I've installed an elastic agent server and added to it several windows machines and linux servers using the enrollment tokens.
Now that I've added the "Fortinet FortiGate Firewall Logs" integration in kibana and after configuring Fortinet to send syslog logs to the Elastic Agent address I wasn't able to receive any logs.
When adding an agent in kibana you're given a set of commands relative to the OS as well as an enrollment token to use when installing elastic agent on an endpoint but I'm not sure how that can be configured on Fortigate.
The Elastic Agent enrollment command should only be used to enroll the agent. Once you have got the agent enrolled into Fleet, you should be able to add other integrations to the same agent policy.
You may want to make sure that your agent has been enrolled successfully with Fleet and it's using the correct agent policy that you have added the Fortinet integration to.
Did you check if this isn't a network issue like a firewall or something?
The problem I'm facing is how to enroll a firewall into fleet, there are commands on how to do so for Linux. Windows, RPM, Debian..etc but not for firewalls and routers.
You can't install the agent in your routers/firewalls. You should configure your routers/firewalls to send syslog through UDP/TCP to your Elastic Agent hosted in a Linux/Windows host.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.