Comments (3)
enotspe
commented on July 20, 2024
This log gets parsed OK, and also has whitespaces inside some values
<189>date=2022-07-31 time=20:22:55 devname="FGT-PLANTA01" devid="FG6H1E5819900604" logid="0317013312" type="utm" subtype="webfilter" eventtype="ftgd_allow" level="notice" vd="perimetral" eventtime=1659316975524190081 tz="-0500" policyid=206 sessionid=1706043846 srcip=10.172.47.159 srcport=52369 srcintf="P6_V474" srcintfrole="lan" dstip=209.53.113.225 dstport=80 dstintf="P2_320" dstintfrole="wan" proto=6 service="HTTP" hostname="si.namequery.com" profile="wf_mcp_acceso_planta" action="passthrough" reqtype="direct" url="http://si.namequery.com/" sentbyte=82482 rcvdbyte=38917 direction="outgoing" msg="URL belongs to an allowed category in policy" method="domain" cat=52 catdesc="Information Technology" rawdata="Method=POST|User-Agent=Mozilla/5.0 (compatible; MSIE 8.0;)" org="chinalco"
from fortinet-2-elasticsearch.
enotspe
commented on July 20, 2024
Another error on kv
[2022-08-02T16:56:19,723][WARN ][logstash.filters.kv ][syslog-fortinet-kv][6616a98f994dfc3cfa890fdb9a33fcd8f9ffe250bb0883f27647cc5bdd285438] Timeout reached in KV filter with value (entry too large to show; showing first 255 characters) `"date=2022-08-02 time=16:55:41 devname="FGT-PLANTA01" devid="FG6H1E5819900604" logid="0317013312" type="utm" subtype="webfilter" eventtype="ftgd_allow" level="notice" vd="perimetral" eventtime=1659477341611493234 tz="-0500" policyid=214 sessionid=1874365156"`[...]`
from fortinet-2-elasticsearch.
enotspe
commented on July 20, 2024
I think I found the original log (taken from faz)
http_url seems to be the issue
adom_oid=3 itime=1659477340 loguid=7127400903753074807 epid=37233 euid=3 data_parsername="FortiGate parser" data_sourceid="FG6H1E5819900604" data_sourcename="FGT-PLANTA01 perimetral" data_sourcetype="FortiGate" data_timestamp="1659477341" app_service="HTTPS" dst_domain="googleads.g.doubleclick.net" dst_intf="P2_320(wan)" dst_ip="::ffff:64.233.186.154" dst_port=443 event_action="passthrough" event_id=317013312 event_message="URL belongs to an allowed category in policy" event_severity="notice" event_subtype="webfilter" event_type="utm" host_ip="::ffff:10.172.65.200" host_name="10.172.65.200" http_referer="https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6909105969133411&output=html&h=280&adk=100604191&adf=1810213379&pi=" http_url="https://googleads.g.doubleclick.net/pagead/adview?ai=CG6wCXJ3pYpzpJpKHhAXzgZnwB-KahOVq74XIrpMPiu6S8rAJEAEg3fy8jgFg3QSgAYmTsvIDyAEJqAMByAPLBKoE9QFP0I6Zg-eJZ3YOQS_-8RbyZ4qUt2lUWb0wWmea9XAd6p1rM7MUc5pCJjjNwof8_zpXJo3kbpsiByC3E7eA8okci5vnPs_Ks6J6gKq5NiW7PeyX3PswATOT_kSNMCykzQK6_6MyKZQ94FoO-nPZ-b0sy3FHUKDCIV2Imp0dcrvKABPbCG-gp4klpPN1LLPG4AM9RrHtzOqym3xpEdG95U5Xv6B6fYlN10KSDMq46dhSNtwdr9_xKXZ5v_0naVQdsJxDxU0UzPMg-v5SVjJpHaTYw8KTKT8bIS8Hm4CYwoD7TQdW5paBJZ65jii6INuWvjK7Q25oYsAEzLWOspoCkgUECAQYAZIFBAgFGASQBgGgBi6AB" net_proto="6" net_recvbytes=108163 net_sentbytes=14342 net_sessionid="1874365156" src_intf="P6_V310(lan)" src_ip="::ffff:10.172.65.200" src_port=60272
from fortinet-2-elasticsearch.
Related Issues (20)
- Can't import dashboards HOT 7
- Integración HOT 1
- Any plans to add a Docker composer file? HOT 8
- checking installation HOT 8
- documentation HOT 2
- deployment to my ELK stack HOT 3
- Rsyslog Support HOT 13
- Getting Fortidragon to fly with rsyslog HOT 13
- Pipeline from is down HOT 3
- [feature request] - add dashboards for OpenSearch HOT 3
- Help with Issues HOT 1
- Logstash Shard error HOT 8
- I can't discover Fortigate log HOT 2
- Installation problem: Getting "illegal_argument_exception" error in logstash HOT 1
- Missing config file HOT 1
- Ruby exception occurred: can't convert Array into an exact number HOT 4
- invalid composite mappings for [logs-fortinet.fortigate.event] HOT 7
- Issue with Creating Transforms HOT 4
- Attempted to send event to 'syslog-fortinet-common_ecs-output' but that address was unavailable HOT 6
- Field and Document level security Integration HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fortinet-2-elasticsearch.