Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About starbursthub
starbursthub
New Member
Member since:
12-15-2015
06-05-2020
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 12-15-2015 |
Activity Feed
- Posted Re: I am able to search syslog data from Fortigate, but why do I get no results in the Fortinet FortiGate App for Splunk? on All Apps and Add-ons. 12-23-2015 06:22 PM
- Posted Re: I am able to search syslog data from Fortigate, but why do I get no results in the Fortinet FortiGate App for Splunk? on All Apps and Add-ons. 12-23-2015 06:01 PM
- Posted Re: I am able to search syslog data from Fortigate, but why do I get no results in the Fortinet FortiGate App for Splunk? on All Apps and Add-ons. 12-23-2015 06:00 PM
- Posted Re: I am able to search syslog data from Fortigate, but why do I get no results in the Fortinet FortiGate App for Splunk? on All Apps and Add-ons. 12-20-2015 10:15 PM
- Posted Re: I am able to search syslog data from Fortigate, but why do I get no results in the Fortinet FortiGate App for Splunk? on All Apps and Add-ons. 12-16-2015 05:56 PM
- Posted Re: I am able to search syslog data from Fortigate, but why do I get no results in the Fortinet FortiGate App for Splunk? on All Apps and Add-ons. 12-16-2015 05:53 PM
- Posted I am able to search syslog data from Fortigate, but why do I get no results in the Fortinet FortiGate App for Splunk? on All Apps and Add-ons. 12-15-2015 01:40 AM
- Tagged I am able to search syslog data from Fortigate, but why do I get no results in the Fortinet FortiGate App for Splunk? on All Apps and Add-ons. 12-15-2015 01:40 AM
- Tagged I am able to search syslog data from Fortigate, but why do I get no results in the Fortinet FortiGate App for Splunk? on All Apps and Add-ons. 12-15-2015 01:40 AM
- Tagged I am able to search syslog data from Fortigate, but why do I get no results in the Fortinet FortiGate App for Splunk? on All Apps and Add-ons. 12-15-2015 01:40 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
12-23-2015
06:22 PM
The event entry I see in search result is as what I have posted earlier (info masked):
2015-12-16T09:09:53.109439+08:00 zzz.zzz.zzz.zzz date=2015-12-16 time=09:09:53 devname=Fortigate-60 device_id=FGT-xxxxx log_id=xxxxx type=event subtype=dhcp pri=information vd=root dhcp_msg="Ack" dir=Sent mac=xx:xx:xx:xx ip=xxx.xxx.xxx.xxx lease=1800 hostname="aaaa" msg="Assigns IP address/configuration parameters to the client"
... View more
12-23-2015
06:01 PM
One screen shot is the traffic dashboard which I select last 30 days and there is not data at all. No device.
Second screen shot is i search for sourcetype=fortigate for last 7 days with results listed.
... View more
12-23-2015
06:00 PM
I have done 2 screenshots how do i upload here? I m not putting them on-line so i dont have a url.
... View more
12-20-2015
10:15 PM
Hi Jerry, thank you for your suggestion.
This is the orginal stanza in my
/opt/splunk/etc/apps/Splunk_TA_fortinet_fortigate/default/props.conf:
[source::*]
[source::udp:514]
TRANSFORMS-force_sourcetype_fgt = force_sourcetype_fgt_traffic,force_sourcetype_fgt_utm,force_sourcetype_fgt_event
SHOULD_LINEMERGE = false
I have added [fortigate] as suggested by you, as follows, but it doesnt seem to work. After I edited the file, i restarted splunk and run the app but there is still 0 device and nothing detected on the charts/dashboards.
Mine is a fortigate-60 running fortiOS 5.2, is this (Fortinet app for fortigate) the correct app to use or should i use app for fortiOS5? I have tried both but they have same issue...
[source::*]
[fortigate]
[source::udp:514]
TRANSFORMS-force_sourcetype_fgt = force_sourcetype_fgt_traffic,force_sourcetype_fgt_utm,force_sourcetype_fgt_event
SHOULD_LINEMERGE = false
... View more
12-16-2015
05:56 PM
does the index matter? I'm using the default index i.e "main".
... View more
12-16-2015
05:53 PM
By the way I have also tried using Splunk App for FortiOS5 + its Add-On. I re-index my fortigate data with sourcetype="fortios5".
I still don't get any display on the dashboard.
Here's a masked sample of my syslog message
2015-12-16T09:09:53.109439+08:00 zzz.zzz.zzz.zzz date=2015-12-16 time=09:09:53 devname=Fortigate-60 device_id=FGT-xxxxx log_id=xxxxx type=event subtype=dhcp pri=information vd=root dhcp_msg="Ack" dir=Sent mac=xx:xx:xx:xx ip=xxx.xxx.xxx.xxx lease=1800 hostname="aaaa" msg="Assigns IP address/configuration parameters to the client"
... View more
12-15-2015
01:40 AM
Hi,
I have installed the Fortinet Fortigate App and Add-on for Splunk.
I have a rsyslog configuration to dump the syslog from Fortigate into a folder.
I configured Splunk data input to monitor the above folder with sourcetype="fortigate"
I am able to search the data after they are indexed.
However, I am not able to get after results in the App for Fortigate.
What other configurations do I need to do please?
Thank you
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
