Hi All -
I'm new on elasticsearch. We do have got requirment for log analysis for networks devices log , we are getting all the logs in one syslog server and installed filebeat on same server sending logs to elastic , but how to parse the message like below which is from Fortinate network devices. Any help suggestion/idea apprciated.
Starting from Fortinate later on few more network verndors log we need to perform.
Jul 23 09:50:08 s1faz-adm.fmss.gov.ie logver=54 dtime=1563875405 devid=FG100E4Q17009534 devname=s1fw-cluster-in vd=INTERNAL-FW date=2019-07-23 time=09:50:05 logid=0000000013 type=traffic subtype=forward level=notice srcip=10.20.20.200 srcport=64750 srcintf="vpn_dc2" dstip=192.168.111.14 dstport=514 dstintf="port7.760" poluuid=2cd8f57c-2f78-51e9-92db-d8e8bf1974f6 sessionid=999197142 proto=17 action=accept policyid=75 policytype=policy dstcountry="Reserved" srccountry="Reserved" trandisp=noop service="SYSLOG" duration=180 sentbyte=257 rcvdbyte=0 sentpkt=1 rcvdpkt=0 appcat="unscanned"