Meraki

Community

Syslog server not getting the event logs.

Solved
M_berget
Here to help
‎Jun 4 2020 7:14 AM
‎Jun 4 2020 7:14 AM

Syslog server not getting the event logs.

Hi!

 

I have a case where several networks don't send the event logs to the syslog server while other networks in the same template do send their logs. Is it also possible to verify that these log sources are inactive and that there is no error causing the log source to not send log events?
Do anyone have anyone experience regarding this issue?

See the picture below for the tags applied for the server:image.png

0 Kudos
1 Accepted Solution
M_berget
Here to help
‎Feb 24 2021 2:58 AM
‎Feb 24 2021 2:58 AM

Traffic was blocked on the Azure firewall.

View solution in original post

0 Kudos
6 Replies 6
DensyoV
Meraki Employee
Meraki Employee
‎Jun 7 2020 5:54 PM
‎Jun 7 2020 5:54 PM

Hi,

 

I suggest verifying the connectivity to the Syslogs servers and they are reachable from the MX and then take packet capture from the MX to see whether it is actually sending traffic to the servers or not. Also, if the Syslog servers are over the VPN, make sure there is no site-to-site VPN firewall rule blocking the traffic.

 

https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Server_Over...

 

Thanks,

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
In response to DensyoV
M_berget
Here to help
‎Jun 9 2020 5:54 AM
‎Jun 9 2020 5:54 AM

Hi!

 

Thank you for the tips.

There were no site-to-site VPN firewall rule blocking the traffic.
However have multiple networks started to send event logs to the server without that I did a thing.
I was unable to ping the syslog server, but it is most likely blocking ICMP, since I tried to ping it from a network who worked as well.
I can see that there are going traffic towards the syslog server, so I will follow your other step and verify that the appliance can reach the server.

0 Kudos
In response to M_berget
M_berget
Here to help
‎Jun 9 2020 6:15 AM
‎Jun 9 2020 6:15 AM

Hi again!

 

I have a follow up question, there are several networks where we run two MX.
Will only the primary MX send logs to the syslog server og will both do it?

 

Best regards

 

Mberget.

0 Kudos
In response to M_berget
DensyoV
Meraki Employee
Meraki Employee
‎Jun 9 2020 4:55 PM
‎Jun 9 2020 4:55 PM

Hi,

 

Yes, whichever is running as the primary.

 

Thanks,

Please hit kudos if you found this post helpful and/or click "accept as solution" if this solved your problem.
In response to DensyoV
M_berget
Here to help
‎Aug 12 2020 1:22 PM
‎Aug 12 2020 1:22 PM

Spoiler
 

Hi, again!

 

I was wondering if the MX will send syslogs of legacy equipment or if it only will send logs from Meraki switches and AP's.

0 Kudos
M_berget
Here to help
‎Feb 24 2021 2:58 AM
‎Feb 24 2021 2:58 AM

Traffic was blocked on the Azure firewall.

0 Kudos
li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.