Note: the UDP port, 514 in this example should be opened in firewall for logs to pass through. Port: 514 (Example, can be modified according to your own plan) Note: From version 1.2, the Splunk TA(Add-on) for fortigate no longer match wildcard source or sourcetype to extract fortigate log data, a default sourcetype fortigate_log is specified in default/nf instead, please follow the instruction below to configure your input and nf for the App and TA(Add-on). tgz file->Place the Splunk_TA_fortinet_fortigate folder under $SPLUNK_HOME/etc/apps-> Restart Splunk service.
FORTINET SUPPORT PORTAL LOGIN INSTALL
FORTINET SUPPORT PORTAL LOGIN UPGRADE
tgz file which is downloaded from ->check the upgrade box-> click restart splunk service.
Note: There is a 3rd party add-on for Fortinet named Fortinet Fortigate with FortiOS 5 Add-On with folder name TA-fortinet, which has conflict with Fortinet FortiGate Add-on for Splunk, so you need to disable the 3rd party add-on before you proceed. Configuration Steps Install Fortinet FortiGate Add-on for Splunk on search head, indexer, forwarder or single instance Splunk server: Please make sure FortiGate FOS version is 5.0 or later. If used with apps that are based on CIM, Splunk Common Information Model Add-on will need to be installed.
0 kommentar(er)
