fortinet-logs Log Parser

« fortinet-logs »
v0.1 by crowdsecurity
Log parser

Parse fortinet logs

Installation

cscli parsers install crowdsecurity/fortinet-logs

Description

## Fortinet Logs Parser

Fortinet log parser. More information in Fortinet documentation

YAML Configuration

1onsuccess: next_stage
2#debug: true
3filter: "evt.Parsed.program == 'fortinet' && ParseKV(evt.Parsed.message, evt.Unmarshaled, 'fortinet') in [nil, '']"
4name: crowdsecurity/fortinet-logs
5description: "Parse fortinet logs"
6statics:
7  - meta: service
8    value: fortinet
9  - meta: sub_type
10    expression: "evt.Unmarshaled.fortinet.subtype"
11  - target: evt.StrTime
12    expression: evt.Unmarshaled.fortinet.date + ' ' + evt.Unmarshaled.fortinet.time
13  - meta: source_ip
14    expression: "evt.Unmarshaled.fortinet.remip"
15  - meta: action
16    expression: "evt.Unmarshaled.fortinet.action"
17  - meta: tunnel_type
18    expression: "evt.Unmarshaled.fortinet.tunneltype"
19  - meta: reason
20    expression: "evt.Unmarshaled.fortinet.reason"
21  - meta: msg
22    expression: "evt.Unmarshaled.fortinet.msg"
23  - meta: target_user
24    expression: "evt.Unmarshaled.fortinet.user"

Hub configuration

« fortinet-logs »v0.1 by crowdsecurityLog parser

« fortinet-logs »
v0.1 by crowdsecurity
Log parser