Fortinet UTM Firewall

Content Pack

Fortigate UTM content pack contains extractors, a stream, a dashboard displaying the last 24 hours of activity, and a syslog tcp input.

alias454

free!

Download from Github View on Github 0 5

Published

16 Dec 20:16

Last Push

09 Jul 22:14

Marketplace Rating

No rating yet

Discussion

4 Comments

Readme from Github

================ graylog-fortinet-content-pack

Fortigate UTM content pack contains extractors, a stream, a dashboard displaying the last 24 hours of activity, and a syslog tcp input. This was heavily inspired by another fortigate content pack created by juiceman84, which is located here https://github.com/juiceman84/Fortigate_Content_Pack

note

See the full `Graylog content pack instructions
<http://docs.graylog.org/en/2.1/pages/sending_data.html#content-packs>`_.

Known Issues

Graylog started processing Fortinet and Cisco logs when using the syslog input type so an alternate content pack was added. Support using the RawExtractor trying to fix a bug with creation of new sources was submitted by @SmartIdeas01

Provided Content

A Dashboard: FortiGate Network and System Activity - Last 24 Hours A Stream: Networking - Fortinet FW An Input: fortinet-tcp-input on port 11514 Alternate Input: FortiGate RawExtractor on port 11512 And many extractors

Setup Notes

FortiGate Firewall with SYSLOG configured.

Import the Content Pack
Update the stream rule with your device name
Point FortiGate syslog to Graylog

Your Rating

Please sign in to rate this add-on.

Comments

tjbutt58 about 1 year ago

Is there any chance to get this updated to Graylog 3.0?
I had a working config which Upgraded OK, lost it, and now cannot import this content pack to 3.0

alias454 over 3 years ago

Are all of the extractors setup on your UDP stream?

Guruleenyc over 3 years ago

I have FortiGate already indexing at syslog udp/1514 and I have updated the Stream to see my messages, but the dashboard is still blank. Do I have to use the included tcp input that is part of the content pack?

Guruleenyc over 3 years ago

Anyone test this, does it work with Graylog 2.2.3?

Please sign in to comment.

Back to listing