#MSOMS ingesting Fortigate logs for security and compliance #asc

We use Azure Log Analytics as our main log ingestion platform, we use standard and custom solutions, we even use it to ingest our own application logs using the ingestion API. This is a sound piece of technology.  In particular the Security and Compliance Solution can be of great help in reaching GDPR compliance.

We engaged a few customers with Fortinet Fortigate solution for their internet access control and unfortunately they were not able to update all their appliances to the latest FortiOS release, the only only one that supports CEF and thus can be directly ingested in log analytics and processed by the Security and Compliance Solution.

So I developed a custom filter for the agent to ingest legacy logs and make them suitable for the Security and Compliance solution. You can find the preliminary documentation here and the PR in master branch of the OMS agent here. We’re currently using the solution in production without any noticeable glitch (read the caveats section in the documentation)

Hope this helps.

  • Daniele

, ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: