Cisco Meraki - Configuring a Syslog Server

Linux System 

Step 1:  Install the syslog application: 

sysadmin@ubuntu:~$ sudo apt-get install syslog-ng 

 Once syslog-ng has been installed it needs to be configured to receive log messages from the MX.  These instructions will configure syslog-ng to store each of the role categories in their own log file.  There will be an individual log file for URLs, Event Logs, etc.  Alternatively, it could be configured to store all logs in one file.  Use any appropriate editor to make changes to the syslog-ng configuration file.  In this example nano is used to edit the file. 

sysadmin@ubuntu:~$ sudo nano /etc/syslog-ng/syslog-ng.conf 

The LAN IP of the MX in this example will be 192.168.10.1. The syslog server is listening on 192.168.10.241 UDP port 514. Update as needed to reflect the LAN IP of the MX and the syslog server being configured.  The first section of code will configure all syslog messages from the MX to be stored in /var/log/meraki.log.  The second section of code will use regular expressions to match each of the role categories and store them in individual log files.  Only one of the options needs to be configured. 

Step 2: Log all messages to /var/log/meraki.log: 

#define syslog source 

source s_net { udp(ip(192.168.10.241) port(514)); }; 

 #create filter to match traffic (this filter will catch all syslog messages that come from the MX 

filter f_meraki { host( "192.168.10.1" ); }; 

#define a destination for the syslog messages 

destination df_meraki { file("/var/log/meraki.log"); }; 

#bundle the source, filter, and destination rules together with a logging rule 

log { source ( s_net ); filter( f_meraki ); destination ( df_meraki ); };   

Step 3: Restart the syslog-ng process: 

sysadmin@ubuntu:~$ sudo /etc/init.d/syslog-ng restart