We have a requirement to get the wireless event logs especially the 802.1X EAP Success & 802.11 Authentication via Syslog for an AD Based firewall rule configuration in a network. This is a large enterprise network where they mostly rely on wireless connectivity for daily operations.
Please provide your feedback on the reliability of Sysog services in Meraki if someone has experienced it.
RADIUS Logs are often important to debugging an authentication issue, so I would recommend collecting those as well. With RADIUS Accounting you can get IP address as well.
You might also want to look into Webhooks for the Alerts notifications. These are important, and not always in the syslog, and most customers use email to send alerts, but using Webhooks let's you log them!
Why are webhooks and syslog different?! It seems odd at first I know. Webhooks are alerts from the Meraki Cloud "controller" while syslog is the hardware device sending it's logs, so they are two different sources. Syslog is not "secure" and therefore only offered over your internal network, not to a public IP address. Can you get them all from one source? Yes, technically you can get syslog from the Cloud as well, but it's not a stream it's an API REST call you would have to poll every X minutes.