[Fortinet] Separate Fortinet FortiManager into own Integration (#3267)

* Separate Fortinet FortiManager into own Integration

* update changelog

* fix docker compose

* update codeowners

* fix dataset field

* update to ecs 8.3

* fix CI issues

* not needed

* bad formating

Author: legoguy1000

.github/CODEOWNERS

@@ -67,6 +67,7 @@
 /packages/fortinet_forticlient @elastic/security-external-integrations
 /packages/fortinet_fortigate @elastic/security-external-integrations
 /packages/fortinet_fortimail @elastic/security-external-integrations
+/packages/fortinet_fortimanager @elastic/security-external-integrations
 /packages/gcp @elastic/security-external-integrations @elastic/obs-cloud-monitoring
 /packages/gcp_pubsub @elastic/security-external-integrations
 /packages/github @elastic/security-external-integrations

packages/fortinet_fortimanager/_dev/build/build.yml

@@ -0,0 +1,3 @@
+dependencies:
+  ecs:
+    reference: [email protected]

packages/fortinet_fortimanager/_dev/build/docs/README.md

@@ -0,0 +1,15 @@
+# Fortinet FortiManager Integration
+
+This integration is for Fortinet FortiManager logs sent in the syslog format.
+
+## Compatibility
+
+This integration has been tested against FortiOS version 6.0.x and 6.2.x. Versions above this are expected to work but have not been tested.
+
+### Log
+
+The `log` dataset collects JFortinet FortiManager logs.
+
+{{event "log"}}
+
+{{fields "log"}}

packages/fortinet_fortimanager/_dev/deploy/docker/docker-compose.yml

@@ -0,0 +1,18 @@
+version: '2.3'
+services:
+  fortinet-logfile:
+    image: alpine
+    volumes:
+      - ./sample_logs:/sample_logs:ro
+      - ${SERVICE_LOGS_DIR}:/var/log
+    command: /bin/sh -c "cp /sample_logs/* /var/log/"
+  fortinet-fortimanager-tcp:
+    image: docker.elastic.co/observability/stream:v0.7.0
+    volumes:
+      - ./sample_logs:/sample_logs:ro
+    command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9514 -p=tcp /sample_logs/fortinet-fortimanager.log
+  fortinet-fortimanager-udp:
+    image: docker.elastic.co/observability/stream:v0.7.0
+    volumes:
+      - ./sample_logs:/sample_logs:ro
+    command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9515 -p=udp /sample_logs/fortinet-fortimanager.log

packages/fortinet_fortimanager/_dev/deploy/docker/sample_logs/fortinet-fortimanager.log

@@ -0,0 +1,6 @@
+# newer versions go on top
+- version: "1.0.0"
+  changes:
+    - description: Initial version of Fortinet FortiManager as separate package
+      type: enhancement # can be one of: enhancement, bugfix, breaking-change
+      link: https://github.com/elastic/integrations/pull/3267

packages/fortinet_fortimanager/changelog.yml

@@ -0,0 +1,3 @@
+fields:
+  tags:
+    - preserve_original_event

packages/fortinet_fortimanager/data_stream/log/_dev/test/pipeline/test-common-config.yml

@@ -0,0 +1,7 @@
+service: fortinet-logfile
+input: logfile
+data_stream:
+  vars:
+    paths:
+      - "{{SERVICE_LOGS_DIR}}/*fortimanager*.log"
+    preserve_original_event: true