Nybble Security Analytics: Onboard a Fortinet device
Before you begin
Onboarding a fortigate device requires a filebeat collector somewhere in your network.
See Nybble Security Analytics: Filebeat collector for further details.
Grab the DNS name of the nearest filebeat collector you've installed in your network.
Fortigate onboarding
To configure the collection on filebeat:
- Locate the fortinet section in filebeat.yml to turn on the firewall collection:
Log collection will use syslog, on port 1801, UDP.- module: fortinet firewall: enabled: false # turn it to true
- Restart the filebeat agent.
- Refer to Fortinet CLI Documentation for device configuration.
The syslog format choosen should beDefault
.