Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filebeat integration #23

Closed
fredtj opened this issue Jul 1, 2020 · 4 comments
Closed

Filebeat integration #23

fredtj opened this issue Jul 1, 2020 · 4 comments

Comments

@fredtj
Copy link

fredtj commented Jul 1, 2020

Hello,

Is it possible to skip Logstash and use the new Filebeat Fortinet module?

Regards
@enotspe
Copy link
Owner

enotspe commented Jul 1, 2020

Kv will work. You will need to work on timestamp and field translation though

@fredtj
Copy link
Author

fredtj commented Jul 2, 2020

Just had a further look at this and the problem I'm having is that all my logs are sent to the same port from Fortianalyzer, the Fortinet module in Beats is accepting the different logs on the same port. The logstash pipeline here expects the different types of logs on different ports. I guess I just need to adjust that to get things to work.

@enotspe
Copy link
Owner

enotspe commented Jul 2, 2020

you can create multiple syslog forwarders on faz, each one of them sending to different ports

@fredtj
Copy link
Author

fredtj commented Jul 2, 2020

just had a look and not noticed that before, thanks!

@enotspe enotspe closed this as completed Sep 1, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@enotspe @fredtj