Installing and Configuring Logstash to Ingest Fortinet Syslogs

High quality content :)
Keep up the good work
+1 sub

youk

Thank you for the information video, can you suggest if in case i have multiple pods running and i am capturing logs of all application pods on one common persistent storage mounted /var/log what could be possible input string

TeenaKohli

thanks a lot bro. it very useful. Can you explain more about create index for firewall log?

anatchaisamretsin

Thank you
Can you please do cisco routers and switches integration

muhammedajsal

Hello Ali - @ 9:18 - how do you know that is the format? can you explain a bit more how you identify such a format?

seniortaco

What can I do if I don’t want to define the hosts for fortinet?
because I want to send the logs from multiple fortinet FW
Can I remove hosts line?

zaylinhtun

HI Ali, i have FortiAnalyzer and want to ingest the log to security onion, could i send it directly or should i have syslog vm between FAZ and security onion . what is the best scenario to do this . thanks for your help

rvibqsg

Nice Vid Ali - very helpful - Question - can Logstash conect securely to Elasticsearch using an API key instead of sending a username and password thru the .conf file? perhaps configuring such API key in the logstash.yml or placing it in the filexyz.conf file used to connect to elasticsearch. Generate the API key in Kibana with logstash-user role and index permissions to publish such logs from logstash into Elasticsearch. Thanks for your previous response to making such video series in Windows servers. - Cheers

seniortaco

I would like to see data from DB being pipelined with logstash and loaded into Elasticsearch 8.2.2

oghrvrh

Hi Ali, thank you for this video. Right now, we are facing issue to integrate log of Fortigate using We have an issue with the grok from Logstash to create indexing in Elasticsearch.

UntungRaharjo

كل الشكر و التقدير على هدا العمل الجميل شكرا اخي

bilelbenzerafa

which one is better depends on performance, send log via filebeat or via logstash?

silentreader

Nice Vid Ali
Can you make this Elastic, Kibana, Logstash Videos for Windows Server 2019/2022 or Windows 10?; and perhaps ingest data from an SQL Database server; if at all possible.
Thank You.

seniortaco

Hi Ali. Thank´s for the video. At this moment I am getting an error which does not allow me to continue. The port is occupied by java, therefore when starting the logstash it tells me "The address is already being used (bind) port: 5144". (Address already in use - bind)

SnakeFredy

logs are not coming to elastic search from syslog server. we done as "enroll in fleet" way? can u pls help me with this issue ?

samiyamusthafa

Very nice. Thank you. Esselamu Aleykum.

ati

Great video, tnx! But why you use this primitive Putty instead let's say... MobaXTerm or another handy client?

ToadRash-muln

Why is that required? I'm new to elastic but I understand from their documents that they have Fortinet integration so I would expect them to be able to parse that without me doing all that stuff manually?

Wolfhound_

Hi, it is possible to write SNMP input plugin or it is hard work?

dv

how we can get the log from more thaan 1 network device forti ?

iswariafala