Hi,
Please, can someone help me to create a filter grok to separate the fields of logs that came from a Fortigat firewall.
This is an example of log :
May 9 09:40:15 frkeofwglo01 date=2018-05-09 time=09:40:15 devname=frkeofwglo01 devid=FG900D3916800170 logid=0000000013 type=traffic subtype=forward level=notice vd=frkeofwin01 srcip=x.x.x.x srcport=17473 srcintf="INT-PROXYs" dstip=x.x.x.x dstport=443 dstintf="KEO-INT_DMZ" poluuid=c77d5f40-a592-51e6-c3c6-8cd462826a48 sessionid=4130745007 proto=6 action=close policyid=382 policytype=policy dstcountry="France" srccountry="Reserved" trandisp=noop service="HTTPS" duration=3 sentbyte=1114 rcvdbyte=4013 sentpkt=14 rcvdpkt=12 appcat="unscanned" devtype="Router/NAT Device" mastersrcmac=74:a0:2f:29:e5:06 srcmac=74:a0:2f:29:e5:06