Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Overview

We are providing you with the steps to integrate your  Cisco Meraki  with Seceon SIEM so One can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for Log and Netflows forwarding.

Steps of Configuration

Netflow Redirection

NetFlow can be configured in Dashboard on the Network-wide > Configure > General page. NetFlow configuration settings are found under the Reporting header, with the following options: 

...

Reference:  https://documentation.meraki.com/MX/Monitoring_and_Reporting/NetFlow_Overview

Syslog Redirection

Syslog servers can be defined in the Dashboard from Network-wide > Configure > General.

...

Reference: https://documentation.meraki.com/zGeneral_Administration/Monitoring_and_Reporting/Syslog_Server_Overview_and_Configuration


VERIFICATION OF CONFIGURATION

Verification can be done either from CCE Server or from UI.

Using UI


STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS .

Image Added


STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .


Image Added


STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

Image Added


Using CCE SERVER

sudo tcpdump -i any host 514 (for logs) and 9995 (for flows) and host <IP address> -AAA” command should be running on the CCE server to check whether or not we are getting logs.