Meraki

Community

Syslog Configuration

ruchi
Conversationalist
‎Oct 6 2025 11:04 AM
‎Oct 6 2025 11:04 AM

Syslog Configuration

Hi everyone, I'm new to Cisco Meraki and currently working with several Meraki network devices. I've observed that log collection within the Meraki dashboard is inconsistent. Specifically, during periods of high event activity, Meraki reports that too many events occurred in a short span, resulting in incomplete log capture.

We’ve ruled out any underlying network issues, so I’m exploring the option of integrating a dedicated syslog server to ensure reliable and complete log collection.

I’d appreciate insights on the following:

  • Is it better to use an on-premises or cloud-based syslog server for Meraki log collection?
  • What are the pros and cons of each approach?
  • What syslog solutions are others using in their environments (e.g., Syslog-ng, Graylog, Splunk, LogRhythm, ELK Stack, etc.)?
  • If cloud-based, which providers are recommended (e.g., Splunk Cloud, Logz.io, Datadog, Papertrail, etc.)?

My primary goal is to resolve the issue of incomplete log collection from Meraki devices.
If I choose cloud based, what complication i can encounter?

0 Kudos
6 Replies 6
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 6 2025 11:13 AM
‎Oct 6 2025 11:13 AM

If security and compliance are top priorities, consider on-premises or hybrid. If scalability and ease of access are more important, go cloud-based.
For Meraki-specific environments, Boundless Logs and V-App Syslog Cloud Collector are excellent cloud-native choices.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
ruchi
Conversationalist
‎Oct 6 2025 12:58 PM
‎Oct 6 2025 12:58 PM

I believe adopting a cloud-based syslog solution aligns well with the shared responsibility model of security, which could be a viable approach for our environment. However, I’m currently evaluating whether compliance requirements can be fully addressed through cloud-native tools, or if certain aspects still necessitate an on-premises setup.

Additionally, if we proceed with a cloud-based syslog, I anticipate the need for a secure log forwarder to ensure integrity and confidentiality during log transmission. This raises some questions around the best architectural approach to balance compliance, security, and operational efficiency.

Please let me know if my understanding is off in any way, and I’d appreciate any insights or recommendations on best practices for implementing a compliant and secure cloud-based logging solution.

0 Kudos
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Oct 6 2025 12:14 PM
‎Oct 6 2025 12:14 PM

How big is your organisation?, KiwiSyslog NG might work depending on the size of your Org. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to BlakeRichardson
ruchi
Conversationalist
‎Oct 6 2025 12:40 PM
‎Oct 6 2025 12:40 PM

we are a medical company with around 500 employees but we have different location all over USA. 

0 Kudos
cmr
Kind of a big deal
Kind of a big deal
‎Oct 7 2025 8:48 AM
‎Oct 7 2025 8:48 AM

I've used the Rapid7 log solution, the data is stored in their cloud, but they have on premise collectors to ensure data integrity.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
mlefebvre
Building a reputation
‎Oct 7 2025 3:05 PM
‎Oct 7 2025 3:05 PM

I would highly recommend going cloud if you can, because when you do have a security compromise of some sort the last thing you want is for your SIEM tool to be affected as well.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.