I am trying to send Traffic Syslog encrypted from Fortigate firewall to
Rsyslog on Ubuntu server.I have managed to do this for other Clients,
however one of my latest Client gets an error saying"Decode error" in
traffic dump and "No supported cipher ...
I am working at a SOC where we receive traffic from Fortinet
firewalls.One of my contacts has configured syslog to my Ubuntu server,
but I only see the following data: <11>Dec 5 13:32:16 ti110211101x110
RT_IDS <14>Dec 5 13:32:16 ti110211101x110 RT_FL...
I have log lines that I want to parse to JSON using Regex. I can now
parse 99% of all logs, but the regex failes on a few log lines! I need
help to complete the regex.RegEx so far:
<(?P\d+)>(?P[A-Za-z]{3} \d{2} \d{2}:\d{2}:\d{2})
(?P[^\s]+) date=(?P\...
I am under Security Fabric > Automation > New > Add Trigger > +Create >
FortiOS Event Log. Here is a looooooooong list of events that I can send
to my SOC, but I do not know what is smart to send to them. Any
suggestions? List of events:802.1x authen...
I want to send data to a SOC. The SOC is using LimaCharlie and they can
receive alerts with webhook. On my Fortigate I want to create a trigger
for all threats that have the weight "High" or "Critical. I am
here:Security Fabric > Automation > Create ...
The client could not provide the config because it was a Juniper
firewall, and not a Fortigate.. So if someone got the same problem then
they now that this is not Fortigate :p
What is the SNI value which the firewall is sending the client hello
packet?There is no SNI value ssl.handshake.extensions_server_name in the
client hello. What is the server cert which you are getting as per the
server hello and the CA which signed ...
