Disable Syslog security events for MRs - Is it possible ?

BazMonkey
Getting noticed

Disable Syslog security events for MRs - Is it possible ?

Morning friends.

 

We have syslog reporting to SIEM and all our MR access points are currently configured for DHCP so often their IPs can change on reboots etc.

 

BazMonkey_0-1646348721544.png

Our SIEM server does not like devices changing their IP addresses as it keeps reporting them offline when they change IP and then the security team complain when they come up as a new device.

 

Is there anyway to disable or filter out security syslog events from MR's but keep them for the MX?

 

Else I'm going to have to get reservsations setup or fixed IP and we have hundreds out there so not something I'm in a hurry to do.

 

Have a great day. Nearly the weekend 🙂

 

7 Replies 7
BrandonS
Kind of a big deal

I don't think so.  It seems more the job of the SIEM to filter and ignore unwanted messages though.  If you are using an MX as DHCP server you can import them in one .csv file.

 

Screen Shot 2022-03-03 at 3.38.05 PM.png

- Ex community all-star (⌐⊙_⊙)
BazMonkey
Getting noticed

Hi Brandon.
What firmware are you using for the MX in the above screen grab.

 

BazMonkey_0-1646351547470.png

 

We don't get the option to import via CSV and have to manually add reservations.

 

We are running 15.44

 

I thought it was a dashboard upgrade when that option first appeared but seems linked to the firmware version.

 

Ryan_Miles
Meraki Employee
Meraki Employee

Doesn't work with templates/template bound networks

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
BazMonkey
Getting noticed

Ah right. Did wonder how i've seen it somewhere before. That's a pain.

I did write an API pyton script to add them but every line just kept overwriting the last entry so it failed. Maybe I need to make a single call per entry or learn Python better.

Ryan_Miles
Meraki Employee
Meraki Employee

Actually it might work with templates under 17.5 beta. Testing now.

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
BazMonkey
Getting noticed

Good to know it's being looked at. I often have to added 40 - 50 devices on some sites.

Ryan_Miles
Meraki Employee
Meraki Employee

Ok, so I think it only works in templates when the VLAN IP schema is using "same". If using "unique" then it's not shown. And it's not something available as a local override outside of the template for a template bound network.

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels