Fortinet FortiGate

Did they take down the fortinet content pack?

I can't seem to get the cpu, avg bytes, etc utilization graphs to populate. Changed the source per my comment below to my FW. Not sure if my FortiGate supports this. Running 5.4.4 firmware..Anyone get the system activity graphs working?

I just installed this and noticed no graphs/data was populating in the dashboards. You have to edit the widgets in the dashboard. Unlock when in a dashboard, and click the pencil icon in bottom right. Change the "source:fwf92d3g14000548" to the id of your firewall. Check you stream or input and look for the name under source for your firewall and substitute it for the fwf92d3g14000548.

Hi All i have same problem i have imported fortigate collector changed json file with name and port but i don't see populated graph, somebody can help me?

So more good news. This allowed me to identify a top malicious being blocked by my Fortinet, which in turn allowed me to associate it with a suspicious AD/content on the CT Harford Courant website.

I got it working! See my posts on Github. Cheers!

I noticed that most Dashboard widgets search queries start with: source:fwf92d3g14000548. Where is this value declared? My Input is placing a different value using the Fortigate server hostname. Is this what is breaking the reports?

Still no data on any of the dashboards. Can anyone shed light on this, or have gotten it working?

Okay, the Extractors get imported into Graylog / System / Imputs / Manage Extractors / Import

Where do we import the Extractors? I tried under Graylog / System / Grok Patterns / but after its successfully accepted file, extractors do not show in list.

I am testing this too! Just installed it on my Graylog 2.2.3 on Ubuntu 16. I also do not see a pre-defined Stream. How does the Dashboards get populated with traffic going to Input UDP/3000?

I have the messages coming into the Graylog server, however none of the dashboards are showing information.
The extractors are there, but there is no Stream for this content pack. Is this correct?