Hello,
In fact, I have to explain a little more.
So, the structure of the logs that I receive is not identical everywhere.
I get the raw firewall logs of: PaloAlto and Fortigate
and I also get the WAF logs: F5 and Deny All.
and I created only one configuration file that I named "firewall.conf" to receive all that.
That's why there are messages that are partially parsed and others not with kv. I show below an extract of each one's logs to see what his structure looks like. What interests me most is the firewall logs
PaloAlto: the fields are separated by |
|usrName=|SourceUser=|DestinationUser=|Application=not-applicable|
Foritgate: the fields are separated by spaces
date=2018-06-04 time=12:49:09 devname=FG-B
thank you in advance