Yeah, Meraki MXs‘ strength is definitely not useful logging. I‘m currently setting up Splunk as log solution and building Dashboards etc. is definitely harder than with e.g. ASA or Firepower. On the other hand: if you‘re looking for something you possibly have missed, you‘d probably better be off with some kind of network anomaly detection like Stealthwatch. I‘ve seen too many companies running state of the art firewalls, IPS, SIEM etc., but even with a few days of Stealthwatch PoC, they‘ve seen „things“ they‘d never had expected. Especially when talking about those log volumes you‘re mentioning, it‘s completely impossible to not miss something as a human being.
... View more