Skip to content

InstallationΒΆ

Let's get this party started! 🀩

FortiDragon uses a modular architecture where each layer is independent. Choose the technologies that best fit your needs.

Installation FlowΒΆ

Follow these steps in order:

  1. Configure Data Sources - Set up your firewall to send logs
  2. Install Ingestion Layer - Deploy Vector to collect and process logs
  3. Set Up Storage - Choose Victoria Logs or Elasticsearch
  4. Configure Visualization - Import dashboards in Grafana or Kibana

1. Data SourcesΒΆ

Platform Status Guide
Fortigate βœ… Fully Supported β†’ Setup Guide
FortiEDR βœ… Supported β†’ Setup Guide
FortiMail βœ… Supported β†’ Setup Guide
FortiWeb / FortiAppSec βœ… Supported β†’ Setup Guide
Palo Alto PAN-OS βœ… Fully Supported β†’ Setup Guide

Next: After configuring your firewall, proceed to install the ingestion layer.

2. IngestionΒΆ

The ingestion layer receives syslog data, parses it, enriches it, and forwards it to storage.

Platform Status Guide
Vector βœ… Recommended β†’ Setup Guide
Logstash ❌ Deprecated β†’ Setup Guide
Elastic Agent ❌ Deprecated β†’ Setup Guide

Chef's Choice

Use Vector

It's fast, flexible, and powerfull.

We've migrated from Logstash and Elastic Agent to Vector.

Next: After installing Vector, set up your storage backend.

3. StorageΒΆ

Choose where to store your parsed logs for analysis.

Platform Status Guide
Victoria Logs βœ… Recommended β†’ Setup Guide
Elasticsearch πŸ‘΄πŸ» Supported β†’ Setup Guide

Chef's Choice

Use Victoria Logs

It's the sweet spot of simplicity, performance, and query power.

It's actively developed with a great roadmap!

Next: After setting up storage, configure your visualization layer.

4. VisualizationΒΆ

Import pre-built dashboards to start analyzing your firewall logs immediately.

Platform Status Guide
Grafana βœ… Recommended β†’ Setup Guide
Kibana πŸ‘΄πŸ» Supported β†’ Setup Guide

Chef's Choice

Using Victoria Logs? β†’ Use Grafana

Using Elasticsearch? β†’ Use Kibana

Next: Import dashboards and start threat hunting!

Quick Start PathsΒΆ

Choose your path based on your needs:

Best for: New deployments, maximum performance

  1. Configure Fortigate β†’ Syslog to Vector
  2. Install Vector β†’ Parse and enrich logs
  3. Install Victoria Logs β†’ Store logs efficiently
  4. Setup Grafana Cloud β†’ Visualize and analyze

Time to first dashboard: ~30 minutes

🏒 Legacy Path - Elasticsearch¢

Best for: Existing Elasticsearch deployments

  1. Configure Fortigate β†’ Syslog to Vector
  2. Install Vector β†’ Parse and enrich logs
  3. Configure Elasticsearch β†’ Use existing cluster
  4. Setup Kibana β†’ Import dashboards

Time to first dashboard: ~45 minutes

Ready to start? Pick your path above and let's go! πŸ‰

What You'll GetΒΆ

After completing installation, you'll have:

  • πŸ“Š Professional Dashboards - Pre-built visualizations for immediate insights
  • πŸ” Deep Visibility - Full parsing of all firewall fields
  • 🎯 User friendly UI - Easy to navigate and consistent UI
  • πŸš€ High Performance - Handle massive log volumes
  • πŸ’° Cost Effective - Free and open source

Need Help?ΒΆ