Meraki

DevK · ‎Apr 19 2022

Hello Folks,

Earlier we were using syslog method to get logs from Meraki FW for monitoring. Few days back we moved to API method as with single API key we can monitor all meraki devices.
But, we are seeing log difference in syslog and API method.

In syslog we used to get all firewall logs like flows and url etc. However this is observed that we are not getting all similar logs using API.

Following are the endpoints we are querying to fetch logs:

/networks/{networkId}/events?productType=<productType>
possible values for productType: wireless, appliance, switch, systemsManager, camera and cellularGateway
/networks/{networkId}/appliance/security/events (for MX security events)

Request you to confirm, above mentioned endpoints are the only endpoints where we get firewall traffic related and device flow logs for monitoring. Or is there any other endpoint which we are missing?

Thank you.

ww · ‎Apr 19 2022

Syslog is send realtime and not stored in the cloud. So you will not get the same data from the api.

Afaik flows and urls are only possible to get from syslog

DevK · ‎Apr 19 2022

Hello @ww

Thank you for your response.

If flows and URLs are not available via APi, then this table in meraki documentation looks irrelevant. According to that device flows are supported via API as well.

https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Meraki_Device_Repor...

LearningIsFun · ‎Apr 19 2022

Similar to ww said - we went through this as well.

Only the messages seen in the event logs are pulled via that API call.

Specifically Flows (firewall messages) are only available via syslog.

This was confirmed by our SE a while back.

DevK · ‎Apr 19 2022

Thank you for your response @LearningIsFun .

Meraki

Community

APi endpoint for firewall traffic and flow logs

APi endpoint for firewall traffic and flow logs