fortigate ELK

# # Configure syslog filtering # for the Fortigate firewall logs # filter { mutate { add_tag => [“fortigate”] add_field => [ “zabbix_host”, “fw.hq.aoe.lan” ] } grok { match => [“message”, “%{SYSLOG5424PRI:syslog_index}%{GREEDYDATA:message}”] overwrite => [ “message” ] tag_on_failure => [ “failure_grok_fortigate” ] } kv { } if [msg] { mutate { replace => [ “message”, […]