Cisco Meraki WAP Logs
Updated Aug 31, 2023Configure a Cisco Meraki WAP to send logs to Arctic Wolf
Note: Before starting this procedure, discuss this log forwarding option with your Concierge Security® Team.
You can configure a Cisco Meraki® wireless access point (WAP) to send the necessary logs to Arctic Wolf for monitoring security information.
Requirements
- Activated Arctic Wolf Sensor
Steps
-
Sign in to the Cisco Meraki dashboard as an administrator.
-
In the navigation menu, click Network-wide > General.
-
In the Logging section, click Add a syslog server.
-
In the table, do the following:
- Server IP — Enter the IP address of your Arctic Wolf physical or virtual sensor.
- Port — Keep the default UDP port value of
514
. - Roles — Select Security events and Appliance event log from the list.
Note: Role options vary depending on your network type (for example, Switch or Combined hardware) and licensing. Consult with your Concierge Security® Team if you need assistance selecting roles for your WAP.
-
Click Save.
-
Determine if your WAP is configured with DHCP as this can generate additional logs:
- In the Cisco Meraki dashboard go to Wireless > Access points.
- Click your WAP, and then review the LAN IP setting.
-
Contact your Concierge Security® Team to inform them that you have configured syslog forwarding, and to validate that the logs are being ingested appropriately. Include the following information:
- Confirmation that you have completed the steps in this configuration guide.
- The IP address you used during the configuration.
- Any other questions or comments that you have.
- If your WAP is configured with DHCP.
Next steps
- Notify Arctic Wolf if you change your Cisco Meraki WAP configuration settings after the initial set up to ensure continuous monitoring.