Event Logs into Splunk

Basavaraj
Conversationalist

Event Logs into Splunk

Hello Everyone,

 

We have configured splunk as Syslog servers however we are unable to see the any alerts or event logs into our Splunk logger.

6 Replies 6
ww
Kind of a big deal
Kind of a big deal

Can you take a packet capture on the lan port and see if the device send traffic to your syslog server.

Basavaraj
Conversationalist

Hello,

 

Thanks for the reply, did a packet capture,  After taking a look at the current configuration. I see the Access Points are sending traffic to the Syslog server IP on UDP port 5569 however I am not able to see complete log in splunk, for Ex : Failed connection to SSID on AP during authentication because the auth server rejected the auth request.which I can see in Meraki dashboard but not seeing these kind of alerts in my splunk sys log server.

 

it could be stopper from splunk, please suggest.

nealgs
Building a reputation

can we assume you have told the relevant Network where to send the logs to?

 

Look under Network wide/General/Reporting 

 

and enter the IP address of the syslog server and chose which roles you want to send over.

 

We've moved away from Splunk and now use ManageEngine instead - considerably cheaper both software and hardware wise 🙂

Basavaraj
Conversationalist

Hello,

Thanks for the reply.

Yes we have added syslog server IP under Network wide/General/Reporting and set the roles also as per below screenshot.

 

Access Points are sending traffic to the Syslog server IP on UDP port 5569 however I am not able to see complete log in splunk, for Ex : Failed connection to SSID on AP during authentication because the auth server rejected the auth request.which I can see in Meraki dashboard but not seeing these kind of alerts in my splunk sys log server.

 

could you please advice some more on ManageEngine instead, so that I can see that option as well in our current environment

 

 

Basavaraj_0-1638124200896.png

 

ww
Kind of a big deal
Kind of a big deal

nealgs
Building a reputation

Have a look at this link.  this is what we now use instead of splunk for our environment.

 

EventLog Analyzer - SIEM Log management software. (manageengine.com)

 

Runs on a single server, 12 core, 96GB RAM which also runs our Rapid7 scanning tools too.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels