Security Events timeframe

Solved
CBurkhead
Building a reputation

Security Events timeframe

I am trying to pull security events for the past 6 months for a customer. I am using  GET /networks/{networkId}/securityEvents and am specifying the timespan to be 183*86400 seconds. The documentation says that the default timespan is 31 days and you can go back as far as 365 days.

 

However, I am only getting data as far back as 2/5/20. If I remove the timespan parameter, I get the same time period. Has anyone tried to get data more than about a month old for security events? Based on my data today, it looks like the maximum you can get is about 35 days.

1 Accepted Solution
BrechtSchamp
Kind of a big deal

I'm not sure if the information in those docs is correct. Aaron Willette once wrote a blog post about the retention times and it reported the retention for security events to be about 1 month.

 

Source: https://www.willette.works/meraki-event-logs/

 

Maybe @CameronMoody can comment on that, I don't think I've seen an official doc about the retentions.

 

Also, you may want to check out the Network-Wide > General page to make sure that you don't have a limit set there either (you may not have that setting if you're not in Europe):

image.png

 

View solution in original post

3 Replies 3
BrechtSchamp
Kind of a big deal

I'm not sure if the information in those docs is correct. Aaron Willette once wrote a blog post about the retention times and it reported the retention for security events to be about 1 month.

 

Source: https://www.willette.works/meraki-event-logs/

 

Maybe @CameronMoody can comment on that, I don't think I've seen an official doc about the retentions.

 

Also, you may want to check out the Network-Wide > General page to make sure that you don't have a limit set there either (you may not have that setting if you're not in Europe):

image.png

 

CBurkhead
Building a reputation

Checked for the privacy setting and I don't have it. Since I am in the US, it does not sound like I should.

 

Thanks for the link regarding the security log retention. I will check that out. Based on my own testing, it looks like the maximum number of days I can go back is about 36.

 

Thanks for the quick response, @BrechtSchamp!

BrechtSchamp
Kind of a big deal

With pleasure.

Get notified when there are additional replies to this discussion.