search

juiceman84 / Fortigate_Content_Pack

Initial Revision
MIT License
16 stars 24 forks source link

Dashboards Show No Data #5

Closed Guruleenyc closed 7 years ago

Guruleenyc commented 7 years ago

I'm running Graylog 2.2.3; I imported JSON successfully, Imported Extractors successfully, Pointed Fortigate 5.2 to Input on UDP/30000. However, related dashboards are empty with data. Can someone help?

Guruleenyc commented 7 years ago

Fix: The dashboard was empty because the source name was wrong/miss-match in the content pack JSON.

  1. Delete all Fortigate's dashboard and input

  2. Open fortigate_content_pack.json with notepad++ and replace the source with the source name of my fortigate and modify the UDP port if different. (Use notepad++ because the source name is use 20 times and udp port 2 times).

  3. Save JSON file.

  4. Re-Import the pack JSON and the Input extractors.

  5. Verify with fortigate's dashbord, the name of source.

Many thanks to kuroboshii

arrez commented 7 years ago

I did as you wrote but my dashboards are stil empty. Do i need to create a stream of some sort? Tnx for the help so far 👍