Hi All;
In Sumologic I setup the below app to get Meraki events
In Meraki the syslog server includes the below roles which populate the above dashboards. So far so good!
I need to create a new dashboard that shows on which SSID a client connected given a specific network or AP, or even better provide network and AP information as part of the results from the query.
The use case that I have is to identify corporate client devices that are unintentionally connecting to the guest wireless ssid or non-corporate client devices connecting to the prod wireless network. To achieve this I need to know under what event type these client device connections are logged under.
Based on feedback from Sumologic support the event types that are going into Sumologic are shown below
The results came back with:
- 8021x_auth
- 8021x_client_deauth
- 8021x_deauth
- 8021x_eap_failure
- 8021x_eap_success
- 8021x_radius_timeout
- association
- association_reject
- cli_set_rad_okc_parms
- cli_set_rad_parms
- cli_set_rad_pmksa_parms
- dfs_event
- disassociation
- multiple_dhcp_servers_detected
- radius_mac_auth
- route_connection_change
- vpn_connectivity_change
- wpa_auth
- wpa_deauth
None of those event types though have info on AP, SSID's, or hostnames.
However, running an API call against https://api.meraki.com/api/v1/organizations/{orgID}/networks/{netID}/clients/?perPage=1000&ssidNumbe...
gets me the below info which is what i need to create my dashboard. Is the below information captured in the syslog? and if it is under what event type can i find it?
Thanks in advance!
