Skip to main content

Integrations

Enable Cribl to Send Fortinet Firewall Logs to Azure Event Hub

Use the following procedures to allow Cribl Stream to send Fortinet firewall logs to the Illumio-hosted Azure Event Hub.

Note

For Cribl, use the current Fortinet log format instead of Common Event Format (CEF).

  1. In Cribl Stream, add a Data Destination with the following values to the Azure Event Hub that you use for Illumio Insights:

    1. Output ID: Enter a unique name to identify the Azure Event Hubs definition.

    2. Brokers: arch-eventhub.servicebus.windows.net:9093

    3. Event Hub Name: rsyslog-logs

    4. TLS: Enabled

    5. Authentication: Enabled

    6. SASL Mechanism: PLAIN

    7. Username: $ConnectionString

    8. Password: Will be provided in a separate email. It is the full Event Hub connection string (usually starts with Endpoint=sb.//...;SharedAccessKeyName=...;SharedAccessKey=...).

  2. Add a Data Route with the following values to the Data Destination that you created:

    1. Route Name: Enter a unique name for the route.

    2. Pipeline: Select a value.

    3. Destination: Select the Destination Name (Output ID) that you created in Step 1.a.