Wish: Include sent and received data volumes in MX flow logs
We have a SIEM tool that consumes syslog from an MX appliance to aggregate/analyze traffic and track connections between internal assets and external malicious actors.
We are currently able to parse syslog messages from an MX appliance to determine:
1. the external IP/domain connected with
2. the internal IP(s), ports interacted with
3. traffic type and encryption status
4. whether the connection initiated internally or externally
It is also of vital importance to determine the volume of data transferred both in and out of a network over the connection between the source and destination. Currently, the MX flow logs do not support this. I know many other firewalls include this in their flow log equivalents, and I know there are ways to view and export this info from the MX dashboard. However, we need a passive, automated way to consume this data without implementing manual workarounds. We would like to see Meraki include this in its flow logs as it is obviously helpful in narrowing down problem points.
Said another way, the current syslog messages resemble the following: