All Apps and Add-ons

How to configure Splunk to receive syslogs from Cisco Meraki MX?

nuwantha
New Member

Hi There,

I am Nuwantha, i'm trying Splunk free for receive Cisco Meraki Firewall logs.
But i still couldn't configure. I tried TA-Meraki that i found on the internet but no luck. Please help to configure Splunk to receive Meraki MX logs. Appreciate.

Thank you!

0 Karma

woodcock
Esteemed Legend

The TA deals with data once it is coming into Splunk; you have to make that happen. The best way is either this:
http://www.georgestarcher.com/splunk-success-with-syslog/
Or this:
https://www.splunk.com/en_us/blog/tips-and-tricks/splunk-connect-for-syslog-turnkey-and-scalable-sys...

0 Karma

ddrillic
Ultra Champion

Are these Cisco Meraki Firewall logs on disk already?

0 Karma

skalliger
SplunkTrust
SplunkTrust

Hi,

welcome to the community! As far as I can see, the TA does not define any inputs settings. These need to be defined on your indexer or in your case, the all-in-one instance.

Depending on the protocol, you either have to define a [tcp://] or [udp://] stanza in your inputs.conf configuration file.
Something like this:

[tcp:514] or [tcp://HOST:514]
or any other port if the device is able to select which ports it wants to send their logs.

Edit: You can simply create a local directory inside of the TA and put the config file there.

Skalli

nuwantha
New Member

Hi There,

Thank you Very much for reply. I'm not that expert on Splunk yet, this is my first experiences about Splunk. DO you have any guide to follow?
Appreciate.
alt text

0 Karma

ddrillic
Ultra Champion

A starting point can be at Using Syslog-ng with Splunk

0 Karma

skalliger
SplunkTrust
SplunkTrust

And please just look at the inputs.conf (links to the docs) for a basic configuration.

Skalli

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...