Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Tigera Calico

Integration Points

Protocol Information Collected Used For

Syslog

Flow, Audit and DNS logs Security and Compliance Monitoring

Configuring Tigera Calico to Send Logs

Follow the steps listed here to send syslog to FortiSIEM.

Configuring FortiSIEM to Receive Logs

No configuration is needed. FortiSIEM can automatically detect and parse Tigera Calico logs based on the built in parser.

Tigera Calico Event Types

Go to Resources > Event Type and search "Calico_Enterprise_"

Tigera Calico Sample Logs

<14>May 8 15:49:58 ip-10-0-0-193.ec2.internal tigera_secure: {"start_time":1588952982,"end_time":1588952992,"source_ip":"10.48.98.2","source_name":"elastic-operator-0","source_name_aggr":"elastic-operator-*","source_namespace":"tigera-eck-operator","source_port":null,"source_type":"wep","source_labels":{"labels":["k8s-app=elastic-operator","statefulset.kubernetes.io/pod-name=elastic-operator-0","control-plane=elastic-operator","controller-revision-hash=elastic-operator-6fc7545df5"]},"dest_ip":"10.48.241.198","dest_name":"tigera-secure-es-es-0","dest_name_aggr":"tigera-secure-es-es-*","dest_namespace":"tigera-elasticsearch","dest_port":9200,"dest_type":"wep","dest_labels":{"labels":["statefulset.kubernetes.io/pod-name=tigera-secure-es-es-0","elasticsearch.k8s.elastic.co/version=7.3.2","controller-revision-hash=tigera-secure-es-es-757895bb98","elasticsearch.k8s.elastic.co/http-scheme=https","elasticsearch.k8s.elastic.co/statefulset-name=tigera-secure-es-es","elasticsearch.k8s.elastic.co/node-data=true","elasticsearch.k8s.elastic.co/config-hash=1585026949","elasticsearch.k8s.elastic.co/node-ml=true","common.k8s.elastic.co/type=elasticsearch","elasticsearch.k8s.elastic.co/node-ingest=true","elasticsearch.k8s.elastic.co/node-master=true","elasticsearch.k8s.elastic.co/cluster-name=tigera-secure"]},"proto":"tcp","action":"allow","reporter":"dst","policies":{"all_policies":["0|allow-tigera|tigera-elasticsearch/allow-tigera.elasticsearch-access|allow"]},"bytes_in":2593,"bytes_out":4617,"num_flows":3,"num_flows_started":1,"num_flows_completed":1,"packets_in":17,"packets_out":10,"http_requests_allowed_in":0,"http_requests_denied_in":0,"original_source_ips":null,"num_original_source_ips":0,"host":"fluentd-node-xzscj"}

Tigera Calico

Integration Points

Protocol Information Collected Used For

Syslog

Flow, Audit and DNS logs Security and Compliance Monitoring

Configuring Tigera Calico to Send Logs

Follow the steps listed here to send syslog to FortiSIEM.

Configuring FortiSIEM to Receive Logs

No configuration is needed. FortiSIEM can automatically detect and parse Tigera Calico logs based on the built in parser.

Tigera Calico Event Types

Go to Resources > Event Type and search "Calico_Enterprise_"

Tigera Calico Sample Logs

<14>May 8 15:49:58 ip-10-0-0-193.ec2.internal tigera_secure: {"start_time":1588952982,"end_time":1588952992,"source_ip":"10.48.98.2","source_name":"elastic-operator-0","source_name_aggr":"elastic-operator-*","source_namespace":"tigera-eck-operator","source_port":null,"source_type":"wep","source_labels":{"labels":["k8s-app=elastic-operator","statefulset.kubernetes.io/pod-name=elastic-operator-0","control-plane=elastic-operator","controller-revision-hash=elastic-operator-6fc7545df5"]},"dest_ip":"10.48.241.198","dest_name":"tigera-secure-es-es-0","dest_name_aggr":"tigera-secure-es-es-*","dest_namespace":"tigera-elasticsearch","dest_port":9200,"dest_type":"wep","dest_labels":{"labels":["statefulset.kubernetes.io/pod-name=tigera-secure-es-es-0","elasticsearch.k8s.elastic.co/version=7.3.2","controller-revision-hash=tigera-secure-es-es-757895bb98","elasticsearch.k8s.elastic.co/http-scheme=https","elasticsearch.k8s.elastic.co/statefulset-name=tigera-secure-es-es","elasticsearch.k8s.elastic.co/node-data=true","elasticsearch.k8s.elastic.co/config-hash=1585026949","elasticsearch.k8s.elastic.co/node-ml=true","common.k8s.elastic.co/type=elasticsearch","elasticsearch.k8s.elastic.co/node-ingest=true","elasticsearch.k8s.elastic.co/node-master=true","elasticsearch.k8s.elastic.co/cluster-name=tigera-secure"]},"proto":"tcp","action":"allow","reporter":"dst","policies":{"all_policies":["0|allow-tigera|tigera-elasticsearch/allow-tigera.elasticsearch-access|allow"]},"bytes_in":2593,"bytes_out":4617,"num_flows":3,"num_flows_started":1,"num_flows_completed":1,"packets_in":17,"packets_out":10,"http_requests_allowed_in":0,"http_requests_denied_in":0,"original_source_ips":null,"num_original_source_ips":0,"host":"fluentd-node-xzscj"}