Filebeat installation on FortiOS

anon56147639 · August 10, 2020, 3:53pm

Hi everyone!
I'd like to use the Filebeat Fortinet module to send the firewall log files to my logstash server.
However, I can't execute the cURL command mentioned in the Filebeat installation reference. I'm referring to this guide: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation.html

The command line interface in FortiOS doesn't seem to support this command.
Has anyone successfully installed Filebeat on FortiOS and if yes, how did you do it?

Any help is appreciated

rossw · August 11, 2020, 10:13pm

Hi there
The Fortinet module is NOT installed on the Fortinet devices, but is enabled on the server where you are running your Filebeat instance (which may or may not be the same server where your Logstash is running). You still need to get your Fortinet devices to send their logs (using syslog) to a server, and then you have two choices:

you can get some form of syslog receiver to receive the syslogs from the Fortigates, and write them to a file, and then get the Filebeat to read from those files or
Have the Filebeat listen directly on the incoming network port for the syslog messages (either port 514 or a dedicated port for the Fortinet logs) and process them directly.

Good Luck

Ross

anon56147639 · August 12, 2020, 10:19am

Ok, that makes sense! Thank you so much for your help!

system · September 9, 2020, 12:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.