Skip to main content
Skip table of contents

Syslog - Cisco Meraki

Device Details

Device Name

Cisco Meraki

Vendor

Cisco

Device Type

Meraki

Supported Model Name/Number

N/A

Supported Software Version

N/A

Collection Method

Syslog

Configurable Log Output

N/A

Log Source Type

Syslog - Cisco Meraki

Log Processing Policy

LogRhythm Default V 2.0

Exceptions

N/A

Additional Information

https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Event_Types_and_Log_Samples

Supported Log Messages

(List of LR tags used to parse the log information for each message type)

Type

Product Version

Supported Schema Fields

V 2.0 802.1X Event

N/A

<object>, <vendorinfo>, <action>, <tag1>, <dport>, <account>, <dmac>, <dip>

V 2.0 802.11 Association Event

N/A

<object>, <vendorinfo>, <action>

V 2.0 802.11 Disassociation Event

N/A

<object>, <vendorinfo>, <action>, <reason>, <sip>

V 2.0 Dhcp Lease Event

N/A

<object>, <vendorinfo>, <subject>, <dip>, <dmac>, <smac>, 

V 2.0 Dhcp No Offers Event

N/A

<object>, <vendorinfo>, <subject>, <smac>, <dip>

V 2.0 Failed Event

N/A

<object>, <vendorinfo>, <action>

V 2.0 File Issued Retro Malicious Disposition Evt

N/A

<subject>, <hash>, <result>, <action>

V 2.0 Flow Allowed/Denied By Layer 3 Firewall Evt

N/A

<object>, <vendorinfo>, <action>, <tag1>, <sip>, <dip>, <dmac>, <protname>, <sport>, <dport>

V 2.0 HTTP Requests Event

N/A

<object>, <vendorinfo>, <sip>, <sport>, <dip>, <dport>, <dmac>, <command>, <url>

V 2.0 IDS Alerts

N/A

<object>, <vendorinfo>, <threatid>, <severity>, <dmac>, <protname>, <sip>, <sport>, <dip>, <dport>, <subject>

V 2.0 IPsec-SA/ISAKMP-SA Established Event

N/A

<object>, <vendorinfo>, <action>, <tag1>

V 2.0 IPsec-SA Request Event

N/A

<object>, <vendorinfo>, <action>, <sip>

V 2.0 IP Session Initiated Event

N/A

<object>, <vendorinfo>, <sip>, <dip>, <dmac>, <protname>, <sport>, <dport>, <action>

V 2.0 ISAKMP-SA Deleted Event

N/A

<object>, <vendorinfo>, <action>

V 2.0 ISAKMP-SA Event

N/A

<object>, <vendorinfo>, <action>

V 2.0 Malicious File Blocked By Amp Event

N/A

<url>, <sip>, <sport>, <dip>, <dport>, <dmac>, <subject>, <hash>, <result>, <action>

V 2.0 New Phase Negotiation Initiated

N/A

<object>, <vendorinfo>, <action>, <tag1>

V 2.0 Phase2 Negotiation Failed Event

N/A

<object>, <vendorinfo>, <action>

V 2.0 Port Status Change Event

N/A

<object>, <vendorinfo>, <subject>

V 2.0 Power Supply Inserted Event

N/A

<object>, <vendorinfo>, <subject>

V 2.0 Rogue SSID/SSID Spoofing Detected Event

N/A

<vendorinfo>, <action>, <tag1>, <smac>, <dmac>

V 2.0 Spanning Tree Event

N/A

<object>, <vendorinfo>, <subject>

V 2.0 Splash Authentication Event

N/A

<object>, <vendorinfo>, <action>, <sip>, <seconds>, <bytesin>, <bytesout>

V 2.0 Switch Blocked DHCP Server Response Event

N/A

<object>, <vendorinfo>, <subject>, <smac>

V 2.0 Uplink Connectivity Change Event

N/A

<object>, <vendorinfo>, <subject>, <tag1>

V 2.0 Virtual Router Collision Event

N/A

<object>, <vendorinfo>, <subject>

V 2.0 VPN Connectivity Change Event

N/A

<object>, <vendorinfo>, <action>, <sip>, <sport>

V 2.0 VRRP Transition Event

N/A

<object>, <vendorinfo>, <subject>

V 2.0 Wireless Packet Flood Detected Event

N/A

<object>, <vendorinfo>, <action>, <dmac>, <status>, <quantity>

V 2.0 Wireless Packet Flood Ended Event

N/A

<object>, <vendorinfo>, <action>, <status>, <reason>

V 2.0 CLI Set Radius Events

N/A

<object>, <vendorinfo>, <action>, <tag1>, <group>

V 2.0 WPA Authentication/Deauthentication Event

N/A

<object>, <vendorinfo>, <action>, <tag1>

V 2.0 MAC Address Flapping Event

N/A

<object>, <vendorinfo>, <action>, <smac>

V 2.0 Device Containment Events

N/A

<object>, <vendorinfo>, <action>, <sip>, <dip>, <smac>, <dmac>

V 2.0 Access Request Event

N/A

<object>, <vendorinfo>, <action>, <dip>

V 2.0 DHCP Server Detected Event

N/A

<object>, <vendorinfo>, <action>, <sip>, <smac>, <dip>, <dmac>

V 2.0 Ip Flow Events

N/A

<object>, <vendorinfo>, <tag1>, <sip>, <dip>, <protname>, <sport>, <dport>, <snatip>, <dnatip>, <snatport>, <dnatport>

V 2.0 Firewall Event

N/A

<object>, <vendorinfo>, <sip>, <dip>, <smac>, <protname>, <sport>, <dport>, <action>, <tag2>, <result>, <tag1>

V 2.0 : Content Filtering Block Event

N/A

<object>, <vendorinfo>, <url>, <objecttype>, <sip>, <sport>, <dip>, <dmac>, <action>

V 2.0 : VLAN Events

N/A

<object>, <vendorinfo>, <dip>, <smac>, <subject>, <sip>, <action>

V 2.0 : Dhcp Release Event

N/A

<object>, <vendorinfo>, <subject>, <dmac>, <smac>

V 2.0 : AnyConnect VPN Session Event

N/A

<object>, <vendorinfo>, <session>, <sip>, <login>, <action>, <protname>, <dip>, <subject>

V 2.0 : MAC Event

N/A

<object>, <vendorinfo>, <action>, <smac>, <dmac>, <subject>, <sip>

V 2.0 : Active Directory Event

N/A

<object>, <vendorinfo>, <action>, <dip>, <subject>

V 2.0 : AnyConnect VPN Connect Event

N/A

<object>, <vendorinfo>, <action>, <sip>, <dip>, <subject>, <login>

V 2.0 : Martian Source Events

N/A

<object>, <vendorinfo>, <action>, <dip>, <smac>, <objecttype>, <subject>,

V 2.0 : Catch All

N/A

<severity>

Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.667.0

Syslog - Cisco Meraki

New Log Source Optimization (LSO) policy: LogRhythm Default v2.0

Optimized new log processing policy for Syslog - Cisco Meraki


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.