Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security Events timeframe

Solved
CBurkhead
Building a reputation
‎Mar 12 2020 9:42 AM
‎Mar 12 2020 9:42 AM

Security Events timeframe

I am trying to pull security events for the past 6 months for a customer. I am using  GET /networks/{networkId}/securityEvents and am specifying the timespan to be 183*86400 seconds. The documentation says that the default timespan is 31 days and you can go back as far as 365 days.

 

However, I am only getting data as far back as 2/5/20. If I remove the timespan parameter, I get the same time period. Has anyone tried to get data more than about a month old for security events? Based on my data today, it looks like the maximum you can get is about 35 days.

Labels:
0 Kudos
Subscribe
1 Accepted Solution
BrechtSchamp
Kind of a big deal
‎Mar 12 2020 10:09 AM
‎Mar 12 2020 10:09 AM

I'm not sure if the information in those docs is correct. Aaron Willette once wrote a blog post about the retention times and it reported the retention for security events to be about 1 month.

 

Source: https://www.willette.works/meraki-event-logs/

 

Maybe @CameronMoody can comment on that, I don't think I've seen an official doc about the retentions.

 

Also, you may want to check out the Network-Wide > General page to make sure that you don't have a limit set there either (you may not have that setting if you're not in Europe):

image.png

 

View solution in original post

Subscribe
3 Replies 3
BrechtSchamp
Kind of a big deal
‎Mar 12 2020 10:09 AM
‎Mar 12 2020 10:09 AM

I'm not sure if the information in those docs is correct. Aaron Willette once wrote a blog post about the retention times and it reported the retention for security events to be about 1 month.

 

Source: https://www.willette.works/meraki-event-logs/

 

Maybe @CameronMoody can comment on that, I don't think I've seen an official doc about the retentions.

 

Also, you may want to check out the Network-Wide > General page to make sure that you don't have a limit set there either (you may not have that setting if you're not in Europe):

image.png

 

Subscribe
In response to BrechtSchamp
CBurkhead
Building a reputation
‎Mar 12 2020 10:16 AM
‎Mar 12 2020 10:16 AM

Checked for the privacy setting and I don't have it. Since I am in the US, it does not sound like I should.

 

Thanks for the link regarding the security log retention. I will check that out. Based on my own testing, it looks like the maximum number of days I can go back is about 36.

 

Thanks for the quick response, @BrechtSchamp!

Subscribe
In response to CBurkhead
BrechtSchamp
Kind of a big deal
‎Mar 12 2020 10:27 AM
‎Mar 12 2020 10:27 AM

With pleasure.

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.