Installing and Configuring Filebeat Fortinet Module
HTML-код
- Опубликовано: 11 сен 2024
- #elasticsearch #filebeat #kibana #logstash #fortigate #fortinet
In this video, I install and configure Filebeat to receive logs from a FortiGate firewall and send them to Elasticsearch.
Check out my tutorial on installing and configuring Elasticsearch and Kibana:
• Installing and Configu...
Thank you for watching!
Follow my Twitter: / ayounes9
Follow my Blog: www.thelionpin...
Excellent video, I followed you step by step and the implementation was a success!!!
Nice Vid Ali, it's very helpful to see such log ingestion variants like filebeat. Question: When setting up an API Key to authenticate to Elasticsearch, the "ssl and finger print" section are not required right? Also, It would be awesome to see this Vid on Windows a configuration; if at all possible. - Cheers
Thank you Sir..Hope you upload more video about ELK stack ☺️☺️
HI Ali, more over API key, if this is in use the username and password are not need to authenticate? This is to avoid putting the username and password on the configuration file for security reasons....
Sir,thanks for your share,hope you have good day every day
Sorry for the question, I didn't understand, IP 192. 168 .25 .10 and port 9004 that you indicated in the firewall, and filebeat address?
in this case the firewall is sending logs to port 9004 directly to filebeat?
I didn't see you setting the port in the filebeat configuration.
Hi Ali. Thank you for the awesome work. Just a request, is it possible to make another video for shipping Fortigate logs using elastic-agent please. Also more videos on visualizing Fortigate logs. Thanks
Thank you Theo, I'm glad you found the videos helpful!
I made a video on setting up Fleet server and Agents and used the Fortinet integration in the Agent as my demo:
ruclips.net/video/UHQrOdwUg68/видео.html
What kind of logs from the Fortigates do you want to visualize?
good videos
Thank you Sir, Pleas are the fortianalyzer supported by the filebeat?
Please make video on Fleet server integration with agent
I am trying to receive inputs from a machine with filebeat, only /var/log/*.log and I don´t know how to configure kibana to see the inputs.
Can you help me?
Best regards.
Hi, ca we send log from fortigate directly to logstash/elasticsearch withtout filebeat? I mean, Why do most tutorials always use Filebeat?
Yes you can send to Logstash without Filebeat. I have this tutorial explaining how to install Logstash and send Fortigate logs to it:
ruclips.net/video/Tp5dI-GDerM/видео.htmlsi=9XJLRCBk_R91-BZk
Hi , can you please after installing and configuring filebeat i enabled logging level and given path in my vm for errror logs now i want them to ship to logstash but those logs.can you tell where to configure it
do you have a git for the confugations?
i cant understand the difference between logstash and filebeat, why not using just filebeat instead of logstash?
same with me lol!
please integrate fortinet firewall with elastic agent
I have been struggling to setup this for my environment.
Thanks
Can you please do cisco routers and switches integration
Currently I don't have any Cisco devices, maybe in the future I'll try to purchase some virtual appliances. I would love to do some content with Cisco devices
@@AliYounesGo4IT please do firewall integration with elastic agent
@@AliYounesGo4IT sir can you upload tutorial for elastic agent and managed elastic agent with fleet☺️
@@AliYounesGo4IT Sorry for the question, I didn't understand, IP 192. 168 .25 .10 and port 9004 that you indicated in the firewall, and filebeat address?
in this case the firewall is sending logs to port 9004 directly to filebeat?
I didn't see you setting the port in the filebeat configuration.
@@pedrobernardes3501 yes, Filebeat is installed on 192.168.25.110 in this case, and it will listen on port 9004, so on the Linux system you should open UDP port 9004, and on the firewall syslog settings you specify it to send to 192.168.25.110 on port 9004
Hi Thank you for tutorials. But we have files on syslog server. We are trying to use var.input: file and var.path: /path/to/*.log We are not able to make it work. It was working in previous versions. any ideas?
any luck ?
i follow you step by step and i did what you did but i don't receive the fortinet logs , i receive the logs of elk server (filebeat collect the elk logs not fortinet ) i send you a message in twitter but any response plz help
I had the same problem. Did you manage to figure out what went wrong?
Looks like filestream is introduced through templates.
Yes that's right, Filebeat, or Beats in general, will create a data stream and the template by default.
Any views, how to use it for modules. Modules are also not working.