cancel
Showing results for 
Search instead for 
Did you mean: 

Anyone forwarding MX syslogs to logstash or ELK?

SOLVED
Highlighted
Getting noticed

Anyone forwarding MX syslogs to logstash or ELK?

Just seeing if anyone if forwarding their MX logs to Logstash ->Elastic.  I am looking at writing the filters for MX logs but I don't want to reinvent the wheel.  Did a quick google/github search and didn't see anything obvious. 

 

I am just playing with the SOF-ELK VM ( https://github.com/philhagen/sof-elk ) and it doesn't parse the Host name or other message date with an available filter. Thoughts are welcomed on any experience on this topic.

1 ACCEPTED SOLUTION

Accepted Solutions
New here

Re: Anyone forwarding MX syslogs to logstash or ELK?

I had previously used some of the following to get the messages from MX / MS parsed (took some tweaking) but I was using logstash to pump log into another app... might be easier going to Elastic (I'm actually about to go thru the process again for a lab - will post on github if you are interested)

 

https://ioshark.net/logstash-from-scratch-parsing-cisco-meraki-logs-70b8e91c0c68

https://github.com/cs3gallery/meraki_logstash

https://github.com/siemonster/logstash/blob/master/40-cisco-meraki-filter.conf

 

theres also a Meraki Beats docker app that hits the API - docker pull ciscodevnet/merakibeat

 

/d

2 REPLIES
New here

Re: Anyone forwarding MX syslogs to logstash or ELK?

I had previously used some of the following to get the messages from MX / MS parsed (took some tweaking) but I was using logstash to pump log into another app... might be easier going to Elastic (I'm actually about to go thru the process again for a lab - will post on github if you are interested)

 

https://ioshark.net/logstash-from-scratch-parsing-cisco-meraki-logs-70b8e91c0c68

https://github.com/cs3gallery/meraki_logstash

https://github.com/siemonster/logstash/blob/master/40-cisco-meraki-filter.conf

 

theres also a Meraki Beats docker app that hits the API - docker pull ciscodevnet/merakibeat

 

/d

Getting noticed

Re: Anyone forwarding MX syslogs to logstash or ELK?

Dain,

 

Thank you. These are exactly the type of resources I was looking for.  I appreciate the help.  Keep me posted on your progress for your lab setup, I am always looking to contribute if would like help.

 

Chad

 

This is me on github:

https://github.com/chadmando