Cisco Meraki products are built from the ground up for cloud management and come out of the box with centralized management, layer 7 device and application visibility, real-time web-based diagnostics, monitoring, reporting, and much, much more.
Data source description
Source
Description
Devo data tables
Meraki organization changelog
Displays changes made in any network within the current Organization since it was created. This includes configuration changes made to all types of devices, not just administrative changes to the Dashboard. Each time a change is made an event in the ChangeLog will be generated.
cloud.meraki.api.changelog
MX security events
Display security events generated by MX Appliances for each existing network. These events are logged as a result of the Connection Monitoring tests failing.
network.meraki.api.security_events
Appliance/Switch/Wireless Event Log
Display network events generated by all managed MR/SM/MS/MV devices for each existing network.
We use a piece of software called Collector Server to host and manage all our available collectors.If you want us to host this collector for you, get in touch with us and we will guide you through the configuration.
Rw tab
title
On-premise collector
This data collector can be run in any machine that has the Docker service available because it should be executed as a docker container. The following sections explain how to prepare all the required setup for having the data collector running.
Structure
The following directory structure should be created for being used when running the Cisco Meraki collector:
In the Collector ServerGUI, access the domain in which you want this instance to be created
Click Add Collector and find the one you wish to add.
In the Version field, select the latest value.
In the Collector Name field, set the value you prefer (this name must be unique inside the same Collector Server domain).
In the sending method select Direct Send. Direct Send configuration is optional for collectors that create Table events, but mandatory for those that create Lookups.
In the Parameters section, establish the Collector Parameters as follows below:
In Devo, go to Administration → Credentials → X.509 Certificates, download the Certificate, Private key and Chain CA and save them in <any directory>/devo-collectors/cisco_meraki/certs. Learn more about security credentials in Devo here.
Image Removed
Editing the config-cisco_meraki.yaml file
In the config-cisco_meraki.yaml file, replace the <short_unique_identifier>, <api_key> values and enter the ones that retrieved in the previous steps. In the <short_unique_identifier> placeholder, enter the chosen value.
Code Block
globals:
debug: false
id: not_used
name: cisco_meraki
persistence:
type: filesystem"api_key": "<api_key>",
"start_time": "2021-01-01T00:00:00.000000Z"
},
"changelog": {
"api_key": "<api_key>","start_time":"2021-01-01T00:00:00.000000Z"}} # File system persistence ON
config:
directory_name: state # Directory where the persistence will be saved in case of using filesystem
outputs:
devo_1: }
}
Info
Replace the placeholders <short_unique_identifier> and <api_key> with the proper values (obtained in previous sections of this document, except the <short_unique_identifier> valuethat can have the value you choose).
The value chosen for the id field will be used internally for having independent persistence areas.
Image Added
Rw tab
title
On-premise collector
This data collector can be run in any machine that has the Docker service available because it should be executed as a docker container. The following sections explain how to prepare all the required setup for having the data collector running.
Structure
The following directory structure should be created for being used when running the Cisco Meraki collector:
In Devo, go to Administration → Credentials → X.509 Certificates, download the Certificate, Private key and Chain CA and save them in <any directory>/devo-collectors/cisco_meraki/certs. Learn more about security credentials in Devo here.
Image Added
Editing the config-cisco_meraki.yaml file
In the config-cisco_meraki.yaml file, replace the <short_unique_identifier>, <api_key> values and enter the ones that retrieved in the previous steps. In the <short_unique_identifier> placeholder, enter the chosen value.
Code Block
globals:
debug: false
id: not_used
name: cisco_meraki
persistence:
type: filesystem#Thevalueofthisfieldwillbeusedinternallyforhavingindependentpersistenceareasenabled:truerequests_per_second: 5 # File system persistence ONconfig:directory_name:state#SetuphowmanyrequestAPIporsecondservices:#Directorywherethepersistencewillbesavedincaseofusingfilesystemoutputs:devo_1:#Servicesavailableforthiscollector areAlerts, SecureScoreandSecurescorecontrolprofilenetwork-events:#CloudDevoconfigapi_key: '<api_key>' EU (for US use collector-us.devo.io)type:devo_platformconfig:address:eu.elb.relay.logtrust.net# API Key obtained in the Meraki profile
port: 443
type: SSLstart_timechain: '2021-01-01T00:00:00.000000Z'chain.crtcert: <your_domain>.crt#CollectorInitial time.
key: <your_domain>.key
inputs:cisco_meraki:security-events:id:<short_unique_identifier>api_key:'<api_key>'#Thevalueofthisfieldwillbeusedinternallyforhaving#independentAPIpersistenceKeyareasobtainedintheMerakiprofileenabled: truerequests_per_second:5start_time:'2021-01-01T00:00:00.000000Z'#CollectorInitialtime.changelog:api_key: '<api_key>' # Setup how many request API por secondservices:#APIKeyobtainedintheMerakiprofilestart_time: '2021-01-01T00:00:00.000000Z' # Collector Initial time.
Note
The “start_time” fields must have the following format:
The Security-events Service may generate error logs if you do not have an MX appliance.
Download the Docker image
The collector should be deployed as a Docker container. Download the Docker image of the collector as a .tgz file by clicking the link in the following table:
The following Docker Compose file can be used to execute the Docker container. It must be created in the <any_directory>/devo-collectors/cisco_meraki/ directory.
To run the container using docker-compose, execute the following command from the <any_directory>/devo-collectors/cisco_meraki/ directory:
Code Block
IMAGE_VERSION=<version> docker-compose up -d
Note
Replace <version> with the required value.
Activeboards
A number of predefined dashboards that make use of the configured collectors can be downloaded here. To instantiate them, follow these instructions:
Create a new Devo Activeboard in your domain.
In edit mode, click on the ellipsis button and select Edit raw configuration.
Open the downloaded file, select all the text, and copy it to the clipboard.
Paste the contents of the file in the raw editor. Make sure you replace completely the existing configuration.
Click on Save changes. The dashboard should show up immediately.
Change log for 1.x.x
...
Release
...
Released on
...
Release type
...
Details
...
Recommendations
...
v1.3.0
...
...
Status
colour
Purple
title
FEATURE
Status
colour
Yellow
title
VULNS
Status
colour
Green
title
IMPROVEMENTS
...
New features:
The resilience has been improved with a new feature that restart the collector when the Devo connections is lost and it cannot be recovered.
Improvements:
The underlay IFC SDK has been updated to v1.1.3.
Vulnerabilities mitigation:
All critical and high vulnerabilities have been mitigated.
...
Upgrade
...
v1.3.2
...
...
Status
colour
Yellow
title
VULNS
...
Vulnerabilities mitigation:
All critical and high vulnerabilities have been mitigated.
...
Upgrade
...
v1.3.4
...
...
Status
colour
Green
title
IMPROVEMENTS
Status
colour
Red
title
BUG FIX
Improvements:
When the Meraki API returns an HTTP CODE 429 (Too many requests), the collector handle it to avoid overflooding.
Bug fixes:
...
# Services available for this collector are Alerts, Secure Score and Secure score control profile
network-events:
api_key: '<api_key>' # API Key obtained in the Meraki profile
start_time: '2021-01-01T00:00:00.000000Z' # Collector Initial time.
security-events:
api_key: '<api_key>' # API Key obtained in the Meraki profile
start_time: '2021-01-01T00:00:00.000000Z' # Collector Initial time.
changelog:
api_key: '<api_key>' # API Key obtained in the Meraki profile
start_time: '2021-01-01T00:00:00.000000Z' # Collector Initial time.
Note
The “start_time” fields must have the following format:
The Security-events Service may generate error logs if you do not have an MX appliance.
Download the Docker image
The collector should be deployed as a Docker container. Download the Docker image of the collector as a .tgz file by clicking the link in the following table:
The following Docker Compose file can be used to execute the Docker container. It must be created in the <any_directory>/devo-collectors/cisco_meraki/ directory.
To run the container using docker-compose, execute the following command from the <any_directory>/devo-collectors/cisco_meraki/ directory:
Code Block
IMAGE_VERSION=<version> docker-compose up -d
Note
Replace <version> with the required value.
Activeboards
In Exchange a number of predefined dashboards that make use of the configured collectors can be installed directly in your domain to start working with your data.
Change log
Release
Released on
Release type
Details
Recommendations
v1.7.0
Status
colour
Green
title
IMPROVEMENTS
Status
colour
Red
title
BUG FIX
Bug fixes:
Changed the api_mode to false in metadata file.
Improvements:
Update DCSDK from 1.11.1 to 1.12.2
Added new sender for relay in house + TLS
Added persistence functionality for gzip sending buffer
Added Automatic activation of gzip sending
Improved behaviour when persistence fails
Upgraded DevoSDK dependency
Fixed console log encoding
Restructured python classes
Improved behavior with non-utf8 characters
Decreased defaut size value for internal queues (Redis limitation, from 1GiB to 256MiB)
New persistence format/structure (compression in some cases)
Removed dmesg execution (It was invalid for docker execution)
DevoSDK has been updated to version 5.4.0
Updated the docker base image to 1.3.0
Recommended version
v1.6.0
Status
colour
Green
title
IMPROVEMENTS
Status
colour
Red
title
BUG FIX
Improvements:
Update DCSDK from 1.10.2 to 1.11.1
Updated DevoSDK to v5.1.10
Fix for SyslogSender related to UTF-8
Enhace of troubleshooting. Trace Standardization, Some traces has been introduced.
Introduced a mechanism to detect "Out of Memory killer" situation.
Updated DevoSDK to v5.1.9.
Fixed some bug related to development on MacOS.
Added an extra validation and fix when the DCSDK receives a wrong timestamp format.
Added an optional config property for use the Syslog timestamp format in a strict way.
Bug fixing:
Programmatically updated the start date if more than 7 days old.
Upgrade
v1.5.1
Status
colour
Green
title
IMPROVEMENTS
Status
colour
Red
title
BUG FIX
Improvements:
Update DCSDK from 1.9.0 to 1.10.2
Changed log level to some messages from info to debug
Changed some wrong log messages
Upgraded some internal dependencies
Changed queue passed to setup instance constructor
Ability to validate collector setup and exit without pulling any data
Ability to store in the persistence the messages that couldn't be sent after the collector stopped
Ability to send messages from the persistence when the collector starts and before the puller begins working
Ensure special characters are properly sent to the platform
Bug fixing:
Fixed the API parameters to get the correct data to avoid repeated API calls and hence the delay in security events.
Upgrade
v1.4.0
Status
colour
Green
title
IMPROVEMENTS
Status
colour
Red
title
BUG FIX
Improvements:
Update DCSDK from 1.1.4 to 1.9.0
Ability to validate collector setup and exit without pulling any data
Ability to store in the persistence the messages that couldn't be sent after the collector stopped
Ability to send messages from the persistence when the collector starts and before the puller begins working
Ensure special characters are properly sent to the platform
Added a lock to enhance sender object
Added new class attrs to the setstate and getstate queue methods
Fix sending attribute value to the setstate and getstate queue methods
Added log traces when queues are full and have to wait
Added log traces of queues time waiting every minute in debug mode
Added method to calculate queue size in bytes
Block incoming events in queues when there are no space left
Send telemetry events to Devo platform
Upgraded internal Python dependency Redis to v4.5.4
Upgraded internal Python dependency DevoSDK to v5.1.3
Fixed obfuscation not working when messages are sent from templates
New method to figure out if a puller thread is stopping
Upgraded internal Python dependency DevoSDK to v5.0.6
Improved logging on messages/bytes sent to Devo platform
Fixed wrong bytes size calculation for queues
New functionality to count bytes sent to Devo Platform (shown in console log)
Upgraded internal Python dependency DevoSDK to v5.0.4
Fixed bug in persistence management process, related to persistence reset
Aligned source code typing to be aligned with Python 3.9.x
Inject environment property from user config
Obfuscation service can be now configured from user config and module definiton
Obfuscation service can now obfuscate items inside arrays
Bug fixing:
Updated the limits of the API: The limits have been modified with the official values. This fixes throttling issues.
Upgrade
v1.3.7
Status
colour
Red
title
BUG FIX
Bug fixing:
Fixed a bug in the security-events service (MX events) when no new events are received.
Upgrade
v1.3.6
Status
colour
Green
title
IMPROVEMENTS
Status
colour
Red
title
BUG FIX
Improvements:
The number of debug traces has been increased to provide better visibility when troubleshooting.
The network_security_events (MX) service has been enhanced with new logic that avoids requesting MX events from networks without MX appliances. This reduces the number of unnecessary API requests to Meraki that were returning 400 HTTP CODE.
Meraki Python package has been upgraded from v1.18.2 to v1.22.1
The events are sent to Devo in batches, increasing the performance.
Bug fixing:
Fixed a bug where the data extraction services via network_event_log and network_security_events stopped pulling events after retrieving the first page of 1,000 events. This behavior was causing some delay in the ingest in networks with a high volume of events.
Fixed how persistence of the network_security_events service is handled and it now stores a unique save point for each available network instead of one for all networks.
Fixed a bug where events were being sent to Devo without proper ordering. Now all events are ordered from the origin by the API.
Upgrade
v1.3.5
Status
colour
Green
title
IMPROVEMENTS
Status
colour
Red
title
BUG FIX
Improvements:
The number of debug traces has been increased to provide better visibility when troubleshooting.
Bug fixes:
Logging AssertionError trace thrown when requesting invalid product types from networks without those product types is now logged in debug level.
Upgrade
v1.3.
6
4
03 Aug
Status
colour
Green
title
IMPROVEMENTS
Status
colour
Red
title
BUG FIX
Improvements:
The number of debug traces has been increased to provide better visibility when troubleshooting.
The network_security_events (MX) service has been enhanced with new logic that avoids requesting MX events from networks without MX appliances. This reduces the number of unnecessary API requests to Meraki that were returning 400 HTTP CODE.
Meraki Python package has been upgraded from v1.18.2 to v1.22.1
The events are sent to Devo in batches, increasing the performance.
Bug fixing:
Fixed a bug where the data extraction services via network_event_log and network_security_events stopped pulling events after retrieving the first page of 1,000 events. This behavior was causing some delay in the ingest in networks with a high volume of events.
Fixed how persistence of the network_security_events service is handled and it now stores a unique save point for each available network instead of one for all networks.
Fixed a bug where events were being sent to Devo without proper ordering. Now all events are ordered from the origin by the API.
Upgrade
v1.3.7
Status
colour
Red
title
BUG FIX
Bug fixing:
Fixed a bug in the security-events service (MX events) when no new events are received.
Recommended version
Improvements:
When the Meraki API returns an HTTP CODE 429 (Too many requests), the collector handle it to avoid overflooding.
Bug fixes:
Some error messages were logged at the debug level and are now logged at the error level correctly.
Upgrade
v1.3.2
Status
colour
Yellow
title
VULNS
Vulnerabilities mitigation:
All critical and high vulnerabilities have been mitigated.
Upgrade
v1.3.0
Status
colour
Purple
title
FEATURE
Status
colour
Yellow
title
VULNS
Status
colour
Green
title
IMPROVEMENTS
New features:
The resilience has been improved with a new feature that restart the collector when the Devo connections is lost and it cannot be recovered.
Improvements:
The underlay IFC SDK has been updated to v1.1.3.
Vulnerabilities mitigation:
All critical and high vulnerabilities have been mitigated.
