Hi Everyone,
Im new in graylog. We have graylog setup that our fortigate firewall is sending logs. I would like to search or make an dashboard to monitor when the devices are rebooted, shutdown and its power up and what is the reason. Thank you.
Thank you.
So as a first step you are going to want to parse out the messages into fields. Which you can either build yourself or find one someone has posted (ideally using pipelines as those are the future). Also if you are building them from scratch i would highly recommend you use the graylog data scheme to make your life easier in the future Information Model: Entities — Graylog (GIM) Schema 1.0 documentation
Then once you have the data parsed into fields it becomes much easier because you would have a field that is message type or something like that and you could filter to only reboot, shutdown etc and the reason would be stored in another field that you can easily grab to display.
Thank you so much. I will be studying the article.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
