The docker contains a running logstash agent. The docker is collecting data from Fortigate firwall (using syslog) and sends the log data to Bridgecrew cloud in an encrypted secured manner.
The installation includes 2 steps:
- Fortigate syslog configuration
- Installing the syslog integration docker
connect to fortigate console and run the following command:
config log syslogd setting
set status enable
set server [IP of the server with the docker]
set reliable UDP
set port 9910
set csv enable
set facility local7
end
The port 9910 (UDP) must be open to the fortigate host (listening port).
Verify that iptables is configured to allow incoming traffic on port 9910.
- ssh into a server where the logstash-docker should be deployed
- Install docker
- Verify docker by running the following command:
docker info - Run syslog-integration docker by executing:
docker run -d -p 9910:9910/udp -e BC_CUSTOMER_NAME=[REPLACE_WITH_CUSTOMER_NAME] -e BC_API_TOKEN=[REPLACE_WITH_API_TOKEN] -e BC_URL="https://www.bridgecrew.cloud/api/v1/producers/logstash" bridgecrew/syslog-integration