I am having an issue with my Meraki Switch MX68W and getting the device to communicate with my Solarwind Kiwi Syslog Server.
My Meraki is set to the ip 192.168.128.1
My Kiwi is on IP address 192.168.128.34 running as a service on a windows 10 pro desktop with a static IP.
I have verified that my Kiwi is listening on UDP port 514 while my Meraki is broadcasting to 192.168.128.34 on UDP port 514, It is set to broadcast the roles : URLS, Security Events, and Appliance event Logs. I can see the Meraki is generating events when I look in event logs but my Kiwi is not receiving and Event Logs from the Meraki. There is no Firewall rule preventing information on Port 514 either.
Is there something I am missing to make this work?
Are you successfully receiving syslog messages from other devices?
Perhaps you can do a packet capture on the port the messages should be going out on to see if they're at least being sent.
I can confirm that my Meraki is sending Syslog packets from 192.168.128.1.42868 > 192.168.128.34.514.
I checked both the display and the log to file and The Kiwi does not seem to be receiving them.
I know you mentioned the not being any firewall rules blocking it, but what about any software based firewalls on the server itself? Have you checked those?
Also inside kiwi I remember vaguely you need to configure which sources you're interested in. Have you done that?
I specifically added into the software firewall and antivirus software an exception for port 514.
For Kiwi you do and don't have to specify the source you can specify the ip that the syslogs should be coming from but you can also set it to accept all traffic on that port.
Hmm so probably a Kiwi problem. Progress! Have a look through this: