All Apps and Add-ons

How to configure Splunk to receive syslogs from Cisco Meraki MX?

New Member

Hi There,

I am Nuwantha, i'm trying Splunk free for receive Cisco Meraki Firewall logs.
But i still couldn't configure. I tried TA-Meraki that i found on the internet but no luck. Please help to configure Splunk to receive Meraki MX logs. Appreciate.

Thank you!

0 Karma

Esteemed Legend

The TA deals with data once it is coming into Splunk; you have to make that happen. The best way is either this:
http://www.georgestarcher.com/splunk-success-with-syslog/
Or this:
https://www.splunk.com/en_us/blog/tips-and-tricks/splunk-connect-for-syslog-turnkey-and-scalable-sys...

0 Karma

Ultra Champion

Are these Cisco Meraki Firewall logs on disk already?

0 Karma

SplunkTrust
SplunkTrust

Hi,

welcome to the community! As far as I can see, the TA does not define any inputs settings. These need to be defined on your indexer or in your case, the all-in-one instance.

Depending on the protocol, you either have to define a [tcp://] or [udp://] stanza in your inputs.conf configuration file.
Something like this:

[tcp:514] or [tcp://HOST:514]
or any other port if the device is able to select which ports it wants to send their logs.

Edit: You can simply create a local directory inside of the TA and put the config file there.

Skalli

New Member

Hi There,

Thank you Very much for reply. I'm not that expert on Splunk yet, this is my first experiences about Splunk. DO you have any guide to follow?
Appreciate.
alt text

0 Karma

Ultra Champion

A starting point can be at Using Syslog-ng with Splunk

0 Karma

SplunkTrust
SplunkTrust

And please just look at the inputs.conf (links to the docs) for a basic configuration.

Skalli

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!