Syslog URL Logs with Usernames

Twitch
A model citizen

Syslog URL Logs with Usernames

Hello to the Crew -

 

I just enabled a syslog server for URL logging on our MX. The entries are reaching their destination successfully, but we noticed that the log entries do not include the corresponding username associated with the entry - instead of the username the entry just lists UNKNOWN. See below:

 

Twitch_0-1660330937554.png

 

Is it possible to have the usernames included with the log entries when they are sent to the syslog server natively by the MX, or will a third-party tool be needed the get that information? I do not see any options to modify what is included/excluded with URL logging except selecting URLs from the syslog entry drop-down menu. I should note that we are hoping to gather URL log information for both wired and wireless clients.

 

Thoughts?

 

Thanks!

 

Twitch

2 Replies 2
RomanMD
Building a reputation

Where would the MX know the user? If the MX is not the one to authenticate the user...

PhilipDAth
Kind of a big deal
Kind of a big deal

I have never tried doing this with syslog.

 

As @RomanMD say, you need to start by having the MX know who the user is in some way.  You need to be able to click on the client in the dashboard, and have it display a username.

 

If you use Active Directly, you can do this passively by sucking the data out of the event viewer.

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Configuring_Active_Direc... 

You just need to do the Active Directory bit only, you don't need to do anything with group policies or mappings.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels