Configure a Cisco Meraki WAP to send logs to Arctic Wolf

You can configure a Cisco Meraki® wireless access point (WAP) to send the necessary logs to Arctic Wolf for monitoring security information.

Requirements

• Activated Arctic Wolf Sensor

Steps

1. Sign in to the Cisco Meraki dashboard as an administrator.

2. In the navigation menu, click Network-wide > General.

3. In the Logging section, click Add a syslog server.

4. In the table, do the following:

   • Server IP — Enter the IP address of your Arctic Wolf physical or virtual sensor.
   • Port — Keep the default UDP port value of 514.
   • Roles — Select Security events and Appliance event log from the list.

     Note: Role options vary depending on your network type (for example, Switch or Combined hardware) and licensing. Consult with your Concierge Security® Team if you need assistance selecting roles for your WAP.

5. Click Save.

6. Determine if your WAP is configured with DHCP as this can generate additional logs:

   1. In the Cisco Meraki dashboard go to Wireless > Access points.
   2. Click your WAP, and then review the LAN IP setting.

7. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:

   • Confirmation that you have completed the steps in this configuration guide.
   • The IP address you used during the configuration.
   • Any other questions or comments that you have.
   • If your WAP is configured with DHCP.

Next steps

• Notify Arctic Wolf if you change your Cisco Meraki WAP configuration settings after the initial set up to ensure continuous monitoring.

See also

• Cisco Meraki — Device Reporting - Syslog, SNMP, and API
• Cisco Meraki — Syslog Server Overview and Configuration
• Cisco Meraki — Syslog Event Types and Log Samples