Technical Tip: How to register/re-register a collector (updated for FortiSIEM v5.2+ / v7.x)

Before registering the Collector, confirm:

1. The collector entry exists on the Supervisor.

On Supervisor GUI:

• ADMIN -> Setup -> Collectors.
• Create the Collector entry.

2. Connectivity and name resolution.

• DNS resolution (if using FQDN).
• Network connectivity.
• No firewall blocks between nodes.

Recommended:

• Use FQDN for Supervisor whenever possible.
• Ensure time sync between the Supervisor and the Collector.

3. Credentials.

• Enterprise: Typically admin.
• Service Provider: A user belonging to the target Organization (tenant).

Procedure A: Register a Collector (Enterprise/Single Organization).

Step 1: SSH to the Collector.

Log in via SSH as a root user.

Step 2: Run the registration command.

Use the phProvisionCollector utility:

phProvisionCollector --add <User> '<Password>' <Supervisor_IP_or_FQDN> <Organization> <Collector_Name>

Example (Enterprise default org 'super'):

phProvisionCollector --add admin '<P@ssw0rd>' X.X.X.X super COLLECTOR01

Parameters explained:

• <User>: Supervisor admin user (or Org user).
• <Password>: Password for that user.
• <Supervisor_IP_or_FQDN>: Supervisor address (prefer FQDN).
• <Organization>: usually super in Enterprise.
• <Collector_Name>: must match the name created in the GUI.

Step 3: Confirm status in the GUI.

On Supervisor:

• ADMIN -> Health -> Collector Health.
• Validate the Collector shows online/healthy.

Procedure B: Re-register/update an existing Collector.

If the Collector was previously registered but lost connection (after redeploy, IP change, cert issues, or corrupted registration), use:

phProvisionCollector --update <User> '<Password>' <Supervisor_IP_or_FQDN> <Organization> <Collector_Name>

Example:

phProvisionCollector --update admin '<P@ssw0rd>' X.X.X.X super COLLECTOR01

When to use '--update':

• When the Collector already exists in the Supervisor GUI.
• When the Collector was registered before.
• To re-bind the Collector without creating a 'new' Collector identity.

Procedure C: Register the Collector (Service Provider/Multi-Tenant).

For multi-tenant environments, use the correct Organization.

Step 1: Confirm the Organization exists.

In the Supervisor GUI:

• Go to ADMIN -> Setup -> Organizations.
• Confirm the tenant name.

Step 2: Create the Collector under that Organization:

In the supervisor GUI:

• Go to ADMIN -> Setup -> Collectors.
• Ensure the Collector belongs to the correct Organization.

Step 3: Register using the tenant context.

phProvisionCollector --add <OrgUser> '<Password>' <Supervisor_IP_or_FQDN> <Organization> <Collector_Name>

Example:

phProvisionCollector --add exampleadmin '<P@ssw0rd>' siem-supervisor.example.com CustomerA COL-EXAMPLE-01

Verification checklist:

After running the command, verify the following:

In the supervisor GUI:

• The Collector is connected.
• There is no 'registration pending' status.
• Health metrics are normal.

On the Collector (CLI):

• Services PH up.
• No continuous reconnect loops.

Using the CLI, verify that the Natural ID matches on both the Supervisor and the Collector.

On Supervisor:

psql -U phoenix -d phoenixdb -c "select cust_org_id, name, ip_addr, eps, natural_id, collector_id from ph_sys_collector;"

On Collector:

cat /sys/class/dmi/id/product_uuid

Note: The legacy method using the Collector Web UI (port 5480) was applicable to older releases and is not used in current versions.