Skip to content

Instantly share code, notes, and snippets.

@rk295
Last active June 9, 2021 11:45
Show Gist options
  • Save rk295/6fb03c65b49273548212 to your computer and use it in GitHub Desktop.
Save rk295/6fb03c65b49273548212 to your computer and use it in GitHub Desktop.
Fortigate Firewall Logstash Grok filter
input {
syslog {
type => "fortigate"
port => 5001
}
}
filter {
if [type] == "fortigate" {
grok {
match => [ "message", "<(?<ruleID>.*)>(?<msg>.*)" ]
}
kv { source => "msg" }
geoip { source => "dst" }
}
}
output {
elasticsearch {
embedded => false
}
#stdout { codec => rubydebug }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment