Cisco Meraki WAP Logs
Updated Jan 31, 2024Configure a Cisco Meraki WAP to send logs to Arctic Wolf
You can configure a Cisco Meraki® wireless access point (WAP) to send the necessary logs to Arctic Wolf®.
Requirements
-
An activated Arctic Wolf Sensor
-
Access to the Meraki Dashboard with administrator permissions
Before you begin
- This is an optional configuration. Discuss this log forwarding option with your Concierge Security® Team (CST).
Steps
Notes: If you change your Cisco Meraki WAP configuration settings after the initial set up, contact your Concierge Security® Team.
Step 1: Configure log forwarding
- Sign in to the Meraki Dashboard with administrator permissions.
- In the navigation menu, click Network-wide > General.
- In the Logging section, click Add a syslog server.
- In the Syslog servers table, configure these settings:
- Server IP — Enter the IP address of your Arctic Wolf physical or virtual sensor.
- Port — Keep the default UDP port value of
514
. - Roles — Select Security events and Appliance event log.
Note: Role options vary depending on licensing and your network type. For example, Switch or Combined hardware. Contact your CST for assistance with selecting roles for your WAP.
- Click Save.
- Determine if your WAP is configured with DHCP as this can generate additional logs:
- In the Cisco Meraki dashboard, click Wireless > Access points.
- Click your WAP. If the LAN IP value:
- Ends with (via DHCP) — Your WAP is configured with DHCP.
- Does not end with (via DHCP) — Your WAP is not configured with DHCP.
Step 2: Provide your Cisco Meraki WAP information to Arctic Wolf
-
Sign in to the Arctic Wolf Unified Portal.
-
Click the Tickets tab, and then do one of these actions:
- New customers — In the Ticket Type list, select Onboarding. Then, click the existing [Deploy] Site Config: <ticket_subject> ticket.
- Existing customers — Click Open a New Ticket.
-
On the Open a New Ticket page, configure these settings:
- What is this ticket related to? — Select General request.
- Subject — Enter
Syslog changes
. - Related ticket (optional) — Keep empty.
- Message — Enter this information for your Concierge Security® Team (CST):
- Confirmation that you completed the steps in this configuration guide.
- The IP address or hostname you used during the configuration.
- Questions or comments that you have.
-
Click Send Message.
Your CST will review the details and make sure that Arctic Wolf is successfully processing the logs.