Disable Syslog security events for MRs - Is it possible ?

BazMonkey
Getting noticed

Disable Syslog security events for MRs - Is it possible ?

Morning friends.

 

We have syslog reporting to SIEM and all our MR access points are currently configured for DHCP so often their IPs can change on reboots etc.

 

BazMonkey_0-1646348721544.png

Our SIEM server does not like devices changing their IP addresses as it keeps reporting them offline when they change IP and then the security team complain when they come up as a new device.

 

Is there anyway to disable or filter out security syslog events from MR's but keep them for the MX?

 

Else I'm going to have to get reservsations setup or fixed IP and we have hundreds out there so not something I'm in a hurry to do.

 

Have a great day. Nearly the weekend 🙂

 

7 REPLIES 7
BrandonS
Kind of a big deal

I don't think so.  It seems more the job of the SIEM to filter and ignore unwanted messages though.  If you are using an MX as DHCP server you can import them in one .csv file.

 

Screen Shot 2022-03-03 at 3.38.05 PM.png

- Ex community all-star (⌐⊙_⊙)

Hi Brandon.
What firmware are you using for the MX in the above screen grab.

 

BazMonkey_0-1646351547470.png

 

We don't get the option to import via CSV and have to manually add reservations.

 

We are running 15.44

 

I thought it was a dashboard upgrade when that option first appeared but seems linked to the firmware version.

 

Doesn't work with templates/template bound networks

Ah right. Did wonder how i've seen it somewhere before. That's a pain.

I did write an API pyton script to add them but every line just kept overwriting the last entry so it failed. Maybe I need to make a single call per entry or learn Python better.

Actually it might work with templates under 17.5 beta. Testing now.

Good to know it's being looked at. I often have to added 40 - 50 devices on some sites.

Ok, so I think it only works in templates when the VLAN IP schema is using "same". If using "unique" then it's not shown. And it's not something available as a local override outside of the template for a template bound network.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels