| Table of Contents | ||||
|---|---|---|---|---|
|
...
Valid tags and data tables
The full tag must have at least 3 levels. The first two are fixed as network.meraki. The third level identifies the type of events sent. The fourth, fifth, and sixth levels indicate the event subtypes and are used in the network.meraki.api tags.
Technology | Brand | Type | Subtype | Subtype | Subtype |
|---|---|---|---|---|---|
network | meraki |
| <subtype> | <version> | <format> |
| - | - | - |
...
Tag | Data table |
|---|---|
network.meraki.api.<subtype>.<version>.<format> |
|
network.meraki.events | network.meraki.events |
network.meraki.flows | network.meraki.flows |
network.meraki.ids.alerts | network.meraki.idsAlerts |
network.meraki.urls | network.meraki.urls |
network.meraki.airmarshal_events | network.meraki.airmarshal_events |
network.meraki.events.switch | network.meraki.events.switch |
network.meraki.security_events | network.meraki.security_events |
How is the data sent to Devo?
To send logs to the network.meraki.api.events and network.meraki.api.security_events tables, Devo provides a collector that you can download and use to send the required events to your Devo domain. You can learn how to use it in Cisco Meraki collector.
...
Source port → 13005
Target tag → network.meraki.switch
Check the Stop processing and Sent without syslog tag checkboxes
...
| Anchor | ||||
|---|---|---|---|---|
|
...
Source port → 13005
Source data → [^ ]+ [^ ]+ ([^ ]+) .*
Target tag → network.meraki.\\D1
Target message → \\D0
Check the Stop processing and Sent without syslog tag checkboxes
...
Configure log forwarding from Meraki
...