Sending fortinalyzer logs to SIEM

Hello Community

Are the fortianalyzer supported by filebeat? if yes can you help me with its configuration at filebeat level by specifying the part to be addressed?

Thanks,

Hello Community,

Are there any expert can help me about that

Best rerads,

Do you means the Logs forwarded by the Fortianalyzer or the fortianalyzer logs itself?

You can check the documentation of the Fortinet integration.

It looks like it is supported:

fortimanager dataset: supports Fortinet Manager/Analyzer logs.
1 Like

Hello leandropjmp,

Thank you for the feedback. Sends logs received by fortianalyzer (fortinet products) to the SIEM ELK. is it supported?

Thanks,

There are some integrations in the Elastic Agent.

Did you check the link in the previous post? Please, check the link for the documentation.

1 Like

thank you for your reactivity, I saw it is compared to elastic agent. My need is to use filebeat module instead of elastic agent. The configuration made on my side at the fortinet module level: But I can't receive the logs at the SIEM level.

  fortimanager:
    enabled: true

    # Set which input to use between udp (default), tcp or file.
     var.input: udp
     var.syslog_host: 0.0.0.0
     var.syslog_port: 9004

Thanks