Hi All,
Thanks for helping me sort out my previous issue which is about FortiGate firewall FortiGate Firewall
I have another one which is Sidewinder firewall.
Can anyone guide me which is the simple way to parse in logstash.
Here is sample Syslog. I would like to extract source ip, dstip, srcport, dstport, dst_geo, application,etc.
<133>Oct 30 00:02:02 sw1 auditd: date="2013-10-30 05:02:02 +0000",fac=f_dns_proxy,area=a_proxy,type=t_nettraffic,pri=p_major,pid=2083,logid=0,cmd=dnsp,hostname=sw1.dtc.local,event="session end",netsessid=686a0527092ca,srcip=10.38.1.28,srcport=61132,srczone=internal,protocol=17,dst_geo=RU,dstip=83.xx4.xx.228,dstport=53,dstzone=external,bytes_written_to_client=185,bytes_written_to_server=42,rule_name="Outbound Web_4",cache_hit=1,start_time="2013-10-30 05:02:02 +0000",application=DNS
<133>Oct 30 01:22:20 sw1 auditd: date="2013-10-30 06:22:20 +0000",fac=f_dns_proxy,area=a_proxy,type=t_nettraffic,pri=p_major,pid=2083,logid=0,cmd=dnsp,hostname=sw1.dtc.local,event="session end",netsessid=3ea405270a59c,srcip=10.38.1.28,srcport=61132,srczone=internal,protocol=17,dst_geo=US,dstip=4.53.58.200,dstport=53,dstzone=external,bytes_written_to_client=241,bytes_written_to_server=41,rule_name="Outbound Web_4",cache_hit=1,start_time="2013-10-30 06:22:20 +0000",application=DNS