FortiGate Firewall

lcguy · April 24, 2018, 3:37pm

Yes, it works now for FortiGate firewall.
I have tweak a bit. I copied some from other people's posts.

Thanks a lot, Krunal.

input {
udp {
port => 5514
type => "syslog"
}
}

filter {
mutate {
gsub =>
["message", ": ", ":",
"message", "^<[0-9][0-9][0-9]>", ""]
}

kv { }

if [msg] {
mutate {
replace => [ "message", "%{msg}" ]
}
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}

Topic		Replies	Views
[Working example]Fortigate config for Logstash Logstash	2	16035	December 19, 2017
Logstash - Syslog Help - I am a total pleb Logstash	6	1327	January 2, 2018
Sidewinder Firewall Syslog Logstash	4	535	May 23, 2018
Grok parsing, still not solved Logstash	15	575	March 13, 2019
Fortinet firewall logs in ELK Logstash	4	2898	January 27, 2020