cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
608
Views
0
Helpful
1
Replies

Processing Meraki MX Syslogs to Broadcom CloudSOC

MiamiSteve
Level 1
Level 1

I've read Cisco docs and format examples but not overly helpful.

Scenario: 

  1. I send Meraki MX syslogs (URL, FLOW) to Kiwi Syslog. 
  2. Then Syslog forwards those logs to another host (a Broadcom virtual appliance called SpanVA.) 
  3. SpanVA has a connection to the Broadcom CloudSOC CASB.
  4. CloudSOC doesn't have a predefined datasource for Meraki MX so the have a tool called Elastica Flex that uses JSON and you write a custom config for any syslog source.
  5. I've tried and tried and can't get it right!
  6. Does anyone have any experience trying to do this or can make sense of the documentation?
  7. Including links that may help.
  8. Thanks!!!
  9.   https://documentation.meraki.com/General_Administration/Monitoring_and_Reporting/Syslog_Server_Overview_and_Configuration
  10. https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/symantec-cloudsoc/cloud/audit-home/flex-home.html
  11. My config... {"logformat":"delimited",
    "delimiter":" ",
    "date_format":"MM dd",
    "date_index":"1",
    "time_format":"HH:mm:ss",
    "time_index":"3",
    "sent_value":"1",
    "rcvd_value":"1",
    "bytes_value":"1"}
1 Reply 1

Yettt
Level 1
Level 1

Hello sir,
May I know the way that you configured syslog on Cisco Meraki to syslog server? 
Since I follow the guideline from Meraki but it isn't working, the syslog server doesn't receive any event. Could you share me the best practice?

Thank you!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: