FortiGate Syslog

It turns out that FortiGate CEF output is extremely buggy, so I built some dashboards for the Syslog output instead, and I actually like the results much better.

I also created a guide that explains how to set up a production-ready single node Graylog instance for analyzing FortiGate logs, complete with HTTPS, bidirectional TLS authentication.

Download from GitHub
GitHub project
Open issues

Be sure to add yourself as a watcher to the GitHub project to be notified of new Content Pack releases that fix bugs or add more features.


Thanks for sharing :+1: Looks good.

Thank you for this, its exactly what I needed.