Fortigate Firewall Logstash Grok filter

I’ve been playing with Logstash recently, just this week I was asked to import a Fortigate firewall log. I did this by putting up a logstash syslog interface on a specific port, tagging the inbound traffic as type=fortigate and then using a simple RE and the kv{} filter to parse the log.

The gist can be seen here, or embedded below:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>