Integration Name

Fortinet FortiGate Firewall Logs [fortinet_fortigate]

Dataset Name

fortinet_fortigate.log

Integration Version

1.25.8

Agent Version

8.15.2

Agent Output Type

elasticsearch

Elasticsearch Version

8.15.2

OS Version and Architecture

Ubuntu 22.04 LTS (x86_64)

Software/API Version

FortiOS 7.2.9

Error Message

Processor dissect with tag ssh login 3 in pipeline logs-fortinet_fortigate.log-1.25.8-login failed with message: Unable to find match for dissect pattern: %{_tmp.user.roles} %{user.name} logged in %{event.outcome} from %{}(%{source.ip}) against source: Administrator myadmin logged in successfully from jsconsole

Event Original

<190>date=2024-10-15 time=09:00:14 devname="MYDEV" devid="FGT" eventtime=1728975613911842322 tz="+0200" logid="0100032001" type="event" subtype="system" level="information" vd="root" logdesc="Admin login successful" sn="1728975613" user="myuser" ui="jsconsole" method="jsconsole" srcip=1.3.3.3 dstip=172.1.2.3 action="login" status="success" reason="none" profile="super_admin" msg="Administrator myadmin logged in successfully from jsconsole"

What did you do?

normal regular integration and FortiOS update

What did you see?

error.message

What did you expect to see?

no error.message

Anything else?

it would help to have in elastic the integration version so that we know when exactly this has started or if there was an FortiOS or Integration issue.