TEAM: Huntress Managed Security Information and Event Management (SIEM)
PRODUCT: Firewall Syslog
ENVIRONMENT: Meraki MX Security Appliance
SUMMARY: Configuration Guide for Meraki MX Security Appliance

Vendor Information
Device Configuration Checklist
Example Log Messages
- Firewall Allow
- Content Filter Block

Vendor Information

Vendor	Cisco
Supported Model Name/Number	Meraki MX Security Appliance
Supported Software Version(s)
Collection Method	Syslog
Provider Name	Syslog-Meraki
Additional Information	Meraki Device Reporting Syslog Event Types

Device Configuration Checklist

Log into the Meraki dashboard
Navigate to Network-Wide > Configure > General
Scroll down to the Reporting section
Click on Add a syslog server
<image>
Set the IP Address to the IP of the Huntress agent collecting syslog
Set the Port to 514
Add to roles: Security events and Appliance event log

Example Log Messages

Firewall Allow

<134>1 1740758786.326960869 hostname firewall src=192.168.100.10 dst=1.2.3.4 mac=00:15:5D:64:B8:01 protocol=udp sport=58232 dport=53 pattern: allow all

Content Filter Block

<134>1 1740759085.123643628 hostname events content_filtering_block url='https://oneclient.sfx.ms/...' category0='Online Storage and Backup' server='23.40.69.79:443' client_mac='0C:37:96:9E:7B:01'

Vendor Information

Device Configuration Checklist

Example Log Messages

Firewall Allow

Content Filter Block

Related articles