I have a FortiGate 200E firewall and I can see the logs reaching the filebeat machine (using tcpdump listening on port 9004). but filebeat doesn't process them ( no logs in discover tab the output of journalctl -xeu filebeat | grep forti is empty).
Fortinet module is enabled and other filebeat modules are working correctly.
ELK version is 7.8
Hi!
Could you run Filebeat in debug mode (https://www.elastic.co/guide/en/beats/filebeat/current/enable-filebeat-debugging.html) and check if there is anything interesting in the logs?
C.
So something weird happened. after restarting filebeat service the logs are now processing but when i want to see them in discover tab the timestamp is +4:30, same as my timezone. if i change time range to "5 hours from now" i can see them in discover tab. if i query logs via API the timestamp is correct.
should i open a new topic for it?
We can open a new topic yes for better context awareness.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.