Syslog - Cisco Meraki | LogRhythm Documentation

Device Details

Device Name	Cisco Meraki
Vendor	Cisco
Device Type	Meraki
Supported Model Name/Number	N/A
Supported Software Version	N/A
Collection Method	Syslog
Configurable Log Output	N/A
Log Source Type	Syslog - Cisco Meraki
Log Processing Policy	LogRhythm Default V 2.0
Exceptions	N/A
Additional Information	https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Event_Types_and_Log_Samples

Supported Log Messages

(List of LR tags used to parse the log information for each message type)

Type	Product Version	Supported Schema Fields
V 2.0: Active Directory Event	N/A	<object>, <vendorinfo>, <action>, <dip>, <subject>
V 2.0: AnyConnect VPN Connect Event	N/A	<object>, <vendorinfo>, <action>, <sip>, <dip>, <subject>, <login>
V 2.0: AnyConnect VPN Session Event	N/A	<object>, <vendorinfo>, <action>, <subject>, <session>, <sip>, <login>, <status>, <tag1>, <protname>, <days>, <hours>, <minutes>, <seconds>, <bytesout>, <bytesin>, <reason>, <dip>
V 2.0: Catch All	N/A	<severity>
V 2.0: Content Filtering Block Event	N/A	<object>, <vendorinfo>, <url>, <objecttype>, <sip>, <sport>, <dip>, <dmac>, <action>
V 2.0: Dhcp Release Event	N/A	<object>, <vendorinfo>, <subject>, <dmac>, <smac>
V 2.0: MAC Event	N/A	<object>, <vendorinfo>, <action>, <smac>, <dmac>, <subject>, <sip>
V 2.0: Martian Source Events	N/A	<object>, <vendorinfo>, <action>, <dip>, <smac>, <objecttype>, <subject>,
V 2.0: VLAN Events	N/A	<object>, <vendorinfo>, <dip>, <smac>, <subject>, <sip>, <action>
V 2.0 802.1X Event	N/A	<object>, <vendorinfo>, <action>, <tag1>, <dport>, <account>, <dmac>, <dip>
V 2.0 802.11 Association Event	N/A	<object>, <vendorinfo>, <action>, <dmac>, <dip>, <account>
V 2.0 802.11 Disassociation Event	N/A	<object>, <vendorinfo>, <action>, <dmac>, <dip>, <reason>, <sip, <account>
V 2.0 Access Request Event	N/A	<object>, <vendorinfo>, <action>, <dip>
V 2.0 CLI Set Radius Events	N/A	<object>, <vendorinfo>, <action>, <tag1>, <group>
V 2.0 Device Containment Events	N/A	<object>, <vendorinfo>, <objectname>, <action>, <sip>, <dip>, <smac>, <dmac>
V 2.0 Dhcp Lease Event	N/A	<object>, <vendorinfo>, <subject>, <dip>, <dmac>, <smac>,
V 2.0 Dhcp No Offers Event	N/A	<object>, <vendorinfo>, <subject>, <smac>, <dip>
V 2.0 DHCP Server Detected Event	N/A	<object>, <vendorinfo>, <action>, <sip>, <smac>, <dip>, <dmac>
V 2.0 Failed Event	N/A	<object>, <vendorinfo>, <action>
V 2.0 File Issued Retro Malicious Disposition Evt	N/A	<subject>, <hash>, <result>, <action>
V 2.0 Firewall Event	N/A	<object>, <vendorinfo>, <sip>, <dip>, <smac>, <protname>, <sport>, <dport>, <action>, <tag2>, <result>, <tag1>
V 2.0 Flow Allowed/Denied By Layer 3 Firewall Evt	N/A	<object>, <vendorinfo>, <action>, <tag1>, <sip>, <dip>, <dmac>, <protname>, <sport>, <dport>
V 2.0 HTTP Requests Event	N/A	<object>, <vendorinfo>, <sip>, <sport>, <dip>, <dport>, <dmac>, <command>, <url>
V 2.0 IDS Alerts	N/A	<object>, <vendorinfo>, <threatid>, <severity>, <dmac>, <protname>, <sip>, <sport>, <dip>, <dport>, <result>, <action>, <subject>
V 2.0 Ip Flow Events	N/A	<object>, <vendorinfo>, <tag1>, <sip>, <dip>, <protname>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport>
V 2.0 IP Session Initiated Event	N/A	<object>, <vendorinfo>, <sip>, <dip>, <dmac>, <protname>, <sport>, <dport>, <action>
V 2.0 IPsec-SA Request Event	N/A	<object>, <vendorinfo>, <action>, <sip>
V 2.0 IPsec-SA/ISAKMP-SA Established Event	N/A	<object>, <vendorinfo>, <action>, <tag1>
V 2.0 ISAKMP-SA Deleted Event	N/A	<object>, <vendorinfo>, <action>
V 2.0 ISAKMP-SA Event	N/A	<object>, <vendorinfo>, <action>
V 2.0 MAC Address Flapping Event	N/A	<object>, <vendorinfo>, <action>, <smac>
V 2.0 Malicious File Blocked By Amp Event	N/A	<url>, <sip>, <sport>, <dip>, <dport>, <dmac>, <subject>, <hash>, <result>, <action>
V 2.0 New Phase Negotiation Initiated	N/A	<object>, <vendorinfo>, <action>, <tag1>
V 2.0 Phase2 Negotiation Failed Event	N/A	<object>, <vendorinfo>, <action>
V 2.0 Port Status Change Event	N/A	<object>, <vendorinfo>, <subject>
V 2.0 Power Supply Inserted Event	N/A	<object>, <vendorinfo>, <subject>
V 2.0 Rogue SSID/SSID Spoofing Detected Event	N/A	<vendorinfo>, <action>, <tag1>, <smac>, <dmac>
V 2.0: Site To Site VPN Event	N/A	<object>, <vendorinfo>, <action>, <subject>, <protname>, <session>, <group>, <sip>, <dip>
V 2.0 Spanning Tree Event	N/A	<object>, <vendorinfo>, <subject>
V 2.0 Splash Authentication Event	N/A	<object>, <vendorinfo>, <action>, <sip>, <seconds>, <bytesin>, <bytesout>
V 2.0 Switch Blocked DHCP Server Response Event	N/A	<object>, <vendorinfo>, <subject>, <smac>
V 2.0 Uplink Connectivity Change Event	N/A	<object>, <vendorinfo>, <subject>, <tag1>
V 2.0 Virtual Router Collision Event	N/A	<object>, <vendorinfo>, <subject>
V 2.0 VPN Connectivity Change Event	N/A	<object>, <vendorinfo>, <action>, <sip>, <sport>
V 2.0 VRRP Transition Event	N/A	<object>, <vendorinfo>, <subject>
V 2.0 Wireless Packet Flood Detected Event	N/A	<object>, <vendorinfo>, <action>, <dmac>, <status>, <quantity>
V 2.0 Wireless Packet Flood Ended Event	N/A	<object>, <vendorinfo>, <action>, <status>, <reason>
V 2.0 WPA Authentication/Deauthentication Event	N/A	<object>, <vendorinfo>, <action>, <tag1>, <dmac>, <dip>
V 2.0 Fips Event	N/A	<object>, <vendorinfo>, <action>, <reason>
V 2.0 : DFS_Event	N/A	<object>, <vendorinfo>, <action>
V 2.0 : L3Roaming Assign Anchor	N/A	<object>, <vendorinfo>, <action>, <sip>, <status>
V 2.0 : L3Roaming Assign Hosting	N/A	<object>, <vendorinfo>, <action>, <sip>
V 2.0 : L3Roaming Set Anchor Done	N/A	<object>, <vendorinfo>, <action>
V 2.0 : L3Roaming Start Set Anchor	N/A	<object>, <vendorinfo>, <action>, <sip>
V 2.0 : MAC Spoofing Attack	N/A	<object>, <vendorinfo>, <action>. <session>, <smac>, <dmac>
V 2.0 : Radius MAC Auth	N/A	<object>, <vendorinfo>, <action>, <status>

Revision History

KB Version	Log Type	Change Type	Details
KB 7.1.667.0	Syslog - Cisco Meraki	New Log Source Optimization (LSO) policy: LogRhythm Default v2.0	Optimized new log processing policy for Syslog - Cisco Meraki