firewall.meraki

[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 How is the data sent to Devo? ] [ 4 Table structure ]

Introduction

The tags beginning with firewall.meraki identify events generated by Cisco Meraki. For additional Meraki data sources, see Cisco Meraki collector .

Valid tags and data tables

The full tag must have 3 levels. The first two are fixed as firewall.meraki. The third level identifies the type of events sent.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service	Tags	Data tables

Product / Service	Tags	Data tables
Firewall Meraki	`firewall.meraki.events`	`firewall.meraki.events`
	`firewall.meraki.flows`	`firewall.meraki.flows`
	`firewall.meraki.ids-alerts`	`firewall.meraki.idsAlerts`
	`firewall.meraki.urls`	`firewall.meraki.urls`

For more information, read more About Devo tags.

How is the data sent to Devo?

Data may be sent with a relay. Example relay rules:

            Source data: 
             Source tag: 
             Target tag: firewall.meraki.events
Sent without syslog tag: false
        Stop processing: true

         Source message: 
            Source data: 
             Source tag: 
             Target tag: firewall.meraki.flows
Sent without syslog tag: true
        Stop processing: true

         Source message: 
            Source data: 
             Source tag: 
             Target tag: firewall.meraki.idsAlerts
Sent without syslog tag: false
        Stop processing: true

Table structure

These are the fields displayed in these tables:

firewall.meraki.events
firewall.meraki.flows
firewall.meraki.idsAlerts
firewall.meraki.urls

firewall.meraki.events

Field	Type	Field transformation	Source field name	Extra fields

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
serverdate	`timestamp`
fwip	`ip4`	hostchain
fwname	`str`
logtype	`str`
message	`str`
description	`str`
protocol	`str`
source_ip	`ip4`
source_port	`str`
destination_ip	`ip4`
destination_port	`str`
spi	`str`
type	`str`
vpn_type	`str`
peer_contact_ip	`ip4`
peer_contact_port	`str`
peer_ident	`str`
connectivity	`str`
source_mac	`str`
destination_mac	`str`
subnet	`str`
dns	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	rawSource	✓

firewall.meraki.flows

Field	Type	Field transformation	Source field name	Extra fields

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
serverdate	`timestamp`
fwip	`ip4`	hostchain
fwname	`str`
logtype	`str`
srcIp	`ip4`
srcPort	`int4`
dstIp	`ip4`
dstPort	`int4`
proto	`str`
mac	`str`
pattern	`str`
icmpType	`str`
action	`str`	pattern
translatedSrcIp	`ip4`
translatedPort	`int4`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	rawSource	✓

firewall.meraki.idsAlerts

Field	Type	Field transformation	Source field name	Extra fields

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
serverdate	`timestamp`
fwip	`ip4`	hostchain
fwname	`str`
logtype	`str`
srcIp	`ip4`
srcPort	`int4`
dstIp	`ip4`
dstPort	`int4`
signature	`str`
priority	`int4`
tstamp	`timestamp`
dhost	`str`
direction	`str`
proto	`str`
message	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	rawSource	✓

firewall.meraki.urls

Field	Type	Field transformation	Source field name	Extra fields

Field	Type	Source field name	Extra fields
eventdate	`timestamp`
serverdate	`timestamp`
fwip	`ip4`	hostchain
fwname	`str`
logtype	`str`
srcIp	`ip4`
srcPort	`int4`
dstIp	`ip4`
dstPort	`int4`
mac	`str`
method	`str`
url	`str`
unknown	`str`
hostchain	`str`		✓
tag	`str`		✓
rawMessage	`str`	rawSource	✓

Devo latest