In some cases, you might need to massively modify collector configuration on the deployed collectors.
E.g. you need to change the aggregator address from FQDN to IP or vice versa, or something like that.
It is possible to do so without reinstallation of the collector, by just running CLI scripts on Windows or Linux devices
| Description |
Modifying collector configuration on Windows |
| Scope |
FortiEDR Collector Service |
| Solution |
#stopping collector service, passing registration password in the parameters
powershell.exe -Command "& 'C:\Program Files\Fortinet\FortiEDR\FortiEDRCollectorService.exe' --stop -rp:<REGISTRATION PASSWORD>"
#replacing an old aggregator address with a new one
(Get-Content "C:\ProgramData\FortiEDR\Config\Collector\CollectorBootstrap.jsn").Replace('<AGGREGATOR ADDRESS>:8081','<NEW AGGREGATOR ADDRESS>:8081') | Set-Content "C:\ProgramData\FortiEDR\Config\Collector\CollectorBootstrap.jsn"
#starting collector service
powershell.exe -Command "& 'C:\Program Files\Fortinet\FortiEDR\FortiEDRCollectorService.exe' --start" |
| Description |
Modifying collector configuration on Linux |
| Scope |
FortiEDR Collector Service |
| Solution |
#stopping collector service, passing registration password in the parameters
sudo /opt/FortiEDRCollector/control.sh --stop <REGISTRATION PASSWORD>
#replacing an old aggregator address with a new one
sudo sed -i "s/<AGGREGATOR ADDRESS>:8081/<NEW AGGREGATOR ADDRESS>:8081/" /opt/FortiEDRCollector/Config/Collector/CollectorBootstrap.jsn
#starting collector service
sudo /opt/FortiEDRCollector/control.sh --start
|
