Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About ds2020
Community Record
10
Posts
3
Kudos
0
Solutions
Badges
@cmr thanks for the reply! What you suggested is actually one of the first things we tried. However, this would require maintaining scripts, file integrity etc and in my opinion would require to much effort to support long term vs Meraki adding the SSID event info to the syslog data.
... View more
Any help on this please?
... View more
Sep 11 2020
9:13 AM
Hi All; In Sumologic I setup the below app to get Meraki events In Meraki the syslog server includes the below roles which populate the above dashboards. So far so good! I need to create a new dashboard that shows on which SSID a client connected given a specific network or AP, or even better provide network and AP information as part of the results from the query. The use case that I have is to identify corporate client devices that are unintentionally connecting to the guest wireless ssid or non-corporate client devices connecting to the prod wireless network. To achieve this I need to know under what event type these client device connections are logged under. Based on feedback from Sumologic support the event types that are going into Sumologic are shown below The results came back with: 8021x_auth 8021x_client_deauth 8021x_deauth 8021x_eap_failure 8021x_eap_success 8021x_radius_timeout association association_reject cli_set_rad_okc_parms cli_set_rad_parms cli_set_rad_pmksa_parms dfs_event disassociation multiple_dhcp_servers_detected radius_mac_auth route_connection_change vpn_connectivity_change wpa_auth wpa_deauth None of those event types though have info on AP, SSID's, or hostnames. However, running an API call against https://api.meraki.com/api/v1/organizations/{orgID}/networks/{netID}/clients/?perPage=1000&ssidNumber=2 gets me the below info which is what i need to create my dashboard. Is the below information captured in the syslog? and if it is under what event type can i find it? Thanks in advance!
... View more
Aug 28 2020
1:39 PM
1 Kudo
@jdsilva thanks for the heads up! This scenario might not be an issue since we have over 100 networks so few clients connect to each at a time. I will need to figure out though how to make my request more specific since now i get all 150 clients. Need to figure out how to get a specific client based on its mac or IP address. Since this is what I'm trying to accomplish.
... View more
Aug 28 2020
1:10 PM
@jdsilva how can I correct this? This info is not described in any of the documents I've looks so far.
... View more
Aug 28 2020
12:57 PM
So I'm using Postman and crafted a GET request to get the clients from a specific network id. Looking at the results I see 10 entries vs 150 on the actual dashboard. Any reason why this is?
... View more
Labels:
- Labels:
-
Dashboard API
Hi BrechtSchamp, SIEM gets the information from network traffic, we are monitoring network activity and not sending syslogs yet, although i am in the process of sending the syslogs to Sumologic for better analysis. Currently looking at the Meraki dashboard settings Wireless > Configure > SSIDS >Client IP Assignment is set to Meraki DHCP (NAT Mode: Use Meraki DHCP )
... View more
Hi Cain, can you provide information on how to do this? I'm not very familiar with the API's but I do have people on my team that can do something if we can provide some instructions.
... View more
Hi everyone, I'm facing a problem that I hope someone here can help me solve or point me to a workaround for finding the information within the Meraki portal. To begin, my question is simple as stated above. If I have an IP address of 10.10.15.4 for example, what is the easiest most simple way to find out under which Network that IP belongs and which AP/SSID the IP was connected to? The reason for this is we have these alerts generated from our SIEM and we have rules in our SIEM that would tag a device as non-corporate device if it satisfies certain criteria. So when something like that comes up we need to dig in and identify the device so we can identify the user and follow up etc. In Meraki we have about 100+ Networks defined and each with different numbers of APs (1 network has 40+ APs) with about 3-4 SSIDs so I'm having a very hard time trying to figure out where should I begin my investigation. Is there anything out there that can help with this? Maybe something like a master list/report that shows all clients and IP addresses along with their networks and AP's as a table or something? Thank you in Advance!
... View more
My Top Kudoed Posts
| Subject | Kudos | Views |
|---|---|---|
| 1 | 2498 | |
| 1 | 8820 | |
| 1 | 8830 |
© 2024 Cisco Systems, Inc.
