I've configured a sylog server on Meraki to sending URLs, flows and appliance event messages, however the server doesn't get any logs on some days, is there a way on portal to check if devices send/generate the logs to the syslog server for sure? I have checked the event logs but not sure how to set a filter based on my server address or event type, all I can see is bunch of dhcp lease! any advise would be appreciated.
What syslog server are you using? Syslog is a pretty low-level tool, meaning that there's not much that can go wrong. If you're getting traffic on some days and not others, I'd be more inclined to look at the actual server itself instead of the sending device.
the logs go to a collector(the server set on Meraki portal) and from there to a third party data processor. 3rd party says that they get the silent alarm as they dont recieve logs from some devices.I dont have access to the collector but before raising it with the MSP, I was wondering if I could check the Meraki portal to see if any logs were generated from those devices on those specific days.