FortiGate Application for Splunk Installation & Configuration
Syslog-ng
Splunk Universal Forwarder Configuration
Add the following to inputs.conf
[#] Restart the Universal Forwarder
Install FortiGate Add-on for Splunk
You can install FortiGate Add-on for Splunk on search head, indexer, forwarder or single instance Splunk server.
Install FortiGate Application for Splunk
FortiGate Application for Splunk
Download and install the App
Settings, Data models, Fortinet FOS Log, accelrate
/opt/splunk/bin/splunk restart
Search & Reporting App, index=fortigate, Check for sourcetype feild (fortigate_traffic, fortigate_utm, fortigate_event)
Enterprise Security -> Security Domains
Troubleshooting
On the search head server, Edit $SPLUNK_HOME/etc/apps/Splunk_TA_fortinet_fortigate/default/props.conf
Resources:
Last updated