APi endpoint for firewall traffic and flow logs

DevK
Here to help

APi endpoint for firewall traffic and flow logs

Hello Folks,

 

Earlier we were using syslog method to get logs from Meraki FW for monitoring. Few days back we moved to API method as with single API key we can monitor all meraki devices.
But, we are seeing log difference in syslog and API method.

 

In syslog we used to get all firewall logs like flows and url etc. However this is observed that we are not getting all similar logs using API.

 

Following are the endpoints we are querying to fetch logs:


  • /networks/{networkId}/events?productType=<productType>
    possible values for productType: wireless, appliance, switch, systemsManager, camera and cellularGateway
  • /networks/{networkId}/appliance/security/events (for MX security events)

Request you to confirm, above mentioned endpoints are the only endpoints where we get firewall traffic related and device flow logs for monitoring. Or is there any other endpoint which we are missing?

 

 

Thank you.

4 REPLIES 4
ww
Kind of a big deal
Kind of a big deal

Syslog is send realtime and not stored  in the cloud. So you will not get the same data from the api.

 

Afaik flows and urls are only possible to get from syslog

DevK
Here to help

Hello @ww 

 

Thank you for your response.

If flows and URLs are not available via APi, then this table in meraki documentation looks irrelevant. According to that device flows are supported via API as well. Screenshot 2022-04-19 at 5.16.29 PM.png

https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Meraki_Device_Repor...

LearningIsFun
Getting noticed

Similar to ww said - we went through this as well.

Only the messages seen in the event logs are pulled via that API call.

Specifically Flows (firewall messages) are only available via syslog.

This was confirmed by our SE a while back.

Thank you for your response @LearningIsFun .

Get notified when there are additional replies to this discussion.