cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MX Flow Logs

DZA
Conversationalist

MX Flow Logs

Hi,

 

We are exporting MX flow logs to Splunk. Does anyone have anymore detail for the below:

 

- what does the value "374543986.038687615" refer to for the MX flow example in the below link? Is it usable in anyway or is it just an internal reference point. 

 

https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Event_Types...

 

- what is the difference between "flows", "ip_flow_start" and "ip_flow_stop" in the flow records.
- is there any possibility or is it planned for upcoming releases to export the sent and received data volumes in flow logs.I saw someone else posted the below. I'll see someone else posted the below.

https://community.meraki.com/t5/Security-SD-WAN/Wish-Include-sent-and-received-data-volumes-in-MX-fl...

 

4 REPLIES 4
Kind of a big deal

Re: MX Flow Logs

It is the time in Unix epoch format.

DZA
Conversationalist

Re: MX Flow Logs

Thanks, makes sense.
Building a reputation

Re: MX Flow Logs


- is there any possibility or is it planned for upcoming releases to export the sent and received data volumes in flow logs.I saw someone else posted the below. I'll see someone else posted the below.

https://community.meraki.com/t5/Security-SD-WAN/Wish-Include-sent-and-received-data-volumes-in-MX-fl...


If you're interested in traffic volumes, you could take a closer look at Netflow, not Syslog.

DZA
Conversationalist

Re: MX Flow Logs

Thanks CptnCrnch. I assume that I would then need to tie the fw session & the netflow session to correlate the traffic for that session? All of our traffic will be flowing through a FW which provides us with the data when the flow ends. We are looking into the possibility of dropping the firewall logs for these sessions as we should also get them from the MX. However before doing this we'd want a 1:1 of the information we receive. I know that Splunk has a flow collector and then may tie in easier, but we're currently using a different product for netflow.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.