Meraki

Community

Syslog Configuration

ruchi
Conversationalist
‎Oct 6 2025 11:04 AM
‎Oct 6 2025 11:04 AM

Syslog Configuration

Hi everyone, I'm new to Cisco Meraki and currently working with several Meraki network devices. I've observed that log collection within the Meraki dashboard is inconsistent. Specifically, during periods of high event activity, Meraki reports that too many events occurred in a short span, resulting in incomplete log capture.

We’ve ruled out any underlying network issues, so I’m exploring the option of integrating a dedicated syslog server to ensure reliable and complete log collection.

I’d appreciate insights on the following:

  • Is it better to use an on-premises or cloud-based syslog server for Meraki log collection?
  • What are the pros and cons of each approach?
  • What syslog solutions are others using in their environments (e.g., Syslog-ng, Graylog, Splunk, LogRhythm, ELK Stack, etc.)?
  • If cloud-based, which providers are recommended (e.g., Splunk Cloud, Logz.io, Datadog, Papertrail, etc.)?

My primary goal is to resolve the issue of incomplete log collection from Meraki devices.
If I choose cloud based, what complication i can encounter?

0 Kudos
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 6 2025 11:13 AM
‎Oct 6 2025 11:13 AM

If security and compliance are top priorities, consider on-premises or hybrid. If scalability and ease of access are more important, go cloud-based.
For Meraki-specific environments, Boundless Logs and V-App Syslog Cloud Collector are excellent cloud-native choices.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
ruchi
Conversationalist
‎Oct 6 2025 12:58 PM
‎Oct 6 2025 12:58 PM

I believe adopting a cloud-based syslog solution aligns well with the shared responsibility model of security, which could be a viable approach for our environment. However, I’m currently evaluating whether compliance requirements can be fully addressed through cloud-native tools, or if certain aspects still necessitate an on-premises setup.

Additionally, if we proceed with a cloud-based syslog, I anticipate the need for a secure log forwarder to ensure integrity and confidentiality during log transmission. This raises some questions around the best architectural approach to balance compliance, security, and operational efficiency.

Please let me know if my understanding is off in any way, and I’d appreciate any insights or recommendations on best practices for implementing a compliant and secure cloud-based logging solution.

0 Kudos
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Oct 6 2025 12:14 PM
‎Oct 6 2025 12:14 PM

How big is your organisation?, KiwiSyslog NG might work depending on the size of your Org. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to BlakeRichardson
ruchi
Conversationalist
‎Oct 6 2025 12:40 PM
‎Oct 6 2025 12:40 PM

we are a medical company with around 500 employees but we have different location all over USA. 

0 Kudos
cmr
Kind of a big deal
Kind of a big deal
‎Oct 7 2025 8:48 AM
‎Oct 7 2025 8:48 AM

I've used the Rapid7 log solution, the data is stored in their cloud, but they have on premise collectors to ensure data integrity.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
mlefebvre
Building a reputation
‎Oct 7 2025 3:05 PM
‎Oct 7 2025 3:05 PM

I would highly recommend going cloud if you can, because when you do have a security compromise of some sort the last thing you want is for your SIEM tool to be affected as well.

HastorBlue
New here
yesterday
yesterday

 wrote:

Hi everyone, I'm new to Cisco Meraki and currently working with several Meraki network devices. I've observed that log collection within the Meraki dashboard is inconsistent. Specifically, during periods of high event activity, Meraki reports that too many events occurred in a short span, resulting in incomplete log capture.

We’ve ruled out any underlying network issues, so I’m exploring the option of integrating a dedicated syslog server to ensure reliable and complete log collection.

I’d appreciate insights on the following:

  • Is it better to use an on-premises or cloud-based syslog server for Meraki log collection?
  • What are the pros and cons of each approach?
  • What syslog solutions are others using in their environments (e.g., Syslog-ng, Graylog, Splunk, LogRhythm, ELK Stack, etc.)? I like this and https://spin-samurai.casinologin.mobi/ this amasing site with bonusses 
  • If cloud-based, which providers are recommended (e.g., Splunk Cloud, Logz.io, Datadog, Papertrail, etc.)?

My primary goal is to resolve the issue of incomplete log collection from Meraki devices.
If I choose cloud based, what complication i can encounter?




You’re right to think through the compliance requirements—cloud-native tools can certainly help, but there might still be some edge cases where an on-prem setup or hybrid approach is needed to fully meet specific regulatory requirements (like those for industries with strict data residency or access control rules). You’ll want to do a detailed mapping of the compliance standards you're subject to, and see if any of those require a level of control that cloud tools can’t quite offer (like certain types of encryption, log storage, or access restrictions).

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2026 Cisco Systems, Inc.