Hello friends
what graylog support Device WAF ?
could you please be a little more verbose. What is âDevice WAFâ?
hi jan
Thank you for the answer
WAF ( [Web Application Firewall ]
I need for waf device fortiweb to content pack or plugin Ù etcâŠ
I thought you meanted WAF ⊠Iâm not aware why it should not be possible. How that device or software writes the log?
Hi jan,
Iâm so sorry, I should have explained more
I use Fortiweb WAF [Web Application Firewall] for the security of web services
It works like a firewall
Version is Open Source WAF Module ModeSecurity
So I guess that is a device @bahram where you can configure messages should be send via CEF or Syslog to a central Server?
- First check FortiWeb log format documentation, so you know format of messages
Introduction | FortiWeb 6.2.1 | Fortinet Document Library - Second setup syslog on FortiWeb
Logging | FortiWeb 6.2.0 | Fortinet Document Library - Next create Input Syslog UDP or TCP (depends on FortiWeb syslog configuration) in Graylog
- Create pipeline in Graylog to fix FortiWeb timestamp, change your timezone
rule "fortigate_timestamp" when has_field("devname") AND has_field("date") AND has_field("time") then let build_message_0 = concat(to_string($message.date), " "); let build_message_1 = concat(build_message_0, to_string($message.time)); let new_time = parse_date(value: build_message_1, pattern:"yyyy-MM-dd HH:mm:ss", timezone:"Europe/Bratislava"); set_field("timestamp", new_time); end
- Thatâs it, only basic parsing, but you can continue and create own dashboardâŠ
1 Like
Hi,
Excellent:
The help was invaluable and very helpful
thanks a lot
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.