Hi There,
I am Nuwantha, i'm trying Splunk free for receive Cisco Meraki Firewall logs.
But i still couldn't configure. I tried TA-Meraki that i found on the internet but no luck. Please help to configure Splunk to receive Meraki MX logs. Appreciate.
Thank you!
The TA deals with data once it is coming into Splunk; you have to make that happen. The best way is either this:
http://www.georgestarcher.com/splunk-success-with-syslog/
Or this:
https://www.splunk.com/en_us/blog/tips-and-tricks/splunk-connect-for-syslog-turnkey-and-scalable-sys...
Are these Cisco Meraki Firewall logs on disk already?
Hi,
welcome to the community! As far as I can see, the TA does not define any inputs settings. These need to be defined on your indexer or in your case, the all-in-one instance.
Depending on the protocol, you either have to define a [tcp://]
or [udp://]
stanza in your inputs.conf configuration file.
Something like this:
[tcp:514] or [tcp://HOST:514]
or any other port if the device is able to select which ports it wants to send their logs.
Edit: You can simply create a local
directory inside of the TA and put the config file there.
Skalli
Hi There,
Thank you Very much for reply. I'm not that expert on Splunk yet, this is my first experiences about Splunk. DO you have any guide to follow?
Appreciate.
A starting point can be at Using Syslog-ng with Splunk
And please just look at the inputs.conf (links to the docs) for a basic configuration.
Skalli