Meraki Community

Jian-Z

Is the client IP the source IP in the network events:

https://developer.cisco.com/meraki/api-v1/get-network-events/

sungod

Typically. But the structure of events varies considerably, not all will have a source IP, for instance...

{'occurredAt': '2023-01-25T06:15:26.810173Z', 'networkId': 'L_zzzzzz', 'type': 'cf_block', 'description': 'Content filtering blocked URL', 'clientId': 'k9zzz', 'clientDescription': 'MS350 Stack', 'clientMac': '00:18:zzzz', 'deviceSerial': 'Q2PN-zzzzz', 'deviceName': 'MXzzz', 'eventData': {'url': 'https://doh.opendns.com/...', 'server': '146.zzz', 'categories': ''}}

If you are working with events for structured reporting/automation, you need to handle the different (sometimes inconsistent) structures of events of interest.

I've not seen any documentation that defines all the possible per-event type response structures, I ended up gathering large numbers of events from different orgs/networks to get a decent sample to analyse and create handling for.

View solution in original post

sungod

Typically. But the structure of events varies considerably, not all will have a source IP, for instance...

{'occurredAt': '2023-01-25T06:15:26.810173Z', 'networkId': 'L_zzzzzz', 'type': 'cf_block', 'description': 'Content filtering blocked URL', 'clientId': 'k9zzz', 'clientDescription': 'MS350 Stack', 'clientMac': '00:18:zzzz', 'deviceSerial': 'Q2PN-zzzzz', 'deviceName': 'MXzzz', 'eventData': {'url': 'https://doh.opendns.com/...', 'server': '146.zzz', 'categories': ''}}

If you are working with events for structured reporting/automation, you need to handle the different (sometimes inconsistent) structures of events of interest.

I've not seen any documentation that defines all the possible per-event type response structures, I ended up gathering large numbers of events from different orgs/networks to get a decent sample to analyse and create handling for.

Meraki Community

The client IP of Network Events

The client IP of Network Events