Technical Tip:Collector not registering to Aggregator - Manager

Description

This article describes communication Troubleshooting.

Scope

FortiEDR

Solution

When the Collector is installed and it is not visible in the Console. 

netstat -an | findstr 555

 

The output should be as follows if communication is established.

 

C:\windows\system32>netstat -an | findstr 555

TCP    <ip_address_of_Core>:<Random _Port_Number>    <ip_address_of_Core>:555      ESTABLISHED

 

On collector: Check control connection to aggregator On collector in the command prompt run the following command:

 

netstat -an | findstr 8081

 

The output should be as follows if communication is established:

 

Example:

 

C:\windows\system32>netstat -an | findstr 8081

TCP    <ip_address_of_Aggregator>:<Random _Port_Number>    <ip_address_of_Aggregator>:8081      ESTABLISHED

 

 

Also on Windows Collectors, it is possible to use PowerShell command for that:

 

For Core:

 

$ Test-NetConnection <ip_address_of_Core> -p 555

 

For Aggregator:

 

$ Test-NetConnection <ip_address_of_Aggregator> -p 8081

 

On

macOS and Linux - Aggregator

netstat -an | grep 8081

 

 

On

macOS and Linux - Core

netstat -an | grep 555

 

- If there is no established connection, gather logs locally on unit by using the following instructions and creating a support case. 

- Also provide the output details from the commands that was ran from above. 

 

 

Windows Device: 

 

Open the Command Prompt as Administrator.

 

Run the following Command:

 

"C:\Program Files\Fortinet\FortiEDR\FortiEDRCollectorService.exe" --support

 

And Gather the files from the following location: %TEMP%\program_data_archive_support.zip 

 

For macOS:

 

/Applications/FortiEDR.app/FortiEDRCollector --support

 

For Linux:

 

/opt/FortiEDRCollector/fortiedr_collector —support 

v5 and above: /opt/FortiEDRCollector/bin/FortiEDRCollector --support