Scenario: I want to create a syslog server for CISCO SW and Fortigate Firewall, I configured my FG to send log to ELK server. I tested with tcpdump
and data recieved on the given port.
I found two way and I don't know choose the correct way:
fortinet
module inkibana
- This guide: GitHub - enotspe/fortinet-2-elasticsearch: Fortinet products logs to Elasticsearch
Which one is better and why? And if you have a recommenedation you make me happy.....
UPDATE:
By the way, deep of log is very impportant.