[Fortinet] Separate Fortinet FortiGate into own Integration (#3265)

* Separate Fortinet Fortigate into own Integration

* update changelog

* Update casing

* update codeowners

* format files

* fix dataset field name

* update to ECS 8.3

* found error

* update sample event

* Add TLS to tcp

* Rebase changes for TCP input

Author: legoguy1000

.github/CODEOWNERS

@@ -65,6 +65,7 @@
 /packages/fleet_server @elastic/elastic-agent-control-plane
 /packages/fortinet @elastic/security-external-integrations
 /packages/fortinet_forticlient @elastic/security-external-integrations
+/packages/fortinet_fortigate @elastic/security-external-integrations
 /packages/gcp @elastic/security-external-integrations @elastic/obs-cloud-monitoring
 /packages/gcp_pubsub @elastic/security-external-integrations
 /packages/github @elastic/security-external-integrations

packages/fortinet_fortigate/_dev/build/build.yml

@@ -0,0 +1,3 @@
+dependencies:
+  ecs:
+    reference: [email protected]

packages/fortinet_fortigate/_dev/build/docs/README.md

@@ -0,0 +1,15 @@
+# Fortinet FortiGate Integration
+
+This integration is for Fortinet FortiGate logs sent in the syslog format.
+
+## Compatibility
+
+This integration has been tested against FortiOS version 6.0.x and 6.2.x. Versions above this are expected to work but have not been tested.
+
+### Log
+
+The `log` dataset collects JFortinet FortiGate logs.
+
+{{event "log"}}
+
+{{fields "log"}}

packages/fortinet_fortigate/_dev/deploy/docker/docker-compose.yml

@@ -0,0 +1,23 @@
+version: '2.3'
+services:
+  fortinet-logfile:
+    image: alpine
+    volumes:
+      - ./sample_logs:/sample_logs:ro
+      - ${SERVICE_LOGS_DIR}:/var/log
+    command: /bin/sh -c "cp /sample_logs/* /var/log/"
+  fortinet-firewall-tls:
+    image: docker.elastic.co/observability/stream:v0.7.0
+    volumes:
+      - ./sample_logs:/sample_logs:ro
+    command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9515 -p=tls --insecure /sample_logs/fortinet-firewall.log
+  fortinet-firewall-tcp:
+    image: docker.elastic.co/observability/stream:v0.7.0
+    volumes:
+      - ./sample_logs:/sample_logs:ro
+    command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9514 -p=tcp /sample_logs/fortinet-firewall.log
+  fortinet-firewall-udp:
+    image: docker.elastic.co/observability/stream:v0.7.0
+    volumes:
+      - ./sample_logs:/sample_logs:ro
+    command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9515 -p=udp /sample_logs/fortinet-firewall.log

packages/fortinet_fortigate/_dev/deploy/docker/sample_logs/fortinet-firewall.log

@@ -0,0 +1,6 @@
+# newer versions go on top
+- version: "1.0.0"
+  changes:
+    - description: Initial version of Fortinet FortiGate as separate package
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3265

packages/fortinet_fortigate/changelog.yml

@@ -0,0 +1,3 @@
+fields:
+  tags:
+    - preserve_original_event