Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Syslog message - Wireless Event

Shawqy
Getting noticed
‎Apr 16 2020 6:29 AM
‎Apr 16 2020 6:29 AM

Syslog message - Wireless Event

Hi there, 

 

We have a requirement to get the wireless event logs especially the 802.1X EAP Success & 802.11 Authentication via Syslog for an AD Based firewall rule configuration in a network. This is a large enterprise network where they mostly rely on wireless connectivity for daily operations.  

 

Please provide your feedback on the reliability of Sysog services in Meraki if someone has experienced it. 

 

Thanks in Advance

0 Kudos
Subscribe
3 Replies 3
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Apr 16 2020 6:35 AM
‎Apr 16 2020 6:35 AM

How would you measure „reliability“ in this case? I‘d say it is.

 

Apart from that: wouldn‘t it make more sense to leverage the RADIUS log on your authentication server?

Subscribe
In response to CptnCrnch
Shawqy
Getting noticed
‎Apr 16 2020 6:45 AM
‎Apr 16 2020 6:45 AM

Hi @CptnCrnch 

 

We are applying the IP Address once the authentication is done. So how could the Radius log have the IP Address + User ID detail? 

 

What I mean with Reliability is the options that are available for troubleshooting & management. 

 

0 Kudos
Subscribe
In response to Shawqy
colinster
Getting noticed
‎Apr 16 2020 11:21 AM
‎Apr 16 2020 11:21 AM

RADIUS Logs are often important to debugging an authentication issue, so I would recommend collecting those as well. With RADIUS Accounting you can get IP address as well.

You might also want to look into Webhooks for the Alerts notifications. These are important, and not always in the syslog, and most customers use email to send alerts, but using Webhooks let's you log them!

Why are webhooks and syslog different?! It seems odd at first I know. Webhooks are alerts from the Meraki Cloud "controller" while syslog is the hardware device sending it's logs, so they are two different sources. Syslog is not "secure" and therefore only offered over your internal network, not to a public IP address. Can you get them all from one source? Yes, technically you can get syslog from the Cloud as well, but it's not a stream it's an API REST call you would have to poll every X minutes.

The Meraki Syslog is easy and reliable. Check out the documentation:
https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Server_Over...
https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Meraki_Device_Repo...
https://documentation.meraki.com/zGeneral_Administration/Cross-Platform_Content/Alerts_and_Notificat...
https://documentation.meraki.com/zGeneral_Administration/Other_Topics/Webhooks
Colin Lowenberg
wireless engineer and startup founder, formerly known as "the API guy", now I run a Furapi, the therapy dog service, and Lowenberg Labs, an IT consulting company.
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.