Log/view inbound connections

SOLVED
Dylan_YYC
Getting noticed

Log/view inbound connections

Good morning everyone! 
We have been seeing some interesting behavior on our authentication servers that i want to investigate. I was wondering if there is a way to log or view inbound connections that are hitting our MX100 without doing a mass packet capture on the WAN interface. Anybody have some ideas?

 

Thanks!

Dylan.

1 ACCEPTED SOLUTION
KRobert
Head in the Cloud

I had a similar issue and I needed a real-time syslog monitor to see the traffic (inbound and outbound) passing through our MX100 Firewalls. I found Syslog Watcher as an option. You can get a 30-day free trial and if needed, support can extend it...and extend it...and extend....I digress.

We ended up purchasing it because it is a pretty powerful real time monitoring tool and it only cost $250 for a year or $450 for 3 years.

It has helped tremendously with real-time traffic viewing from the firewall. If anyone questions whether or not data is getting to, through, or blocked by the firewall, this software can let you know and answer right away. Filtering is pretty simple, show you by-the-second traffic, and you can store logs to go back and query previous logs.

It would be nice if the real-time feature like the Cisco ASAs have would be available on Meraki. This wish has been on my list for a while.
CMNO, CCNA R+S

View solution in original post

7 REPLIES 7
SnoopDoggyDog
Conversationalist

Hi Why not just Filter the Event Type on the Network-wide...event log ?

I wish, but these events arent being picked up by the event log.

Nash
Kind of a big deal

Honestly, I'd just do the large pcap off your WAN interface and crunch it in Wireshark. I find the filtering in Wireshark proper to be much more useful and predictable in behavior.

Dylan_YYC
Getting noticed

I was hoping to avoid that but its looking i may need to do that. Thanks!

What type of auth is this that you are talking about going across the WAN (RDP, AD, SSL, VPN, etc.)?

PhilipDAth
Kind of a big deal

You'll have to use syslog unfortunately.

https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Server_Over... 

 

I've been faced with having to do large packet captures as well before.  One option I wish the Meraki packet capture function had was to only capture just the first 64 bytes like in Wireshark.

 

wireshark-64-bytes.PNG

 

Actually - I'm going to make a wish for this now.

KRobert
Head in the Cloud

I had a similar issue and I needed a real-time syslog monitor to see the traffic (inbound and outbound) passing through our MX100 Firewalls. I found Syslog Watcher as an option. You can get a 30-day free trial and if needed, support can extend it...and extend it...and extend....I digress.

We ended up purchasing it because it is a pretty powerful real time monitoring tool and it only cost $250 for a year or $450 for 3 years.

It has helped tremendously with real-time traffic viewing from the firewall. If anyone questions whether or not data is getting to, through, or blocked by the firewall, this software can let you know and answer right away. Filtering is pretty simple, show you by-the-second traffic, and you can store logs to go back and query previous logs.

It would be nice if the real-time feature like the Cisco ASAs have would be available on Meraki. This wish has been on my list for a while.
CMNO, CCNA R+S
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels