How to configure Splunk to receive syslogs from Ci...

nuwantha · ‎05-28-2019

Hi There,

I am Nuwantha, i'm trying Splunk free for receive Cisco Meraki Firewall logs.
But i still couldn't configure. I tried TA-Meraki that i found on the internet but no luck. Please help to configure Splunk to receive Meraki MX logs. Appreciate.

Thank you!

woodcock · ‎04-17-2020

The TA deals with data once it is coming into Splunk; you have to make that happen. The best way is either this:
http://www.georgestarcher.com/splunk-success-with-syslog/
Or this:
https://www.splunk.com/en_us/blog/tips-and-tricks/splunk-connect-for-syslog-turnkey-and-scalable-sys...

ddrillic · ‎05-29-2019

Are these Cisco Meraki Firewall logs on disk already?

skalliger · ‎05-29-2019

Hi,

welcome to the community! As far as I can see, the TA does not define any inputs settings. These need to be defined on your indexer or in your case, the all-in-one instance.

Depending on the protocol, you either have to define a [tcp://] or [udp://] stanza in your inputs.conf configuration file.
Something like this:

[tcp:514] or [tcp://HOST:514]
or any other port if the device is able to select which ports it wants to send their logs.

Edit: You can simply create a local directory inside of the TA and put the config file there.

Skalli

nuwantha · ‎05-29-2019

Hi There,

Thank you Very much for reply. I'm not that expert on Splunk yet, this is my first experiences about Splunk. DO you have any guide to follow?
Appreciate.

ddrillic · ‎05-30-2019

A starting point can be at Using Syslog-ng with Splunk

skalliger · ‎05-31-2019

And please just look at the inputs.conf (links to the docs) for a basic configuration.

Skalli

How to configure Splunk to receive syslogs from Cisco Meraki MX?

.conf23 Registration is Now Open!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control