cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Syslog Server - Event Logs

Highlighted
Here to help

Syslog Server - Event Logs

Hello,

 

I am having an issue with my Meraki Switch MX68W and getting the device to communicate with my Solarwind Kiwi Syslog Server.

 

My Meraki is set to the ip 192.168.128.1

My Kiwi is on IP address 192.168.128.34 running as a service on a windows 10 pro desktop with a static IP.

 

I have verified that my Kiwi is listening on UDP port 514 while my Meraki is broadcasting to 192.168.128.34 on UDP port 514, It is set to broadcast the roles : URLS, Security Events, and Appliance event Logs. I can see the Meraki is generating events when I look in event logs but my Kiwi is not receiving and Event Logs from the Meraki. There is no Firewall rule preventing information on Port 514 either. 

 

Is there something I am missing to make this work?

10 REPLIES 10
Highlighted
Kind of a big deal

Re: Syslog Server - Event Logs

Are you successfully receiving syslog messages from other devices?

 

Perhaps you can do a packet capture on the port the messages should be going out on to see if they're at least being sent.

Highlighted
Here to help

Re: Syslog Server - Event Logs

I can confirm that my Meraki is sending Syslog packets from 192.168.128.1.42868 > 192.168.128.34.514.

 

I checked both the display and the log to file and The Kiwi does not seem to be receiving them.

Highlighted
Kind of a big deal

Re: Syslog Server - Event Logs

I know you mentioned the not being any firewall rules blocking it, but what about any software based firewalls on the server itself? Have you checked those?

 

Also inside kiwi I remember vaguely you need to configure which sources you're interested in. Have you done that?

Highlighted
Here to help

Re: Syslog Server - Event Logs

I specifically added into the software firewall and antivirus software an exception for port 514. 

 

For Kiwi you do and don't have to specify the source you can specify the ip that the syslogs should be coming from but you can also set it to accept all traffic on that port.

Highlighted
Kind of a big deal

Re: Syslog Server - Event Logs

Okay. What about a packet capture on the server? Do you see the packets arrive there?

Highlighted
Here to help

Re: Syslog Server - Event Logs

Yes I just ran Wireshark the server is indeed receiving packets on port 514. 

 

Highlighted
Kind of a big deal

Re: Syslog Server - Event Logs

Hmm so probably a Kiwi problem. Progress! Have a look through this:

https://documentation.solarwinds.com/en/Success_Center/KSS/Content/KSS_GSG_troubleshooting.htm

Highlighted
Here to help

Re: Syslog Server - Event Logs

Ive read through all the self help documents nothing I did helped.

Highlighted
Here to help

Re: Syslog Server - Event Logs

Since there was solution found for Kiwi I went for another system which works thank you for all your help

Highlighted
Kind of a big deal

Re: Syslog Server - Event Logs

You're welcome. I wonder what went wrong. I may install it myself and give it a try.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.