Not receiving logs from Meraki appliances


(Syed Junaid) #1

Hello Team,

I’m not receiving logs from Meraki devices, Can some one please help. Much appreciated.

image


(Tess) #2

You have provided zero useful details. Nothing. Sorry :frowning: You’ve given nothing to work with. It’s like telling your mechanic “My car isn’t working”, while leaving your car at home.


(Syed Junaid) #3

I have configured Graylog on ubuntu to receive Cisco Meraki syslogs. I can see that message counts in Throughput / Metrics, but not appearing in received messages. Meraki device also configured successfully. Used port as 5570 UDP, These are located in same LAN. Please let me know if any details needed.


(Tess) #4

For each input, you can ask it to show all messages that it received. Try poking around in there, because it will explicitly show you which messages it is receiving. You indicate that message are coming in, but that you’re not seeing what you are expecting.

This would suggest that this:

Meraki device also configured successfully.

… is not true

When you check the receiver host with netstat, do you see connections to the input from the Meraki devices? When you check the network with Wireshark (or similar), do you see traffic coming from the Meraki boxen and going into the input?

Basic network troubleshooting. Draw yourself a diagram of the objects involved, the dataflows, the ports, etc. Then start checking each part of your drawing, one by one.


(Syed Junaid) #5

Thanks!

I have done the wireshark packet capture and confirmed Meraki is sending logs to the Graylog server. Also checked to see if rsyslog messages are being forwarded to the port by doing tcpdump. I’m not too good in Graylog, but will try to provide if any logs needed.

root@xxxxxxx:/home/xxxxx# netstat -peanut | grep “:5570”
udp6 45696 0 :::5570 :::* 125 57601 1204/java

listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
2 packets received by filter
0 packets dropped by kernel


(Tess) #6

BWAHAHA :smiley: That’s hilarious! Hadn’t seen that one yet…

With regards to the troubleshooting: your Wireshark seems to have run on the loopback interface; you won’t catch any Meraki input on there. 2 packets also surely does not count as actual log input from a network device. That’s not enough.