Anyone have LogDNA properly working with Meraki?

I’ve been using LogDNA for a couple of months now, and it has been instrumental in getting our VPN solution working as we migrate from local users to ActiveDirectory-based authentication. One area that we’re struggling with though is Meraki doesn’t follow the Syslog RFC, so the parsers for LogDNA don’t work properly. Support was able to help get some custom fields ingested, and that helps, but it still isn’t anywhere near where it should be. I started trying to work on something using SyslogNG to pre-parse the logs before sending them on, but I haven’t been able to get it working.

I would imagine I can’t be the first one trying to use Cisco Meraki syslogs, so I’m hoping someone has been able to figure out how to ingest them so that LogDNA can handle them properly.

Hey Jeremy!

Apologies for the long reply.

Digging around, it appears that Meraki doesn’t include the proper RFC 5452 headers with their logs (see IBM docs). We’ve put in a support case with Meraki to learn more/explore a workaround and would love if you’d add your voice to our case with them by submitting one of your own to help us help you. Tasks, I know. But this one is worth it.

The workaround you describe with syslog-ng is definitely viable. We’d be more than happy to help! Would you mind sharing how you’ve gone about setting up your Syslog-ng middleware? Or, if you prefer, you can email the Sales Engineering team here at LogDNA via sales-eng@logdna.com