syslog

Niusha
Just browsing

syslog

hi,

I've configured a sylog server on Meraki to sending URLs, flows and appliance event messages, however the server doesn't get any logs on some days, is there a way on portal to check if devices send/generate the logs to the syslog server for sure? I have checked the event logs but not sure how to set a filter based on my server address or event type, all I can see is bunch of dhcp lease! any advise would be appreciated.  

3 Replies 3
Robthesoundguy
Here to help

What syslog server are you using? Syslog is a pretty low-level tool, meaning that there's not much that can go wrong. If you're getting traffic on some days and not others, I'd be more inclined to look at the actual server itself instead of the sending device. 

the logs go to a collector(the server set on Meraki portal) and from there to a third party data processor. 3rd party says that they get the silent alarm as they dont recieve logs from some devices.I dont have access to the collector but before raising it with the MSP, I was wondering if I could check the Meraki portal to see if any logs were generated from those devices on those specific days.

PhilipDAth
Kind of a big deal
Kind of a big deal

I would think you should be getting entries 24x7, especially if you know there is something inside of the MX accessing the Internet.

 

You could try doing a packet capture on the syslog port and verify you can see records being sent and compare that to what is being received.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels