Meraki

Community

Sending SYSLOG messages for firewalls only

Solved
Kpederseniii
Conversationalist
Tuesday
Tuesday

Sending SYSLOG messages for firewalls only

Can you configure the Syslog settings to only send data for some devices in a network? Each of the sites I am working with have a pair of MX firewalls, a few switch stacks and a dozen or more AP's, however I am working on a firewall analysis project and can't figure out if you can send syslog for only select devices.

 

Best regards,
Karl

0 Kudos
1 Accepted Solution
michalc
Meraki Employee
Meraki Employee
Tuesday
Tuesday

Hi @KPenny23 , welcome to the Meraki Community! 😊

 

Please find the KB articles regarding the Syslog and Meraki:

Syslog Server Overview and Configuration

Syslog Event Types and Log Samples

Meraki Device Reporting - Syslog, SNMP, and API

 

The Meraki Dashboard doesn’t provide a built-in way to filter syslog data by device type or specific device at the point of configuration. 
 
I'd recommend to create separate Meraki networks containing only the MX firewalls you want to analyze. Move the relevant MX devices to those new network and configure syslog settings exclusively for that network. This way, only the MX firewalls will send syslog data, and the switches and APs in the original network won’t be included. Please see the Splitting Combined Networks KB.
 
Another recommendation is to configure syslog for the entire network as usual, then filter the incoming data on your syslog server to focus only on MX firewall logs. Most syslog servers (e.g., syslog-ng, rsyslog, Graylog) allow you to filter messages based on content, such as the device hostname, IP address, or message type (e.g., “flows” or “ids_alerts” specific to MX devices).
 
I hope this helps!

 

If you found this post helpful, please give it kudos. If it solved your problem, click "accept as solution" so that others can benefit from it.

View solution in original post

1 Reply 1
michalc
Meraki Employee
Meraki Employee
Tuesday
Tuesday

Hi @KPenny23 , welcome to the Meraki Community! 😊

 

Please find the KB articles regarding the Syslog and Meraki:

Syslog Server Overview and Configuration

Syslog Event Types and Log Samples

Meraki Device Reporting - Syslog, SNMP, and API

 

The Meraki Dashboard doesn’t provide a built-in way to filter syslog data by device type or specific device at the point of configuration. 
 
I'd recommend to create separate Meraki networks containing only the MX firewalls you want to analyze. Move the relevant MX devices to those new network and configure syslog settings exclusively for that network. This way, only the MX firewalls will send syslog data, and the switches and APs in the original network won’t be included. Please see the Splitting Combined Networks KB.
 
Another recommendation is to configure syslog for the entire network as usual, then filter the incoming data on your syslog server to focus only on MX firewall logs. Most syslog servers (e.g., syslog-ng, rsyslog, Graylog) allow you to filter messages based on content, such as the device hostname, IP address, or message type (e.g., “flows” or “ids_alerts” specific to MX devices).
 
I hope this helps!

 

If you found this post helpful, please give it kudos. If it solved your problem, click "accept as solution" so that others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.