@BrandonS I see that PaperTrail has pricing based on storage capacity rather than number of endpoints. Are you able to provide an estimate of storage required per switch. I'm looking at deploying around 70 switches. Thanks.

@SNSGS I don't think I can estimate and I suppose it will depend on each environment and which messages you choose to send, but I do have dozens of devices sending what seems to be a lot of messages for only $10/mo.  You can also filter out messages on the receiving end that will not count toward your quota.

Best.

Thanks, I’ll try that

Thanks I’ll look into it 

Splunk and ELK (Elasticsearch, Logstash, Kibana) even more so are great tools for monitoring and visualizing. The downside is the steeper learning curve, but it's deinitely worth it!

@PhilipDAth  Sorry for asking a rather Linux question than a Meraki one but unable to get any syslog info on the rsyslog server installed on ubunto server. Below are the details of the config file.

I am trying to run commands like cat /var/log/messages and tail -f /var/log/messages to get logs from Meraki network.

# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf

#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")
$template remote-incoming-logs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?remote-incoming-logs
& ~
# provides kernel logging support and enable non-kernel klog messages
module(load="imklog" permitnonkernelfacility="on")

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

It looks like the filenames might be /var/log/%HOSTNAME%/%PROGRAMNAME%.log.

Do a "ls -l /var/log", and look for any extra log files that might reference the host device.

Attached image shows various other files/directories. Name of the server is syslog. Still unable to get any logs out of Meraki.

The question is: are Syslog messages not sent out by MX or not received (or even processed) by your server?

You'll find the answer by sniffing the traffic between MX and server.

I actually removed below from the config file and logs are being received fine now. -$template remote-incoming-logs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log"
*.* ?remote-incoming-logs

Thanks for coming back and letting everyone know.