Cisco Meraki sample event messages

Use these sample event messages as a way of verifying a successful integration with QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Cisco Meraki sample messages when you use the Syslog protocol

Sample 1: The following sample event message shows an outbound flow event that is used to initiate an IP session. It also shows the source, destination, and port number values along with the firewall rule that they matched.

<134>1 1515988859.626061236 appliance flows src=172.21.84.107 dst=10.52.193.137 mac=5C:E0:C5:22:85:E4 protocol=tcp sport=50395 dport=443 pattern: allow all
Table 1. Highlighted fields
QRadar field name Highlighted payload field name
Event ID In QRadar, the value is always Outbound Flow Allow for these types of events.
Source IP src
Destination IP dst
Destination MAC mac
Protocol protocol
Source Port sport
Destination Port dport

Sample 2: The following sample event message shows a security event that is generated when an array out of bounds write attempt is made. It also shows the source, destination, port numbers, destination MAC, and protocol values.

<134>1 1516050030.553653046 cisco.meraki.test security_event ids_alerted signature=1:45148:1priority=1 timestamp=1516050030.236281 dhost=00:00:5E:00:53:BC direction=ingress protocol=tcp/ip src=10.79.70.235:80 dst=172.21.47.130:61019 message: BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt
Table 2. Highlighted fields
QRadar field name Highlighted payload field name
Event ID signature
Source IP src
Source Port The value that is used for the Source Port displays after the colon in the src value. For example, 80.
Destination IP dst
Destination Port The value that is used for the Destination Port displays after the colon in the dst value. For example, 61019.
Destination MAC dhost
Protocol protocol