Graylog Not Picking syslog from Cisco Meraki


(Nuwantha D) #1

Hi Graylog community.

I have configured graylog on ubuntu 16.04 to receive Cisco Meraki syslogs. Problem is i can receive “localhost” logs but not picking any logs from Cisco.

So I’ve tested with “Syslog Test Message Utility 1.0” by creating test syslog messages from Another computer in LAN. So graylog receives that test syslog messages sent by “Syslog Test Message Utility” but it’s not picking any syslog from Cisco Meraki device.

Meraki device also configured successfully becasue it sending syslog, I’ve tested with Visual Syslog server on windows machine. Visual syslog server could receive syslogs time to time. SO,

What could be the problem. Appreciate your help.
Thank you so much. :grinning::grinning:


Not receiving syslog from Cisco Meraki
(Philipp Ruland) #2

Heyo @splash,

could there be any Firewall inbetween Meraki and Graylog? And are you using the local syslog from the devices or is the Meraki cloud sending the logs to you?

Greetings,
Philipp


(Nuwantha D) #3

Hi DerPhlipsi,

Thank you so much for the reply.

Yeah i’ve checked Ubuntu firewall is showing as inactive. I think it’s not enabled by default.

Meraki Security appliance in our LAN, But the configuration all done in the cloud (Dashboard) but i’m not sure it’s sending from cloud or from local network. But received by the “Visual Syslog server”.

Things is i’m installed graylog on VM if windows firewall blocks the syslogs it should block “Syslog Test Message Utility” test syslogs also, but it isn’t. So what can be the problem?

It’s not default port, port is 1514, Is any other configuration need to done by conf files?

Really i couldn’t find out why the Graylog not receive the logs.

Appreciate your help.


(Jan Doberstein) #4

@splash you should debug starting from your device that sends messages.

You just need to check all ways the package (with the message) will take and check if it passes or not.


(Nuwantha D) #5

Hi DerPhlipsi,

Thank you so much for the reply.

can this device reach Graylog IP and Port?

  • did a test message from the command-line reach Graylog?
    Yes it did. Find below.
    From Visual Syslog server (Sending from 192.168.94.155 (Local PC) to 192.168.94.210 (Graylog server)

From Command line (Localhost)

is the Input running?

Thank you so much for help.Appreciate. :smiley::smiley:


(Jan Doberstein) #6

is the Visual Syslog Server on 192.168.94.155 the same device that sends the logs from Meraki?


(Nuwantha D) #7

Hi there…
Thank you so much for the reply. Let me explain.

192.168.94.155 and 192.168.94.7 is local IP address in the LAN (Laptops).
Syslog server is assign to 192.168.94.210
192.168.94.7 the laptop runs Ubuntu VM.
192.168.94.155 is Laptop use for send test syslogs as images.

First image:
Sending from 192.168.94.155 (Local PC) to 192.168.94.210 (Graylog server)

Thank you.


(Jan Doberstein) #8

He @splash

Are you able to send test messages from your MERAKI to Graylog? That is what you need to test.


(Nuwantha D) #9

Hi Jan Doberstein

Thank you so much for the reply.

Yes that what i need. But Graylog not receiving Syslogs from Meraki.

Thank you so much for help.Appreciate


(Nuwantha D) #10

Hi dear Jan Doberstein,

i’m Looking for solution yet. :smiley::smiley:

Thank you.


(Jan Doberstein) #11

@splash you are the only person that can debug your system.

@derPhlipsi and I have given you several indications where you can look, what might be tested - nobody from the outside is able to solve this. Special as you did not answer our questions.

I’m done in this thread.


(Philipp Ruland) #12

Well, again the question that you never answered:

If you cannot say for certain, that there is NOTHING inbetween Meraki and Graylog blocking a connection, check that first. Any firewall that is blocking, any misconfigurations of IP addresses and Port-numbers or any other network related issue cannot be debugged by us. You’ll need to do that yourself.

If you are sure that the issue is within Graylog, then come back and give more details.
E.g. Logs from Graylog and Elasticsearch, Input Configuration, Meraki Configuration, etc.

Greetings,
Philipp


(Nuwantha D) #13

Hello,

I mentioned before no any firewall between graylog and meraki. Only windows firewall. With disable windows firewall syslogs still not receiving.

But syslog can receive to Visual syslog server. There no any Mis-config of IP.

Command-line also reach to Graylog i’ve posted images. And also Syslog Test Message Utility 1.0 could receive test syslog messages form another Computer in same LAN - There are no any mis-config.

If you cannot say anything why don’t you openly say Graylog not support MERAKI before giving 1000 talks. It will help someone.

I’m Done with this tread :joy::joy: nop i’m done with you.
Tread closed!!


(Philipp Ruland) #14

Well, Graylog does support Meraki. I’ve been monitoring our Meraki infrastructure for the last 4 month or so with Graylog. So… YES, Graylog does support Meraki, since Syslog is a standard that both Graylog and Meraki can speak.

I’m sorry, I didn’t see that you said that. Looked for it and saw it now. Sorry.

Another Idea: Do you have any indexer failures? Have a look at System -> Overview in your Graylog. Do you have any Indexer failures shown there?

Greetings,
Philipp


(Nuwantha D) #15

Hi DerPhlipsi,

I’ve moved with another product. Installed and works fine. Could receive Meraki Syslog.

Thanks!


(system) #16

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.