Fortigate Firewall Logstash Grok filter

I’ve been playing with Logstash recently, just this week I was asked to import a Fortigate firewall log. I did this by putting up a logstash syslog interface on a specific port, tagging the inbound traffic as type=fortigate and then using a simple RE and the kv{} filter to parse the log.

The gist can be seen here, or embedded below:

Leave a Reply

Your email address will not be published. Required fields are marked *