This parser/content pack are used to log Meraki MX URL-events.
First download content pack from my github https://github.com/hrleinonen/graylog-meraki
File called “Cisco_Meraki_MX_Appliance_URLs.json” is for MX appliance events. It brings couple new search fields in Graylog3.
New fields are:
- AGENT = Browser agent (eg. Mozilla Firefox)
- REQUEST = Http request (eg. POST)
- SRCIP = Source IP-address (eg. 10.10.101.101)
- SRCPORT = Source port (eg. 23434)
- DSTIP = Destination IP-address (eg. 126.96.36.199)
- DSTPORT = Destination port (eg. 443)
Upload file to Graylog3 using instruction from my blog https://www.hacknetwork.org/?p=167
Now open Meraki dashboard and choose correct network.
Find part called reporting.
Add your Graylog-server IP-address, port 5555 and choose Appliance event log role. Click save after this. Now your should see traffic in your graylog input.