Skip to content

Commit ecf9022

Browse files
legoguy1000legoguy1000
authored
[Fortinet] Separate Fortinet FortiMail into own Integration (#3266)
* Separate Fortinet FortiMail into own Integration * update Changelog * update codeowners * update dataset field and format * update to ECS 8.3 * update sample event * not needed
1 parent 248c5ba commit ecf9022

File tree

25 files changed

+17612
-0
lines changed

25 files changed

+17612
-0
lines changed

.github/CODEOWNERS

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,7 @@
6666
/packages/fortinet @elastic/security-external-integrations
6767
/packages/fortinet_forticlient @elastic/security-external-integrations
6868
/packages/fortinet_fortigate @elastic/security-external-integrations
69+
/packages/fortinet_fortimail @elastic/security-external-integrations
6970
/packages/gcp @elastic/security-external-integrations @elastic/obs-cloud-monitoring
7071
/packages/gcp_pubsub @elastic/security-external-integrations
7172
/packages/github @elastic/security-external-integrations

packages/fortinet_fortimail/_dev/build/build.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
dependencies:
2+
ecs:
3+
reference: [email protected]

packages/fortinet_fortimail/_dev/build/docs/README.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# Fortinet FortiMail Integration
2+
3+
This integration is for Fortinet FortiMail logs sent in the syslog format.
4+
5+
## Compatibility
6+
7+
This integration has been tested against FortiOS version 6.0.x and 6.2.x. Versions above this are expected to work but have not been tested.
8+
9+
### Log
10+
11+
The `log` dataset collects Fortinet FortiMail logs.
12+
13+
{{event "log"}}
14+
15+
{{fields "log"}}

packages/fortinet_fortimail/_dev/deploy/docker/docker-compose.yml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
version: '2.3'
2+
services:
3+
fortinet-logfile:
4+
image: alpine
5+
volumes:
6+
- ./sample_logs:/sample_logs:ro
7+
- ${SERVICE_LOGS_DIR}:/var/log
8+
command: /bin/sh -c "cp /sample_logs/* /var/log/"
9+
fortinet-fortimail-tcp:
10+
image: docker.elastic.co/observability/stream:v0.7.0
11+
volumes:
12+
- ./sample_logs:/sample_logs:ro
13+
command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9514 -p=tcp /sample_logs/fortinet-fortimail.log
14+
fortinet-fortimail-udp:
15+
image: docker.elastic.co/observability/stream:v0.7.0
16+
volumes:
17+
- ./sample_logs:/sample_logs:ro
18+
command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9515 -p=udp /sample_logs/fortinet-fortimail.log

packages/fortinet_fortimail/_dev/deploy/docker/sample_logs/fortinet-fortimail.log

Lines changed: 100 additions & 0 deletions
Large diffs are not rendered by default.

packages/fortinet_fortimail/changelog.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
# newer versions go on top
2+
- version: "1.0.0"
3+
changes:
4+
- description: Initial version of Fortinet FortiMail as separate package
5+
type: enhancement
6+
link: https://github.com/elastic/integrations/pull/3266

packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-common-config.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
fields:
2+
tags:
3+
- preserve_original_event

packages/fortinet_fortimail/data_stream/log/_dev/test/pipeline/test-generated.log

Lines changed: 100 additions & 0 deletions
Large diffs are not rendered by default.

0 commit comments

Comments
 (0)