I've installed an elastic agent server and added to it several windows machines and linux servers using the enrollment tokens.
Now that I've added the "Fortinet FortiGate Firewall Logs" integration in kibana and after configuring Fortinet to send syslog logs to the Elastic Agent address I wasn't able to receive any logs.
When adding an agent in kibana you're given a set of commands relative to the OS as well as an enrollment token to use when installing elastic agent on an endpoint but I'm not sure how that can be configured on Fortigate.
The Elastic Agent enrollment command should only be used to enroll the agent. Once you have got the agent enrolled into Fleet, you should be able to add other integrations to the same agent policy.
You may want to make sure that your agent has been enrolled successfully with Fleet and it's using the correct agent policy that you have added the Fortinet integration to.
The problem I'm facing is how to enroll a firewall into fleet, there are commands on how to do so for Linux. Windows, RPM, Debian..etc but not for firewalls and routers.
You can't install the agent in your routers/firewalls. You should configure your routers/firewalls to send syslog through UDP/TCP to your Elastic Agent hosted in a Linux/Windows host.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.