Meraki

Community

Meraki logging by severity to SIEM

Juha_S
New here
2 weeks ago
2 weeks ago

Meraki logging by severity to SIEM

Hi,

 

I would like to ask whether it is possible to raise or extend the log severity level on Meraki MS120 series switches in order to create alert profiles in our SIEM system based on severity levels. At the moment, the switches only appear to log events at the “Information” level. 

 

If increasing the log level is not supported, is it possible to utilize the predefined alert profiles available on the Meraki side and integrate those with our SIEM system?

 

We are trying to setup syslog function for ManageEngine360 siem.

 

Thank you!

Labels:
0 Kudos
1 Reply 1
alemabrahao
Kind of a big deal
2 weeks ago
2 weeks ago

Hi,

Unfortunately, MS120 switches do not support customization of syslog severity levels. They only send Event Log messages, and these are typically logged at the “Informational” level.

 

Syslog Server Overview and Configuration - Cisco Meraki Documentation

 

The Dashboard allows you to configure alert profiles for various events (e.g., port down, switch offline, high CPU).
And you can send these alerts via email or webhook. You can then integrate these alerts with your SIEM, either by forwarding alert emails to a monitored mailbox that your SIEM ingests, or by using webhooks to send alerts to a custom endpoint that your SIEM can analyze.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.