Hello,
I am currently receiving the logs from fortinet through the integration “Fortinet FortiGate Firewall Logs” which works without problem.
If I log into logstash and run a tcpdump I can see the logs being received.
I am trying to create a .conf file to forward a copy of those logs to another SIEM which requires me to be in CEF format, could you help me to build the .conf?
Is this example correct?
input {
tcp {
port => 1111
}
}filter {}
output
tcp {
host => "192.168.1.2"
port => 2222
codec => cef {}}
}