Hey guys,
First of a few details about my cluster:
Cluster of 3 Servers - 1xMaster 2xData Nodes
All of them are running ES 7.8 Filebeat 7.8 (ofc Kibana as well on the master node)
OS: CentOS 7 (Kernel 3.10.0-957)
I noticed that there now was a Fortinet Module within Filbeat - and i decided to try it out.
Fortinet Config:
- module: fortinet
firewall:
enabled: true
# Set which input to use between tcp, udp (default) or file.
var.input: udp
# The interface to listen to syslog traffic. Defaults to
# localhost. Set to 0.0.0.0 to bind to all available interfaces.
var.syslog_host: X.X.X.X
# The port to listen for syslog traffic. Defaults to 9004.
var.syslog_port: Y.Y.Y.Y
It works, i recieve the logs from around 15 devices. But today i noticed that my /var/log/message -file is exploding since the activation of the Fortinet-Module.
I get the following error:
{"type":"mapper_parsing_exception","reason":"failed to parse field [fortinet.firewall.assignip] of type [ip] in document with id '5l6cVnMBP7KwE6GF3kEA'. Preview of field's value: 'N/A'","caused_by":{"type":"illegal_argument_exception","reason":"'N/A' is not an IP string literal."}}
Jul 16 09:53:07 datanode02 filebeat: 2020-07-16T09:53:07.078+0200#011INFO#011[publisher]#011pipeline/retry.go:221#011retryer: send unwait signal to consumer
Jul 16 09:53:07 datanode02 filebeat: 2020-07-16T09:53:07.078+0200#011INFO#011[publisher]#011pipeline/retry.go:225#011 done
Any ideas how to get rid of it? I just cannot keep an eye this log file forever.
Kind regards,
Moritz