Meraki Community

AkinBredailik · ‎Aug 5 2022

I've been struggling epically to export legible logs from my Meraki devices to a server running Syslog-NG OSE 3.30. No matter what source driver I use on the server, I see errors like this (identifying details changed):

May 28 15:56:23  syslog-ng[32734]: Error processing log message: <134>1>@< 1622231783.881009670 HOSTNAME1 flows allow src=10.1.1.1 dst=10.2.1.1 mac=BLAH protocol=icmp type=0
May 28 15:56:23  syslog-ng[32734]: Error processing log message: <134>1>@< 1622231783.857281611 HOSTNAME2 flows allow src=10.1.1.2 dst=10.2.1.2 mac=BLAH protocol=icmp type=0

Is this a Meraki compliance problem with RFC3164 or RFC5424? Or just a message formatting idiosyncrasy? Does it mean that I have to parse Meraki syslog messages specially on my Syslog-NG server with an XML file in patterndb? If so, can anyone point to an example of one that I can look at?

Thanks!

CptnCrnch · ‎Aug 5 2022

Until now, I haven't heard of any issues with Meraki and Syslog-NG. The docs (https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Server_Overv...) even mention it explicitly.

KarstenI · ‎Aug 5 2022

On Graylog I have to specify the input as "RAW UDP" instead of Syslog. Do you have an option like that?

Meraki and Syslog-NG

Meraki and Syslog-NG

Meraki Insight forum closed