Hi everyone,
I'm setting up a FortiSIEM Supervisor All-in-one (AIO) with version 7.2.0, but I've encountered an issue with the Collector.
When I go to Admin → Setup → Collector, there is no option to configure the Collector’s IP or designate the server as a Collector. It seems like the Collector role is not enabled by default in my AIO environment. I also checked using systemctl, and the phCollector service does not exist on the system.
Steps I’ve already taken:
I need to monitor events from Windows servers, but I'm encountering issues with WMI/OMI. I'm receiving errors such as "WMI failed (Login to remote object error)" and "OMI failed (Win32_OperatingSystem Result not found via OMI)", even though everything is enabled on the Windows machines.
Without the Collector, I cannot add the template for the Windows agent I've created.
Has anyone experienced something similar or knows how to properly configure the All-in-one server as a Collector? Do I need to install an additional package or run a specific command?
Thanks in advance for your help!
Solved! Go to Solution.
Hi @Thonno ,
Yes in local scope only collector would be visible. In Enterprise license you can add any number of collectors.
Collector is separate VM , there is no other option and you need to deploy a new VM.
Post that can register the collector to supervisor.
Documentation:
Hi @Thonno ,
To view Admin → Setup → Collector you would need to be in Super>Local Scope.
I guess you are in Super>Global scope and your box is deployed as service provider license. This case do you see Admin → Setup → Organizations ?
Hi, I am in
I actually don’t see Admin / Setup / Organizations.
I see the Collector option under Admin / Setup; I tried to create a collector, but the problem is that I have an AIO environment, and I don’t have any additional VMs/servers with roles adjacent to the Supervisor.
After creating the collector, I see the error "No Connection" under Admin / Health / Collector Health because I don’t have any other servers.
I have only the AIO Enterprise license.
Hi @Thonno ,
Yes in local scope only collector would be visible. In Enterprise license you can add any number of collectors.
Collector is separate VM , there is no other option and you need to deploy a new VM.
Post that can register the collector to supervisor.
Documentation:
Hello
Did you found a workaround or a resolution?
Hi, I finally solved it by configuring the credentials in OMI with kerberos-auth instead of ntlm-auth, and it worked. In WMI or OMI, ntlm has always given me issues. I ended up not using the Agent because, after reviewing the licenses, I realized I only had 2 agents available for installation.
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.