Firewall logs not tagged as "firewall" - is this a problem? #9759
Replies: 1 comment 1 reply
-
|
It looks like the Firewall dashboard defaults to reading from the event dataset "firewall", while your logs are probably in "fortinet.firewall" and "paloalto.firewall". Check with the standard Log Type query in Hunt (* | groupby event.module event.dataset) to confirm. If you change "event.dataset:firewall" to "event.dataset:fortinet.firewall" in the query box for the Firewall dashboard, does the data populate as expected? |
Beta Was this translation helpful? Give feedback.
-
|
Yea, I've manage to tweak the dashboard ok, but I was more concerned about any other canned queries that might rely on "firewall", especially any of the playbooks. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Version 210. We are ingesting PaloAlto and Fortinet firewall logs using the built in Elastic pipelines and filebeat. Looking in the dashboards, there is a "firewall" dashboard, but none our our firewall logs appear there. Why is this, and is it going to cause any issues with reporting and alerting?
Thanks
Ross
Beta Was this translation helpful? Give feedback.
All reactions