we're currently setting up a central logging solution based on k8s, kafka and Opensearch. for parsing logdata we use fluentd as middleware between kafka as logbuffer/cahe und OpenSearch for Loganalysis. We've several issues with sylog event data fom our security network components like Firewalls, Load Balancer, VPN Gateways etc. - especially the log data from Pulse Secure VPN GW is a Challenge - any hints for fluentD plungins to easily parse, transform an normalize syslog event data? Idealy a howto or best practice?
Kind regards
We've tried with the fluentd documentation and standard plugins available to solve our issue, but we failed with that. Maybe someone has experience with Pulse Secure and is able to provide hints, artefacts, etc. to setup fluentD properly for parsing Pulse Secure syslog.