Closed leweafan closed 7 months ago
Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
Hi! We just realized that we haven't looked into this issue in a while. We're sorry!
We're labeling this issue as Stale
to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1
.
Thank you for your contribution!
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)
Closing issue as the Fortinet Fortimanager fileset was deprecated in 8.12.0.
We recommend moving to the Fortinet FortiManager Logs Elastic integration.
Describe the enhancement: Filebeat module Fortinet (FortiManager fileset) needs new parsing for Fortimanager 7.2.1 (build1215 220809)
Describe a specific use case for the enhancement or feature: Current filebeat module for Fortinet FortiManager uses local js script based on kv filter which can't be used for new log format.
Old format:
New format:
Link to Fortinet documentation - FortiManager 7.2.1 event log message example
Please find more log examples here.
You can find demo ingest pipeline created for FortiManager 7.2.1 here
To test it execute from Dev console: