cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX Firewall Rule Logging

SOLVED
Kind of a big deal

MX Firewall Rule Logging

Anyone know what the logging enabled/disabled per firewall rule actually does? Like what kind of syslog traffic is it sending, is it a crap ton etc.

Nolan Herring | nolanwifi.com
TwitterLinkedIn
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Here to help

Re: MX Firewall Rule Logging

Hi Nolan,

In my humble opinion, the logging enabled/disabled per firewall rule will choose to collect the log or not for that rule.
Example log:
2019-03-18 16:33:05 Local0.Info 192.168.0.6 1 1552901590.284212695 <XXXX> flows src=172.17.8.92 dst=125.56.222.10 mac=48:5B:39:EF:D7:85 protocol=tcp sport=63249 dport=80 pattern: allow all

2019-03-18 16:33:05 Local0.Info 192.168.0.6 1 1552901590.287318295 <XXXX> flows src=172.17.8.92 dst=125.56.222.8 mac=48:5B:39:EF:D7:85 protocol=tcp sport=63250 dport=80 pattern: allow all

2019-03-18 16:33:05 Local0.Info 192.168.0.6 1 1552901590.332721497 <XXXX> urls src=172.17.8.173:52570 dst=118.102.6.42:80 mac=00:22:B0:F3:E9:1C agent='Dalvik/2.1.0 (Linux; U; Android 5.1.1; C6603 Build/10.7.A.0.228)' request: GET http://photo-1-baomoi.zadn.vn/a350_r4x3/2019_03_18_232_30021630/0fdbceae3befd2b18bfe.jpg.webp

If you want to see the log, you should install a syslog server such as KiWi Syslog Server, Splunk
... KiWi is quite simple, just next, next and next. 🙂
Btw, don't forget to config syslog on dashboard meraki.

Regards,
natuan

View solution in original post

4 REPLIES 4
Highlighted
Here to help

Re: MX Firewall Rule Logging

Hi Nolan,

In my humble opinion, the logging enabled/disabled per firewall rule will choose to collect the log or not for that rule.
Example log:
2019-03-18 16:33:05 Local0.Info 192.168.0.6 1 1552901590.284212695 <XXXX> flows src=172.17.8.92 dst=125.56.222.10 mac=48:5B:39:EF:D7:85 protocol=tcp sport=63249 dport=80 pattern: allow all

2019-03-18 16:33:05 Local0.Info 192.168.0.6 1 1552901590.287318295 <XXXX> flows src=172.17.8.92 dst=125.56.222.8 mac=48:5B:39:EF:D7:85 protocol=tcp sport=63250 dport=80 pattern: allow all

2019-03-18 16:33:05 Local0.Info 192.168.0.6 1 1552901590.332721497 <XXXX> urls src=172.17.8.173:52570 dst=118.102.6.42:80 mac=00:22:B0:F3:E9:1C agent='Dalvik/2.1.0 (Linux; U; Android 5.1.1; C6603 Build/10.7.A.0.228)' request: GET http://photo-1-baomoi.zadn.vn/a350_r4x3/2019_03_18_232_30021630/0fdbceae3befd2b18bfe.jpg.webp

If you want to see the log, you should install a syslog server such as KiWi Syslog Server, Splunk
... KiWi is quite simple, just next, next and next. 🙂
Btw, don't forget to config syslog on dashboard meraki.

Regards,
natuan

View solution in original post

Here to help

Re: MX Firewall Rule Logging

Yep. It will log the flows that match each rule to the syslog server you have configured under Network Wide > Configure > General > Logging. If you don't have a syslog server set up, you should probably just set the logging to disabled for each rule. 

Kind of a big deal

Re: MX Firewall Rule Logging

Thanks guys. This doesn't really seem like something I want to collect and never look at lol. Also seems like it would be a lot of syslog traffic.
Nolan Herring | nolanwifi.com
TwitterLinkedIn
Kind of a big deal

Re: MX Firewall Rule Logging

@jbhehoman actually, the options disappear if you don't have a syslog server setup. I just noticed that.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.