Cisco Meraki Logs
Updated Aug 31, 2023Configure a Cisco Meraki firewall to send logs to Arctic Wolf
Notes:
- If you change your Cisco Meraki® firewall configuration settings after the initial set up to send logs to Arctic Wolf, Arctic Wolf is not notified.
- For Arctic Wolf to monitor sensor-less sites, we recommend that you generate a Cisco Meraki API key for Arctic Wolf. See Configure Cisco Meraki to use the Cisco Meraki API for monitoring.
You can configure Cisco Meraki to send the necessary logs to Arctic Wolf for monitoring security information.
Requirements
- Activated Arctic Wolf Sensor
Steps
-
Sign in to the Cisco Meraki dashboard as an administrator.
-
In the navigation pane, click Network-wide > General.
-
In the Reporting section, click Add a syslog server.
-
In the table, do the following:
- Server IP — Enter the IP address of your Arctic Wolf sensor.
- Port — Keep the default UDP port value of 514.
- Roles — Select Security events, Flows, and URL from the list. (Optional) Add additional roles.
-
Click Save.
-
Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:
- Confirmation that you have completed the steps in this configuration guide.
- The IP address you used during the configuration.
- Any other questions or comments that you have.