Create Different "Index Management" and "Index Pattern" For Different Firewall Devices

Xenial · January 18, 2022, 9:41am

Hello Team,

I want to create Dashboarding system (SIEM) For two different firewall device (Panorama Palo Alto, Fortianalyzer Fortinet). I want to use Filebeat Modules PANW and FORTINET. How i create 2 Index Management and 2 Index Pattern to separate 2 Log
PANW From port 5514(UDP)
Fortinet From port 5515(UDP).

I've create dashboarding using filebeat PANW and 1 Index management and index pattern.

Index Management For PANW

Index Pattern1
Index Pattern For PANW

Fortinet yml
Fortinet.yml

Anyone can help me for configure this thing?

Thankyou

stephenb · January 19, 2022, 5:31pm

You should not need to create separate indexes and index patterns there is no need to, in fact it will make it more difficult both data sets / FWs going into filebeat* indices will be fine and is how elastic is designed.

Each Document will have an event.dataset fields that will distinguish them.

Just configure the new module...
Then IMPORTANT run setup again....
filebeat setup -e

Then start filebeat for the new FW and it should work.

system · February 16, 2022, 5:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Creating different indexes for different modules from filebeat Beats filebeat	8	964	December 28, 2021
How to Create different index pattern for different filebeat server? Beats filebeat	5	2812	March 28, 2019
Creating Dashboard for apache access logs using Filebeat Beats filebeat	74	3329	June 29, 2023
Multiple index Pattern Logstash	5	1129	October 8, 2018
Filebeat and Fortinet Beats filebeat	2	237	May 30, 2022

Create Different "Index Management" and "Index Pattern" For Different Firewall Devices

Related Topics