fortigate plug-in

615 views
Skip to first unread message

Suleyman Kuran

unread,
Sep 4, 2014, 8:57:40 AM9/4/14
to flu...@googlegroups.com
Hello,

I am trying to test fluentd + fortigate plugin + elasticsearch + kibana

Fortigate plugin receives raw log and forwards data to elasticsearch in proper format (Logstash format) but after putting it all together, Kibana's Logstash Dashboard shows nothing. What I have is, key value pairs in Sample Dashboard which is of little use. Do i have to install Logstach, too?

Thanks.


Masahiro Nakagawa

unread,
Sep 4, 2014, 10:36:00 AM9/4/14
to flu...@googlegroups.com
Hi,

Fortigate plugin receives raw log and forwards data to elasticsearch in proper format (Logstash format) but after putting it all together, Kibana's Logstash Dashboard shows nothing.

Does former statement mean Kibana shows the graphs with test records correctly?
Does latter statement mean inserting large number of records to Elasticsearch doesn't work with Kibana?

There are several checkpoints:

1. All records are stored into Elasticsearch or not
2. Kibana sends a query to Elasticsearch or not
3. Elasticsearch returns a query result or not. If you setup Elasticsearch on poor machine, ES may fail a query with large number of records.


Masahiro



--
You received this message because you are subscribed to the Google Groups "Fluentd Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fluentd+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Suleyman Kuran

unread,
Sep 4, 2014, 11:18:31 AM9/4/14
to flu...@googlegroups.com
Hi Masahiro,

Thank you for your reply.

I can see in Kibala's Sample Dashboard data coming from fluentd, but no graphs reports etc. I expect to see some meaningful graphs in Logstash Dashboard because the fortigate plugin sends raw syslog in logstach format.

I am not sure if Kibala send queries to ES. I thought the fortigate plugin (poor mans forti analyzer) has some preconfigured reports, aggregations,  etc.

Regards,





4 Eylül 2014 Perşembe 17:36:00 UTC+3 tarihinde repeatedly yazdı:

Kiyoto Tamura

unread,
Sep 5, 2014, 12:47:58 AM9/5/14
to flu...@googlegroups.com
Hi Suleyman-

You might be mixing up Fluentd and Kibana. The general flow of data is

Syslog data -> Fluentd -> Fluentd's fortigate plugin -> Elasticsearch <-> Kibana (visualization)

So, fluent-plugin-fortigate just parses the message into a format that Elasticsearch can understand. If you want to configure Kibana, you have to do that on your own.

Kiyoto
--
Check out Fluentd, the open source data collector to unify log management.

Suleyman Kuran

unread,
Sep 5, 2014, 5:15:01 AM9/5/14
to flu...@googlegroups.com
Thanks for your reply anyway

5 Eylül 2014 Cuma 07:47:58 UTC+3 tarihinde kiyoto yazdı:
Reply all
Reply to author
Forward
0 new messages