what graylog support Device WAF ?
could you please be a little more verbose. What is “Device WAF”?
Thank you for the answer
WAF ( [Web Application Firewall ]
I need for waf device fortiweb to content pack or plugin و etc…
I thought you meanted WAF … I’m not aware why it should not be possible. How that device or software writes the log?
I’m so sorry, I should have explained more
I use Fortiweb WAF [Web Application Firewall] for the security of web services
It works like a firewall
Version is Open Source WAF Module ModeSecurity
So I guess that is a device @bahram where you can configure messages should be send via CEF or Syslog to a central Server?
- First check FortiWeb log format documentation, so you know format of messages
- Second setup syslog on FortiWeb
- Next create Input Syslog UDP or TCP (depends on FortiWeb syslog configuration) in Graylog
- Create pipeline in Graylog to fix FortiWeb timestamp, change your timezone
rule "fortigate_timestamp" when has_field("devname") AND has_field("date") AND has_field("time") then let build_message_0 = concat(to_string($message.date), " "); let build_message_1 = concat(build_message_0, to_string($message.time)); let new_time = parse_date(value: build_message_1, pattern:"yyyy-MM-dd HH:mm:ss", timezone:"Europe/Bratislava"); set_field("timestamp", new_time); end
- That’s it, only basic parsing, but you can continue and create own dashboard…
The help was invaluable and very helpful
thanks a lot
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.