First download content pack from my github https://github.com/hrleinonen/graylog-meraki
File called “Cisco_Meraki_MX_Appliance_Events.json” is for MX appliance events. It brings couple new search fields in Graylog3.
New fields are:
- EVENT_TYPE = Event type (eg. IDS, content_filtering_block or dhcp)
- SPI = Security Parameter Index (eg. 53afbb30231007)
- URL_CATEGORY = Category where blocked site belongs (eg. Malware)
Upload file to Graylog3 using instruction from my blog https://www.hacknetwork.org/?p=167
Now open Meraki dashboard and choose correct network.
Find part called reporting.
Add your Graylog-server IP-address, port 5557 and choose Appliance event log role. Click save after this. Now your should see traffic in your graylog input.