Configure a Cisco Meraki WAP to send logs to Arctic Wolf

You can configure a Cisco Meraki® wireless access point (WAP) to send the necessary logs to Arctic Wolf®.

Requirements

• An activated Arctic Wolf Sensor

• Access to the Meraki Dashboard with administrator permissions

Before you begin

• This is an optional configuration. Discuss this log forwarding option with your Concierge Security® Team (CST).

Steps

1. Configure log forwarding.
2. Provide your Cisco Meraki WAP information to Arctic Wolf.

Step 1: Configure log forwarding

1. Sign in to the Meraki Dashboard with administrator permissions.
2. In the navigation menu, click Network-wide > General.
3. In the Logging section, click Add a syslog server.
4. In the Syslog servers table, configure these settings:
   • Server IP — Enter the IP address of your Arctic Wolf physical or virtual sensor.
   • Port — Keep the default UDP port value of 514.
   • Roles — Select Security events and Appliance event log.

     Note: Role options vary depending on licensing and your network type. For example, Switch or Combined hardware. Contact your CST for assistance with selecting roles for your WAP.

5. Click Save.
6. Determine if your WAP is configured with DHCP as this can generate additional logs:
   1. In the Cisco Meraki dashboard, click Wireless > Access points.
   2. Click your WAP. If the LAN IP value:
      • Ends with (via DHCP) — Your WAP is configured with DHCP.
      • Does not end with (via DHCP) — Your WAP is not configured with DHCP.

Step 2: Provide your Cisco Meraki WAP information to Arctic Wolf

1. Sign in to the Arctic Wolf Unified Portal.

2. Click the Tickets tab, and then do one of these actions:

   • New customers — In the Ticket Type list, select Onboarding. Then, click the existing [Deploy] Site Config: <ticket_subject> ticket.
   • Existing customers — Click Open a New Ticket.

3. On the Open a New Ticket page, configure these settings:

   • What is this ticket related to? — Select General request.
   • Subject — Enter Syslog changes.
   • Related ticket (optional) — Keep empty.
   • Message — Enter this information for your Concierge Security® Team (CST):
     • Confirmation that you completed the steps in this configuration guide.
     • The IP address or hostname you used during the configuration.
     • Questions or comments that you have.

4. Click Send Message.

   Your CST will review the details and make sure that Arctic Wolf is successfully processing the logs.

See also

• Cisco Meraki — Device Reporting - Syslog, SNMP, and API
• Cisco Meraki — Syslog Server Overview and Configuration
• Cisco Meraki — Syslog Event Types and Log Samples