[Fortinet] Deprecate original integration & change logfile to filestream

packages/fortinet/_dev/build/docs/README.md

@@ -1,4 +1,7 @@
-# Fortinet Integration
+# Fortinet Integration (Deprecated)
+
+_This integration is deprecated. Please use one of the other Fortinet integrations
+that are specific to a Fortinet product._
 
 This integration is for Fortinet [FortiOS](https://docs.fortinet.com/product/fortigate/6.2) and [FortiClient](https://docs.fortinet.com/product/forticlient/) Endpoint logs sent in the syslog format. It includes the following datasets for receiving logs:
 

packages/fortinet/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.8.1"
+  changes:
+    - description: Deprecating Fortinet package in favor of new product specific packages
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3819
 - version: "1.8.0"
   changes:
     - description: Update package to ECS 8.4.0

packages/fortinet/docs/README.md

@@ -1,4 +1,7 @@
-# Fortinet Integration
+# Fortinet Integration (Deprecated)
+
+_This integration is deprecated. Please use one of the other Fortinet integrations
+that are specific to a Fortinet product._
 
 This integration is for Fortinet [FortiOS](https://docs.fortinet.com/product/fortigate/6.2) and [FortiClient](https://docs.fortinet.com/product/forticlient/) Endpoint logs sent in the syslog format. It includes the following datasets for receiving logs:
 

packages/fortinet/manifest.yml

@@ -1,8 +1,8 @@
 name: fortinet
 title: Fortinet
-version: "1.8.0"
+version: "1.8.1"
 release: ga
-description: Collect logs from Fortinet instances with Elastic Agent.
+description: Deprecated. Collect logs from Fortinet instances with Elastic Agent.
 type: integration
 format_version: 1.0.0
 license: basic

packages/fortinet_forticlient/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.1.0"
+  changes:
+    - description: Update Ingest Pipeline with observer Fields
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3819
 - version: "1.0.0"
   changes:
     - description: Initial version of Fortinet FortiClient as separate package

packages/fortinet_forticlient/data_stream/log/agent/stream/log.yml.hbs

@@ -10,12 +10,6 @@ tags:
 {{#each tags as |tag i|}}
   - {{tag}}
 {{/each}}
-fields_under_root: true
-fields:
-    observer:
-        vendor: "Fortinet"
-        product: "FortiClient"
-        type: "Anti-Virus"
 {{#contains "forwarded" tags}}
 publisher_pipeline.disable_host: true
 {{/contains}}

packages/fortinet_forticlient/data_stream/log/agent/stream/tcp.yml.hbs

@@ -7,12 +7,6 @@ tags:
 {{#each tags as |tag i|}}
   - {{tag}}
 {{/each}}
-fields_under_root: true
-fields:
-    observer:
-        vendor: "Fortinet"
-        product: "FortiClient"
-        type: "Anti-Virus"
 {{#contains "forwarded" tags}}
 publisher_pipeline.disable_host: true
 {{/contains}}

packages/fortinet_forticlient/data_stream/log/agent/stream/udp.yml.hbs

@@ -7,12 +7,6 @@ tags:
 {{#each tags as |tag i|}}
   - {{tag}}
 {{/each}}
-fields_under_root: true
-fields:
-    observer:
-        vendor: "Fortinet"
-        product: "FortiClient"
-        type: "Anti-Virus"
 {{#contains "forwarded" tags}}
 publisher_pipeline.disable_host: true
 {{/contains}}

packages/fortinet_forticlient/data_stream/log/elasticsearch/ingest_pipeline/default.yml

@@ -1,10 +1,18 @@
 ---
 description: Pipeline for Fortinet FortiClient Endpoint Security
-
 processors:
   - set:
       field: ecs.version
       value: '8.3.0'
+  - set:
+      field: observer.vendor
+      value: Fortinet
+  - set:
+      field: observer.product
+      value: FortiClient
+  - set:
+      field: observer.type
+      value: anti-virus
   # User agent
   - user_agent:
       field: user_agent.original

packages/fortinet_forticlient/manifest.yml

@@ -1,6 +1,6 @@
 name: fortinet_forticlient
 title: Fortinet FortiClient Logs
-version: 1.0.0
+version: 1.1.0
 release: ga
 description: Collect logs from Fortinet FortiClient instances with Elastic Agent.
 type: integration

packages/fortinet_fortigate/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.2.0"
+  changes:
+    - description: Update Ingest Pipeline with observer Fields
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3819
 - version: "1.1.0"
   changes:
     - description: Add dashboard.

packages/fortinet_fortigate/manifest.yml

@@ -1,6 +1,6 @@
 name: fortinet_fortigate
 title: Fortinet FortiGate Firewall Logs
-version: 1.1.0
+version: 1.2.0
 release: ga
 description: Collect logs from Fortinet FortiGate firewalls with Elastic Agent.
 type: integration

packages/fortinet_fortimail/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.1.0"
+  changes:
+    - description: Update Ingest Pipeline with observer Fields
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/3819
 - version: "1.0.0"
   changes:
     - description: Initial version of Fortinet FortiMail as separate package