Cisco Meraki Logs
Ship logs from Cisco Meraki to Logstash
Filebeat is a lightweight shipper that enables you to send your Cisco Meraki logs to Logstash and Elasticsearch. Configure Filebeat using the pre-defined examples below to start sending and analysing your Meraki logs.
Follow this step by step guide to get 'logs' from your system to Logit.io:
Step 1 - Configure Syslog Server
Configure your Cisco Meraki to write all logs to a single file and to send logs to a Syslog server.
View more details on how to configure Meraki Syslog.
Step 3 - Locate the configuration file
Step 4 - Configure Filebeat.yml
The configuration file below is pre-configured to send data to your Logit.io Stack.
Copy the configuration file below and overwrite the contents of the Filebeat configuration file typically located at
# ============================== Filebeat inputs =============================== filebeat.inputs: - type: udp max_message_size: 10MiB host: "0.0.0.0:514" enabled: true fields: type: fields_under_root: true encoding: utf-8 ignore_older: 12h # ================================== Outputs =================================== output.logstash: hosts: ["your-logstash-host:your-ssl-port"] loadbalance: true ssl.enabled: true
If you’re running Filebeat 7, add this code block to the end. Otherwise, you can leave it out.
# ... For Filebeat 7 only ... filebeat.registry.path: /var/lib/filebeat
If you’re running Filebeat 6, add this code block to the end.
# ... For Filebeat 6 only ... registry_file: /var/lib/filebeat/registry
It’s a good idea to run the configuration file through a YAML validator to rule out indentation errors, clean up extra characters, and check if your YAML file is valid. Yamllint.com is a great choice.
Step 5 - Validate configuration
If you have issues starting in the next step, you can use these commands below to troubleshoot.
Let's check the configuration file is syntactically correct by running directly inside the terminal.
If the file is invalid, will print an
error loading config file error message with details on how to correct the problem.
sudo -e -c /etc//.yml
cd <EXTRACTED_ARCHIVE> sudo ./ -e -c .yml
cd <EXTRACTED_ARCHIVE> .\.exe -e -c .yml
Step 7 - Start filebeat
Start or restart to apply the configuration changes.
Step 8 - how to diagnose no data in Stack
If you don't see data appearing in your Stack after following the steps, visit the Help Centre guide for steps to diagnose no data appearing in your Stack or Chat to support now.
Step 9 - Check Logit.io for your logs
Now you should view your data:
If you don't see logs take a look at How to diagnose no data in Stack below for how to diagnose common issues.
Step 10 - Cisco Meraki Logging Overview
Cisco Meraki is a cloud-managed IT solution that offers a wide range of networking devices including wireless access points, switches, security appliances, and cameras. These devices are managed through a centralized dashboard that provides administrators with visibility and control over their network infrastructure.
Meraki devices generate logs that record various events and activities that occur on the network. These logs are used to monitor network performance, troubleshoot issues, and identify security threats.
Here are some common types of logs generated by Meraki devices:
System Logs: These logs record system-level events such as device startup, shutdown, and configuration changes.
Traffic Logs: These logs record details about network traffic such as source and destination IP addresses, protocols, and ports.
Security Logs: These logs record security-related events such as intrusion attempts, malware detections, and VPN connections.
Wireless Logs: These logs record wireless-specific events such as client associations, disassociations, and authentication failures.
Switch Logs: These logs record switch-specific events such as port status changes, VLAN assignments, and link failures.
Meraki devices provide real-time visibility into network activity through the dashboard, which can be used to search and filter logs based on various criteria such as time range, device, event type, and severity. The logs can also be exported for further analysis or integration with third-party tools.