Meraki

Community

Anyone forwarding MX syslogs to logstash or ELK?

Solved
cmiarshvac
Getting noticed
‎Dec 31 2018 2:56 PM
‎Dec 31 2018 2:56 PM

Anyone forwarding MX syslogs to logstash or ELK?

Just seeing if anyone if forwarding their MX logs to Logstash ->Elastic.  I am looking at writing the filters for MX logs but I don't want to reinvent the wheel.  Did a quick google/github search and didn't see anything obvious. 

 

I am just playing with the SOF-ELK VM ( https://github.com/philhagen/sof-elk ) and it doesn't parse the Host name or other message date with an available filter. Thoughts are welcomed on any experience on this topic.

Labels:
1 Accepted Solution
Dain
Conversationalist
‎Jan 3 2019 9:45 AM
‎Jan 3 2019 9:45 AM

I had previously used some of the following to get the messages from MX / MS parsed (took some tweaking) but I was using logstash to pump log into another app... might be easier going to Elastic (I'm actually about to go thru the process again for a lab - will post on github if you are interested)

 

https://ioshark.net/logstash-from-scratch-parsing-cisco-meraki-logs-70b8e91c0c68

https://github.com/cs3gallery/meraki_logstash

https://github.com/siemonster/logstash/blob/master/40-cisco-meraki-filter.conf

 

theres also a Meraki Beats docker app that hits the API - docker pull ciscodevnet/merakibeat

 

/d

View solution in original post

3 Replies 3
Dain
Conversationalist
‎Jan 3 2019 9:45 AM
‎Jan 3 2019 9:45 AM

I had previously used some of the following to get the messages from MX / MS parsed (took some tweaking) but I was using logstash to pump log into another app... might be easier going to Elastic (I'm actually about to go thru the process again for a lab - will post on github if you are interested)

 

https://ioshark.net/logstash-from-scratch-parsing-cisco-meraki-logs-70b8e91c0c68

https://github.com/cs3gallery/meraki_logstash

https://github.com/siemonster/logstash/blob/master/40-cisco-meraki-filter.conf

 

theres also a Meraki Beats docker app that hits the API - docker pull ciscodevnet/merakibeat

 

/d

In response to Dain
cmiarshvac
Getting noticed
‎Jan 3 2019 10:15 AM
‎Jan 3 2019 10:15 AM

Dain,

 

Thank you. These are exactly the type of resources I was looking for.  I appreciate the help.  Keep me posted on your progress for your lab setup, I am always looking to contribute if would like help.

 

Chad

 

This is me on github:

https://github.com/chadmando

0 Kudos
In response to Dain
itguy009
Comes here often
‎Oct 29 2020 8:07 AM
‎Oct 29 2020 8:07 AM

@Dain Did you end up going back through this and shipping directly to Elastic?

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.