I have never used filebeat for parsing the fortigate logs. I have consulted several pages on the internet about this.
I concluded that the best approach is to install Filebeat at the logstash server, after activating the fortigate filebeat module and listening on a port (For example 9001). We shall configure fortigate to send logs to the logstash server address via the configured port.
My question :
Are the steps I mentioned correct?