Meraki

Community

Syslog server choice

Adrian4
Head in the Cloud
‎Nov 29 2023 2:15 AM
‎Nov 29 2023 2:15 AM

Syslog server choice

Hello,

I am looking at setting up a syslog server in AWS and it will most likely be going on a linux instance.

 

Does anyone have any recommendations for software? Ideally would like it to be free and as easy to setup as possible. 

(I am new to both Linux and setting up syslog servers.).

I see a lot of people use Kiwi but its only Windows. If that's really the best choice we can spin up a Windows instance but I'm told to try and avoid it 😛

Thanks!

0 Kudos
8 Replies 8
DarrenOC
Kind of a big deal
Kind of a big deal
‎Nov 29 2023 2:17 AM
‎Nov 29 2023 2:17 AM

unfortunately i've only used Kiwi for the free and easy piece and mainly for troubleshooting on the fly.  Spin it up, use the trial licence and then blow the instance away.  I've not seen a linux instance of a syslog server but i'm sure they exist.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
Adrian4
Head in the Cloud
‎Nov 29 2023 2:23 AM
‎Nov 29 2023 2:23 AM

also - I see in the list of features for many of the options, they state the max number of log sources.....for Meraki, would the logs all come from the Meraki cloud so to speak and seem as one source? or would each individual device count as a source?

0 Kudos
alemabrahao
Kind of a big deal
‎Nov 29 2023 2:28 AM
‎Nov 29 2023 2:28 AM

The dude syslog is a great option.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Brash
Kind of a big deal
Kind of a big deal
‎Nov 29 2023 3:29 AM
‎Nov 29 2023 3:29 AM

I've not had too much experience with free syslog servers but I've heard people liking Graylog

https://graylog.org/downloads/

Adrian4
Head in the Cloud
‎Nov 29 2023 6:30 AM
‎Nov 29 2023 6:30 AM

does anyone know the answer to this?

I see in the list of features for many of the options, they state the max number of log sources.....for Meraki, would the logs all come from the Meraki cloud so to speak and seem as one source? or would each individual device count as a source?

0 Kudos
In response to Adrian4
alemabrahao
Kind of a big deal
‎Nov 29 2023 6:38 AM
‎Nov 29 2023 6:38 AM

In the context of Cisco Meraki, each individual device such as MX Security Appliances, MR Access Points, and MS switches can be configured to send syslog messages to a syslog server. These devices generate different types of logs, including system logs, traffic logs, event logs, IDS alerts, URLs, and flows. Therefore, each device would count as a separate log source.

 

This might give the impression of a single source, but in reality, each device is a separate source of logs.

 

https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Server_Overv...

 

Please consult with your Cisco Meraki representative for the most accurate information as it can vary based on your specific network configuration.

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
Adrian4
Head in the Cloud
‎Nov 29 2023 7:45 AM
‎Nov 29 2023 7:45 AM

cheers

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 29 2023 11:56 AM
‎Nov 29 2023 11:56 AM

Meraki has a walk-through for doing this.
https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Server_Overv... 

 

syslog-ng is the modern version of the traditional syslog daemon for Linux.

li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.