Tigera Calico
- Integration Points
- Configuring Tigera Calico to Send Logs
- Configuring FortiSIEM to Receive Logs
- Tigera Calico Event Types
- Tigera Calico Sample Logs
Integration Points
Protocol | Information Collected | Used For |
---|---|---|
Syslog |
Flow, Audit and DNS logs | Security and Compliance Monitoring |
Configuring Tigera Calico to Send Logs
Follow the steps listed here to send syslog to FortiSIEM.
Configuring FortiSIEM to Receive Logs
No configuration is needed. FortiSIEM can automatically detect and parse Tigera Calico logs based on the built in parser.
Tigera Calico Event Types
Go to Resources > Event Type and search "Calico_Enterprise_"
Tigera Calico Sample Logs
<14>May 8 15:49:58 ip-10-0-0-193.ec2.internal tigera_secure: {"start_time":1588952982,"end_time":1588952992,"source_ip":"10.48.98.2","source_name":"elastic-operator-0","source_name_aggr":"elastic-operator-*","source_namespace":"tigera-eck-operator","source_port":null,"source_type":"wep","source_labels":{"labels":["k8s-app=elastic-operator","statefulset.kubernetes.io/pod-name=elastic-operator-0","control-plane=elastic-operator","controller-revision-hash=elastic-operator-6fc7545df5"]},"dest_ip":"10.48.241.198","dest_name":"tigera-secure-es-es-0","dest_name_aggr":"tigera-secure-es-es-*","dest_namespace":"tigera-elasticsearch","dest_port":9200,"dest_type":"wep","dest_labels":{"labels":["statefulset.kubernetes.io/pod-name=tigera-secure-es-es-0","elasticsearch.k8s.elastic.co/version=7.3.2","controller-revision-hash=tigera-secure-es-es-757895bb98","elasticsearch.k8s.elastic.co/http-scheme=https","elasticsearch.k8s.elastic.co/statefulset-name=tigera-secure-es-es","elasticsearch.k8s.elastic.co/node-data=true","elasticsearch.k8s.elastic.co/config-hash=1585026949","elasticsearch.k8s.elastic.co/node-ml=true","common.k8s.elastic.co/type=elasticsearch","elasticsearch.k8s.elastic.co/node-ingest=true","elasticsearch.k8s.elastic.co/node-master=true","elasticsearch.k8s.elastic.co/cluster-name=tigera-secure"]},"proto":"tcp","action":"allow","reporter":"dst","policies":{"all_policies":["0|allow-tigera|tigera-elasticsearch/allow-tigera.elasticsearch-access|allow"]},"bytes_in":2593,"bytes_out":4617,"num_flows":3,"num_flows_started":1,"num_flows_completed":1,"packets_in":17,"packets_out":10,"http_requests_allowed_in":0,"http_requests_denied_in":0,"original_source_ips":null,"num_original_source_ips":0,"host":"fluentd-node-xzscj"}