Open mylesagray opened 3 years ago
Comment written by shiv singh on 11/20/2013 11:50:04
FortiOS v5.0 but command used very affectable...gui form user friendly....what is new version fortios .....
Comment written by Justin Hobson on 12/05/2013 03:23:16
Does Splunk with Fortinet app support FortiOS 5.0.5? Trying to run this and not having great success, searching online and no other sites believe Splunk works with v5.0.x also ?
Comment written by Myles Gray on 12/05/2013 12:00:01
Splunk does work with v5.0.4 at least (it works as a syslog server and the reporting works to SOME extent) not sure on 5.0.5 we haven't worked on this much more since 5.0.4 as we've had more important projects.
I will check this out though, if it doesn't work it shouldn't take too much work out what's broken in the Fortinet app (likely column name changes etc).
Comment written by Jack on 04/03/2014 10:20:51
Dear Myles Gray,
I have a Fortigate 100D with FortiOS 5.06 , this is my setting
config log syslogd setting
set status enable
set server "192.168.7.4"
set reliable disable
set port 515
set csv disable
set facility alert
set source-ip 192.168.9.2
end
I have a Splunk server on server 192.168.7.4 listening on port 515 TCP, my switchs can forward log to it normally, but I cannot get Fortigate works. Splunk server doesn't receive any logs from Fortigate
Comment written by Myles Gray on 04/17/2014 14:40:03
Jack, we actually have moved on from Splunk to trialling a Logstash/ElasticSearch/Kibana stack as it is:
a) free
b) easy to configure and get the data we want
I'll be putting a post up about this soon.
You're sure you've enabled 515 TCP on your iptables? Did you check the output of `netstat -tlp` on your Splunk box to see if the port is listed?
Comment written by TT on 05/01/2014 22:45:34
Can you share the config file of logstash for fortigate
Comment written by Myles Gray on 05/06/2014 07:15:01
I'll put this info up soon once we have it operating how we expect and i'll do a full guide.
Comment written by Edzilla on 05/22/2014 14:35:00
I'd be very interested as well.
We're currently working on a logstash+elasticsearch+kibana setup, but not getting really anywhere yet.
Comment written by David Fabry on 06/10/2014 23:01:26
Sounds all wonderful but the information is SO scarce. I just sopped at logstash+elasticsearch+Kibana and I'm on a loop tryng to figure it out. I'm very interested in the setup too !!
Comment written by herringchoker on 07/02/2014 02:36:18
To set the level of messages you want to see:
config log syslogd filter
set severity warning
Comment written by Raul Recinos on 08/12/2014 22:30:44
Dear Myles, have any tutorial or can help me set Logstash / ElasticSearch / Kibana, to store / display my Fortigate logs?
Comment written by Vedat Nommaz on 09/01/2015 08:12:07
Hi Myles, have you posted this guide yet?
Comment written by Myles Gray on 09/01/2015 08:17:27
It never happened Vedat unfortunately
Written on 09/18/2013 19:49:28
URL: https://blah.cloud/hardware/syslogd-fortios-5-0-4/