Yes, it works now for FortiGate firewall.
I have tweak a bit. I copied some from other people's posts.
Thanks a lot, Krunal.
input {
udp {
port => 5514
type => "syslog"
}
}
filter {
mutate {
gsub =>
["message", ": ", ":",
"message", "^<[0-9][0-9][0-9]>", ""]
}
kv { }
if [msg] {
mutate {
replace => [ "message", "%{msg}" ]
}
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}