Syslog - Cisco Meraki
Device Details
Device Name | Cisco Meraki |
Vendor | Cisco |
Device Type | Meraki |
Supported Model Name/Number | N/A |
Supported Software Version | N/A |
Collection Method | Syslog |
Configurable Log Output | N/A |
Log Source Type | Syslog - Cisco Meraki |
Log Processing Policy | LogRhythm Default V 2.0 |
Exceptions | N/A |
Additional Information |
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
Type | Product Version | Supported Schema Fields |
|---|---|---|
V 2.0 802.1X Event | N/A | <object>, <vendorinfo>, <action>, <tag1>, <dport>, <account>, <dmac>, <dip> |
V 2.0 802.11 Association Event | N/A | <object>, <vendorinfo>, <action> |
V 2.0 802.11 Disassociation Event | N/A | <object>, <vendorinfo>, <action>, <reason>, <sip> |
V 2.0 Dhcp Lease Event | N/A | <object>, <vendorinfo>, <subject>, <dip>, <dmac>, <smac>, |
V 2.0 Dhcp No Offers Event | N/A | <object>, <vendorinfo>, <subject>, <smac>, <dip> |
V 2.0 Failed Event | N/A | <object>, <vendorinfo>, <action> |
V 2.0 File Issued Retro Malicious Disposition Evt | N/A | <subject>, <hash>, <result>, <action> |
V 2.0 Flow Allowed/Denied By Layer 3 Firewall Evt | N/A | <object>, <vendorinfo>, <action>, <tag1>, <sip>, <dip>, <dmac>, <protname>, <sport>, <dport> |
V 2.0 HTTP Requests Event | N/A | <object>, <vendorinfo>, <sip>, <sport>, <dip>, <dport>, <dmac>, <command>, <url> |
V 2.0 IDS Alerts | N/A | <object>, <vendorinfo>, <threatid>, <severity>, <dmac>, <protname>, <sip>, <sport>, <dip>, <dport>, <result>, <action>, <subject> |
V 2.0 IPsec-SA/ISAKMP-SA Established Event | N/A | <object>, <vendorinfo>, <action>, <tag1> |
V 2.0 IPsec-SA Request Event | N/A | <object>, <vendorinfo>, <action>, <sip> |
V 2.0 IP Session Initiated Event | N/A | <object>, <vendorinfo>, <sip>, <dip>, <dmac>, <protname>, <sport>, <dport>, <action> |
V 2.0 ISAKMP-SA Deleted Event | N/A | <object>, <vendorinfo>, <action> |
V 2.0 ISAKMP-SA Event | N/A | <object>, <vendorinfo>, <action> |
V 2.0 Malicious File Blocked By Amp Event | N/A | <url>, <sip>, <sport>, <dip>, <dport>, <dmac>, <subject>, <hash>, <result>, <action> |
V 2.0 New Phase Negotiation Initiated | N/A | <object>, <vendorinfo>, <action>, <tag1> |
V 2.0 Phase2 Negotiation Failed Event | N/A | <object>, <vendorinfo>, <action> |
V 2.0 Port Status Change Event | N/A | <object>, <vendorinfo>, <subject> |
V 2.0 Power Supply Inserted Event | N/A | <object>, <vendorinfo>, <subject> |
V 2.0 Rogue SSID/SSID Spoofing Detected Event | N/A | <vendorinfo>, <action>, <tag1>, <smac>, <dmac> |
V 2.0 Spanning Tree Event | N/A | <object>, <vendorinfo>, <subject> |
V 2.0 Splash Authentication Event | N/A | <object>, <vendorinfo>, <action>, <sip>, <seconds>, <bytesin>, <bytesout> |
V 2.0 Switch Blocked DHCP Server Response Event | N/A | <object>, <vendorinfo>, <subject>, <smac> |
V 2.0 Uplink Connectivity Change Event | N/A | <object>, <vendorinfo>, <subject>, <tag1> |
V 2.0 Virtual Router Collision Event | N/A | <object>, <vendorinfo>, <subject> |
V 2.0 VPN Connectivity Change Event | N/A | <object>, <vendorinfo>, <action>, <sip>, <sport> |
V 2.0 VRRP Transition Event | N/A | <object>, <vendorinfo>, <subject> |
V 2.0 Wireless Packet Flood Detected Event | N/A | <object>, <vendorinfo>, <action>, <dmac>, <status>, <quantity> |
V 2.0 Wireless Packet Flood Ended Event | N/A | <object>, <vendorinfo>, <action>, <status>, <reason> |
V 2.0 CLI Set Radius Events | N/A | <object>, <vendorinfo>, <action>, <tag1>, <group> |
V 2.0 WPA Authentication/Deauthentication Event | N/A | <object>, <vendorinfo>, <action>, <tag1> |
V 2.0 MAC Address Flapping Event | N/A | <object>, <vendorinfo>, <action>, <smac> |
V 2.0 Device Containment Events | N/A | <object>, <vendorinfo>, <action>, <sip>, <dip>, <smac>, <dmac> |
V 2.0 Access Request Event | N/A | <object>, <vendorinfo>, <action>, <dip> |
V 2.0 DHCP Server Detected Event | N/A | <object>, <vendorinfo>, <action>, <sip>, <smac>, <dip>, <dmac> |
V 2.0 Ip Flow Events | N/A | <object>, <vendorinfo>, <tag1>, <sip>, <dip>, <protname>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport> |
V 2.0 Firewall Event | N/A | <object>, <vendorinfo>, <sip>, <dip>, <smac>, <protname>, <sport>, <dport>, <action>, <tag2>, <result>, <tag1> |
V 2.0 : Content Filtering Block Event | N/A | <object>, <vendorinfo>, <url>, <objecttype>, <sip>, <sport>, <dip>, <dmac>, <action> |
V 2.0 : VLAN Events | N/A | <object>, <vendorinfo>, <dip>, <smac>, <subject>, <sip>, <action> |
V 2.0 : Dhcp Release Event | N/A | <object>, <vendorinfo>, <subject>, <dmac>, <smac> |
V 2.0 : AnyConnect VPN Session Event | N/A | <object>, <vendorinfo>, <action>, <subject>, <session>, <sip>, <login>, <status>, <tag1>, <protname>, <days>, <hours>, <minutes>, <seconds>, <bytesout>, <bytesin>, <reason>, <dip> |
V 2.0 : MAC Event | N/A | <object>, <vendorinfo>, <action>, <smac>, <dmac>, <subject>, <sip> |
V 2.0 : Active Directory Event | N/A | <object>, <vendorinfo>, <action>, <dip>, <subject> |
V 2.0 : AnyConnect VPN Connect Event | N/A | <object>, <vendorinfo>, <action>, <sip>, <dip>, <subject>, <login> |
V 2.0 : Martian Source Events | N/A | <object>, <vendorinfo>, <action>, <dip>, <smac>, <objecttype>, <subject>, |
V 2.0 : Catch All | N/A | <severity> |
Revision History
KB Version | Log Type | Change Type | Details |
|---|---|---|---|
KB 7.1.667.0 | Syslog - Cisco Meraki | New Log Source Optimization (LSO) policy: LogRhythm Default v2.0 | Optimized new log processing policy for Syslog - Cisco Meraki |