USM Anywhere™

Cisco Meraki

When you configure Cisco Meraki to send log data to USM Anywhere, you can use the Cisco Meraki plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information
Device Details
Vendor Cisco
Device Type Wireless Access Point
Connection Type Syslog

Integrating Cisco Meraki

To configure Cisco Meraki to send log data to USM Anywhere.

  1. Open your Meraki dashboard.
  2. Select a device.
  3. Select Alerts & Administration.
  4. Scroll down to the Logging section and click Add a syslog server.
  5. Type the IP address of your USM Anywhere Sensor.
  6. Type port number 514.
  7. Choose which types of events to export:
    • Event Log —The messages from the dashboard under Monitor > Event Log.
    • Flows — Inbound and outbound traffic flow-generated syslog messages that include the source, destination, and port numbers.
    • URL— HTTP GET requests generating syslog entries.

Note: You can direct each type of traffic to a different syslog server.

Plugin Enablement

For plugin enablement information, see Adding AlienApps to an Asset.

Available Plugin Fields

The following plugin fields are important attributes extracted from the syslog message. The USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.

  • destination_address
  • destination_mac
  • destination_port
  • device_direction
  • device_event_category
  • duration
  • event_category
  • event_name
  • event_severity
  • event_subcategory
  • http_hostname
  • rep_device_rule_id
  • request_url
  • source_address
  • source_mac
  • source_port
  • transport_protocol
  • wireless_ap
  • wireless_channel

Additional Resources and Troubleshooting

For troubleshooting, refer to the vendor documentation: