FortiSIEM Discussions
AlexPien
New Contributor II

Best Practise to add PostGreSQL to FortiSIEM

 

Hello everyone,

Has anyone already integrated PostgreSQL with FortiSIEM?

I couldn’t find any reference in the External System Configuration Guide, and I also haven’t come across any parser or predefined event types for PostgreSQL.

From my point of view, the integration should be possible via JDBC, similar to Oracle or other databases. However, I don’t have any hands-on experience with PostgreSQL audit logging or integration, and neither do my customers.

Does anyone have an idea or experience to share? Otherwise, I guess it will be a matter of trial and error. :)

Best regards,
Alex

5 REPLIES 5
Secusaurus
Contributor III

Hi @AlexPien,

 

I would just let postresql write to syslog and arrange the machine to send syslog to your collector.

 

Best,

Christian

FCX #003451 | Fortinet Advanced Partner
FCX #003451 | Fortinet Advanced Partner
AlexPien
New Contributor II

Thanks for the link and the idea. This would be more easy! I will try it

jeffery634
New Contributor

Hey Alex, I actually went through this a while back and can confirm there isn’t a built-in parser for PostgreSQL in FortiSIEM. I ended up connecting via JDBC App, which worked fine, but the main challenge was handling the audit logs since they needed some customization to parse correctly. I had to create a custom parser to map the events in a useful way, but once that was done the integration worked as expected. It definitely took some trial and error, but it’s doable.

loferialopez5
New Contributor

You’re right, JDBC should work well for this. I’d suggest enabling detailed audit logging first so FortiSIEM can parse events properly and if you want extra tips, you can Visit 3 patti boss for some solid integration discussions.

jacksonms03
New Contributor

Good point JDBC should work fine if you map the audit logs properly. I tried a similar setup once and Spribewin helped me figure out parsing rules, so it might save you some trial-and-error here.