I have configured graylog on ubuntu 16.04 to receive Cisco Meraki syslogs. Problem is i can receive “localhost” logs but not picking any logs from Cisco.
So I’ve tested with “Syslog Test Message Utility 1.0” by creating test syslog messages from Another computer in LAN. So graylog receives that test syslog messages sent by “Syslog Test Message Utility” but it’s not picking any syslog from Cisco Meraki device.
Meraki device also configured successfully becasue it sending syslog, I’ve tested with Visual Syslog server on windows machine. Visual syslog server could receive syslogs time to time. SO,
What could be the problem. Appreciate your help.
Thank you so much.
could there be any Firewall inbetween Meraki and Graylog? And are you using the local syslog from the devices or is the Meraki cloud sending the logs to you?
Yeah i’ve checked Ubuntu firewall is showing as inactive. I think it’s not enabled by default.
Meraki Security appliance in our LAN, But the configuration all done in the cloud (Dashboard) but i’m not sure it’s sending from cloud or from local network. But received by the “Visual Syslog server”.
Things is i’m installed graylog on VM if windows firewall blocks the syslogs it should block “Syslog Test Message Utility” test syslogs also, but it isn’t. So what can be the problem?
It’s not default port, port is 1514, Is any other configuration need to done by conf files?
Really i couldn’t find out why the Graylog not receive the logs.
did a test message from the command-line reach Graylog? Yes it did. Find below. From Visual Syslog server (Sending from 192.168.94.155 (Local PC) to 192.168.94.210 (Graylog server)
Hi there…
Thank you so much for the reply. Let me explain.
192.168.94.155 and 192.168.94.7 is local IP address in the LAN (Laptops).
Syslog server is assign to 192.168.94.210
192.168.94.7 the laptop runs Ubuntu VM.
192.168.94.155 is Laptop use for send test syslogs as images.
First image: Sending from 192.168.94.155 (Local PC) to 192.168.94.210 (Graylog server)
@splash you are the only person that can debug your system.
@derPhlipsi and I have given you several indications where you can look, what might be tested - nobody from the outside is able to solve this. Special as you did not answer our questions.
If you cannot say for certain, that there is NOTHING inbetween Meraki and Graylog blocking a connection, check that first. Any firewall that is blocking, any misconfigurations of IP addresses and Port-numbers or any other network related issue cannot be debugged by us. You’ll need to do that yourself.
If you are sure that the issue is within Graylog, then come back and give more details.
E.g. Logs from Graylog and Elasticsearch, Input Configuration, Meraki Configuration, etc.
I mentioned before no any firewall between graylog and meraki. Only windows firewall. With disable windows firewall syslogs still not receiving.
But syslog can receive to Visual syslog server. There no any Mis-config of IP.
Command-line also reach to Graylog i’ve posted images. And also Syslog Test Message Utility 1.0 could receive test syslog messages form another Computer in same LAN - There are no any mis-config.
If you cannot say anything why don’t you openly say Graylog not support MERAKI before giving 1000 talks. It will help someone.
I’m Done with this tread nop i’m done with you.
Tread closed!!
Well, Graylog does support Meraki. I’ve been monitoring our Meraki infrastructure for the last 4 month or so with Graylog. So… YES, Graylog does support Meraki, since Syslog is a standard that both Graylog and Meraki can speak.
I’m sorry, I didn’t see that you said that. Looked for it and saw it now. Sorry.
Another Idea: Do you have any indexer failures? Have a look at System → Overview in your Graylog. Do you have any Indexer failures shown there?
