{ "name": "fortinet_fortigate", "title": "Fortinet FortiGate Firewall Logs", "version": "1.36.4", "release": "ga", "description": "Collect logs from Fortinet FortiGate firewalls with Elastic Agent.", "type": "integration", "download": "/epr/fortinet_fortigate/fortinet_fortigate-1.36.4.zip", "path": "/package/fortinet_fortigate/1.36.4", "icons": [ { "src": "/img/fortinet-logo.svg", "path": "/package/fortinet_fortigate/1.36.4/img/fortinet-logo.svg", "title": "Fortinet", "size": "216x216", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.11.0 || ^9.0.0" } }, "owner": { "type": "elastic", "github": "elastic/integration-experience" }, "categories": [ "security", "network", "firewall_security" ], "signature_path": "/epr/fortinet_fortigate/fortinet_fortigate-1.36.4.zip.sig", "format_version": "3.0.3", "readme": "/package/fortinet_fortigate/1.36.4/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/dashboard.png", "path": "/package/fortinet_fortigate/1.36.4/img/dashboard.png", "title": "Fortinet FortiGate Overview", "size": "3336x3120", "type": "image/png" } ], "assets": [ "/package/fortinet_fortigate/1.36.4/LICENSE.txt", "/package/fortinet_fortigate/1.36.4/changelog.yml", "/package/fortinet_fortigate/1.36.4/manifest.yml", "/package/fortinet_fortigate/1.36.4/validation.yml", "/package/fortinet_fortigate/1.36.4/docs/README.md", "/package/fortinet_fortigate/1.36.4/img/dashboard.png", "/package/fortinet_fortigate/1.36.4/img/fortinet-logo.svg", "/package/fortinet_fortigate/1.36.4/kibana/tags.yml", "/package/fortinet_fortigate/1.36.4/data_stream/log/manifest.yml", "/package/fortinet_fortigate/1.36.4/data_stream/log/sample_event.json", "/package/fortinet_fortigate/1.36.4/docs/knowledge_base/service_info.md", "/package/fortinet_fortigate/1.36.4/kibana/dashboard/fortinet_fortigate-d0cd8230-0c8b-11ed-bb95-158df2ca77e4.json", "/package/fortinet_fortigate/1.36.4/data_stream/log/fields/agent.yml", "/package/fortinet_fortigate/1.36.4/data_stream/log/fields/base-fields.yml", "/package/fortinet_fortigate/1.36.4/data_stream/log/fields/beats.yml", "/package/fortinet_fortigate/1.36.4/data_stream/log/fields/ecs.yml", "/package/fortinet_fortigate/1.36.4/data_stream/log/fields/fields.yml", "/package/fortinet_fortigate/1.36.4/data_stream/log/agent/stream/log.yml.hbs", "/package/fortinet_fortigate/1.36.4/data_stream/log/agent/stream/tcp.yml.hbs", "/package/fortinet_fortigate/1.36.4/data_stream/log/agent/stream/udp.yml.hbs", "/package/fortinet_fortigate/1.36.4/data_stream/log/elasticsearch/ingest_pipeline/default.yml", "/package/fortinet_fortigate/1.36.4/data_stream/log/elasticsearch/ingest_pipeline/event.yml", "/package/fortinet_fortigate/1.36.4/data_stream/log/elasticsearch/ingest_pipeline/login.yml", "/package/fortinet_fortigate/1.36.4/data_stream/log/elasticsearch/ingest_pipeline/traffic.yml", "/package/fortinet_fortigate/1.36.4/data_stream/log/elasticsearch/ingest_pipeline/utm.yml" ], "policy_templates": [ { "name": "fortinet_fortigate", "title": "Fortinet FortiGate logs", "description": "Collect logs from Fortinet FortiGate instances", "inputs": [ { "type": "logfile", "title": "Collect Fortinet FortiGate logs (input: logfile)", "description": "Collecting logs from Fortinet FortiGate instances (input: logfile)" }, { "type": "tcp", "title": "Collect Fortinet FortiGate logs (input: tcp)", "description": "Collecting logs from Fortinet FortiGate instances (input: tcp)" }, { "type": "udp", "title": "Collect Fortinet FortiGate logs (input: udp)", "description": "Collecting logs from Fortinet FortiGate instances (input: udp)" } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "fortinet_fortigate.log", "title": "Fortinet FortiGate logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "tcp", "vars": [ { "name": "syslog_host", "type": "text", "title": "Listen Address", "description": "The bind address to listen for TCP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "syslog_port", "type": "integer", "title": "Listen Port", "description": "The TCP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 9004 }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "fortinet-fortigate", "fortinet-firewall", "forwarded" ] }, { "name": "internal_interfaces", "type": "text", "title": "Internal Interfaces", "multi": true, "required": false, "show_user": false }, { "name": "external_interfaces", "type": "text", "title": "External Interfaces", "multi": true, "required": false, "show_user": false }, { "name": "internal_networks", "type": "text", "title": "Internal Networks", "description": "List of internal networks. Supports IPv4 and IPv6 addresses and ranges in CIDR notation. Also supports the named ranges listed [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/network-direction-processor.html#supported-named-network-ranges).", "multi": true, "required": false, "show_user": false, "default": [ "private" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" }, { "name": "tcp_options", "type": "yaml", "title": "Custom TCP Options", "description": "Specify custom configuration options for the TCP input.", "multi": false, "required": false, "show_user": false, "default": "framing: rfc6587\n#max_message_size: 50KiB\n#max_connections: 1\n" }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA timezone or timezone offset (e.g. `+0200`) to use when interpreting syslog timestamps without a timezone.", "multi": false, "required": false, "show_user": false }, { "name": "tz_map", "type": "yaml", "title": "Timezone Map", "description": "A combination of timezones as they appear in the Fortinet FortiGate logs, in combination with a proper IANA Timezone format (for example, Australia/Sydney or +10:00).", "multi": false, "required": false, "show_user": false, "default": "#- tz_match_value: (GMT+3:00)Kuwait,Riyadh\n# tz_replace_value: Asia/Kuwait\n" } ], "template_path": "tcp.yml.hbs", "title": "Fortinet firewall logs (tcp)", "description": "Collect Fortinet firewall logs using tcp input", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "udp", "vars": [ { "name": "syslog_host", "type": "text", "title": "Listen Address", "description": "The bind address to listen for UDP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "syslog_port", "type": "integer", "title": "Listen Port", "description": "The UDP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 9004 }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "fortinet-fortigate", "fortinet-firewall", "forwarded" ] }, { "name": "internal_interfaces", "type": "text", "title": "Internal Interfaces", "multi": true, "required": false, "show_user": false }, { "name": "external_interfaces", "type": "text", "title": "External Interfaces", "multi": true, "required": false, "show_user": false }, { "name": "internal_networks", "type": "text", "title": "Internal Networks", "description": "List of internal networks. Supports IPv4 and IPv6 addresses and ranges in CIDR notation. Also supports the named ranges listed [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/network-direction-processor.html#supported-named-network-ranges).", "multi": true, "required": false, "show_user": false, "default": [ "private" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "#read_buffer: 100MiB\n#max_message_size: 50KiB\n#timeout: 300s\n" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA timezone or timezone offset (e.g. `+0200`) to use when interpreting syslog timestamps without a timezone.", "multi": false, "required": false, "show_user": false }, { "name": "tz_map", "type": "yaml", "title": "Timezone Map", "description": "A combination of timezones as they appear in the Fortinet FortiGate logs, in combination with a proper IANA Timezone format (for example, Australia/Sydney or +10:00).", "multi": false, "required": false, "show_user": false, "default": "#- tz_match_value: (GMT+3:00)Kuwait,Riyadh\n# tz_replace_value: Asia/Kuwait\n" } ], "template_path": "udp.yml.hbs", "title": "Fortinet firewall logs (udp)", "description": "Collect Fortinet firewall logs using udp input", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "logfile", "vars": [ { "name": "paths", "type": "text", "title": "Paths", "multi": true, "required": false, "show_user": true, "default": [ "/var/log/fortinet-firewall.log" ] }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "fortinet-fortigate", "fortinet-firewall", "forwarded" ] }, { "name": "internal_interfaces", "type": "text", "title": "Internal Interfaces", "multi": true, "required": false, "show_user": false }, { "name": "external_interfaces", "type": "text", "title": "External Interfaces", "multi": true, "required": false, "show_user": false }, { "name": "internal_networks", "type": "text", "title": "Internal Networks", "description": "List of internal networks. Supports IPv4 and IPv6 addresses and ranges in CIDR notation. Also supports the named ranges listed [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/network-direction-processor.html#supported-named-network-ranges).", "multi": true, "required": false, "show_user": false, "default": [ "private" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "tz_offset", "type": "text", "title": "Timezone", "description": "IANA timezone or timezone offset (e.g. `+0200`) to use when interpreting syslog timestamps without a timezone.", "multi": false, "required": false, "show_user": false }, { "name": "tz_map", "type": "yaml", "title": "Timezone Map", "description": "A combination of timezones as they appear in the Fortinet FortiGate logs, in combination with a proper IANA Timezone format (for example, Australia/Sydney or +10:00).", "multi": false, "required": false, "show_user": false, "default": "#- tz_match_value: (GMT+3:00)Kuwait,Riyadh\n# tz_replace_value: Asia/Kuwait\n" } ], "template_path": "log.yml.hbs", "title": "Fortinet FortiGate logs (log)", "description": "Collect Fortinet FortiGate logs using log input", "enabled": false, "ingestion_method": "File" } ], "package": "fortinet_fortigate", "path": "log" } ] }