Hi,
this is a question that can only be anwered securely by comparing central and device logs, right?
Still you asked so here is my experience from other Cisco switches . Dontknow about Aironet and Meraki in Detail.
The "loudness" of your Cisco and any other device depends on the log level you setup in device config. For some devices this can be controlled in QRadar but for most of them its a local config parameter. Network type devices are special, cause audit messages often just include mainpulation of config data, local user and admin access etc. This is especilly true for Cisco networking devices. Of course you can create logs about many events . This includes flow type configuration and logging. Pls check there. Regarding audit log only it may well be that your device remains silent for many days resulting in error state inside Qradar.
As outlined before, just a wild guess from monitoring experience. Pls double check yourself or contact your network admin. Stduying of device documentation will help as well.
------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------
Original Message:
Sent: Fri September 15, 2023 07:03 PM
From: PRASHANT YADAV
Subject: Cisco Aironet, Cisco Meraki and other switches are in error state, in Qradar.
Cisco Aironet and Cisco Meraki are sending logs but in gap of few days. Is this SEIM issues or device issues?
------------------------------
PRASHANT YADAV
------------------------------