-prem Ubuntu 18.04. Its pushing logs in but it's not telling us much. It is just a bunch of IP addresses in the dashboard with no real meat -- which I kind of expected because it's only URL logs. Anyone else have experience with this? Is this what you are experiencing as well?

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.