Sumo Logic + Fortigate + Monitoring Children (update)
Sumo Logic dashboard query to build a graph of usage by MAC address over time.
Sumo Logic dashboard query to build a graph of usage by MAC address over time.
Take the output from Suricata, send it into Sumo Logic, then create a dashboard to view top allowed/denied port usage, and DNS nameservers.
Summary post with picture of dashboard in Sumo Logic of my start with running Suricata on my systems.
I received a question via Twitter today on how to configure the Fortigate firewall to send data into Sumo Logic.
Updated query replacing an empty category with UNRATED for a more useful display.
Website classification can be used for content filtering. This post has Sumo Logic searches from Fortigate logs to look at utilization by category as well as an example of a scheduled search to create a daily report, perhaps of just the adult content categories.
Creating a configuration strategy for your Sumo Logic collector requires you to decide on whether you are going to use the web interface to control your collector or use a JSON configuration file.
My dashboard – I took the Cisco ASA application from Sumo Logic and converted it into a dashboard that is built from the logging of a Fortigate firewall.
An additional panel that provides a representation of IPS triggered rules.