Hi all,
How do I get correct country source in all my fortigate logs? Currently all my logins are showing from a random country for VPN.
From Elasticsearch to SIEM
I've moved this to the SIEM forum
1 Like
Hi @SandeshS
Did you read GeoIP processor | Elasticsearch Guide [8.14] | Elastic
I'm not using Fortigate but it works for other firewalls like panw. It should work for you when:
ingest.geoip.downloader.eager.downloadis set to true- your fortigate pipeline uses a
geoipprocessor
Check your elasticsearch logs if it doesn't work (and your firewall logs, maybe you are blocking https://geoip.elastic.co/v1/database )
Willem
Hi @willemdh, thank you for the suggestion. But as I'm totally unaware, can you help me tell where I can make this change?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.