cancel
Showing results for 
Search instead for 
Did you mean: 

Anyone forwarding MX syslogs to logstash or ELK?

SOLVED
Getting noticed

Anyone forwarding MX syslogs to logstash or ELK?

Just seeing if anyone if forwarding their MX logs to Logstash ->Elastic.  I am looking at writing the filters for MX logs but I don't want to reinvent the wheel.  Did a quick google/github search and didn't see anything obvious. 

 

I am just playing with the SOF-ELK VM ( https://github.com/philhagen/sof-elk ) and it doesn't parse the Host name or other message date with an available filter. Thoughts are welcomed on any experience on this topic.

1 ACCEPTED SOLUTION

Accepted Solutions
New here

Re: Anyone forwarding MX syslogs to logstash or ELK?

I had previously used some of the following to get the messages from MX / MS parsed (took some tweaking) but I was using logstash to pump log into another app... might be easier going to Elastic (I'm actually about to go thru the process again for a lab - will post on github if you are interested)

 

https://ioshark.net/logstash-from-scratch-parsing-cisco-meraki-logs-70b8e91c0c68

https://github.com/cs3gallery/meraki_logstash

https://github.com/siemonster/logstash/blob/master/40-cisco-meraki-filter.conf

 

theres also a Meraki Beats docker app that hits the API - docker pull ciscodevnet/merakibeat

 

/d

2 REPLIES
New here

Re: Anyone forwarding MX syslogs to logstash or ELK?

I had previously used some of the following to get the messages from MX / MS parsed (took some tweaking) but I was using logstash to pump log into another app... might be easier going to Elastic (I'm actually about to go thru the process again for a lab - will post on github if you are interested)

 

https://ioshark.net/logstash-from-scratch-parsing-cisco-meraki-logs-70b8e91c0c68

https://github.com/cs3gallery/meraki_logstash

https://github.com/siemonster/logstash/blob/master/40-cisco-meraki-filter.conf

 

theres also a Meraki Beats docker app that hits the API - docker pull ciscodevnet/merakibeat

 

/d

Getting noticed

Re: Anyone forwarding MX syslogs to logstash or ELK?

Dain,

 

Thank you. These are exactly the type of resources I was looking for.  I appreciate the help.  Keep me posted on your progress for your lab setup, I am always looking to contribute if would like help.

 

Chad

 

This is me on github:

https://github.com/chadmando