Syslogs for Cisco Firepower/Meraki

Hello,

I'm not seeing any syslogs being collected correctly please advise?

I’m not seeing logs from Cisco Firepower?
Any logs coming into the Syslog from Meraki are being filtered, is this by design?

SELECT
   sensor_type Integration_Category,
   sensor_vendor Vendor,
   COUNT(*) Records,
   CAST(CAST(SUM(upload_size)/1024.0 AS DECIMAL(10,2)) AS VARCHAR)||'KB' Data_uploaded,
   CAST(DATE_DIFF('hour',MAX(ioc_created_at), NOW()) AS VARCHAR)||' Hours ago' Last_Update,
   ioc_worker_name
FROM mdr_ioc_all
GROUP BY 1,2,6
ORDER BY 1,2,6

Edited TAGs
[edited by: Gladys at 10:35 AM (GMT -8) on 19 Jan 2023]

Top Replies

Gladys 4 months ago +1

Hi Martyn Umpleby , Thank you for reaching out to the Sophos Community Forum. Can you please check if this article helps? This shows how you can integrate Cisco Firepower and Meraki with Sophos Central…

Parents

0 Gladys 4 months ago

Hi Martyn Umpleby ,

Thank you for reaching out to the Sophos Community Forum. Can you please check if this article helps? This shows how you can integrate Cisco Firepower and Meraki with Sophos Central.

Gladys Reyes
Global Community Support Engineer
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Martyn Umpleby 4 months ago in reply to Gladys

Hello Gladys,

This is the guide that was followed. Is there any debugging in Virtual appliance VM that could help?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Martyn Umpleby 4 months ago in reply to Martyn Umpleby

just to add I'm using Sophos Virtual Appliance;
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Gladys 4 months ago in reply to Martyn Umpleby

Hi Martyn Umpleby ,

Thank you for sharing more details. I am inquiring internally about what could be causing this. For clarification, is the OVA file configured and downloaded as described in this document? - docs.sophos.com/.../index.html

Before setting up the VM, you need to generate the appropriate OVA for the log collector. Additionally, the Cisco Meraki device needs to be configured to forward the syslogs to the Sophos OVA. Here's a Techvids video demonstrating this: https://techvids.sophos.com/share/watch/DGBMdhWcngheJGoCu7hCnt

This is just to confirm that everything has been configured correctly. I will follow up with this thread once I have more information.

Gladys Reyes
Global Community Support Engineer
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Martyn Umpleby 4 months ago in reply to Gladys

Correct those are the two guides that I've followed for the OVA - VM (Sophos Virtual Appliance),

The Syslog Meraki settings also, I've confirmed that Meraki cloud was sending correctly by settings up a 2nd separate syslog collector and this had no issues though I want to use Sophos to digest these logs.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Martyn Umpleby 4 months ago in reply to Gladys

Correct those are the two guides that I've followed for the OVA - VM (Sophos Virtual Appliance),

The Syslog Meraki settings also, I've confirmed that Meraki cloud was sending correctly by settings up a 2nd separate syslog collector and this had no issues though I want to use Sophos to digest these logs.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data