Help
FortiSIEM Discussions
Thonno
New Contributor III

Created on ‎10-11-2024 02:22 AM

FortiSIEM AIO - Collector questions and WMI/OMI issues

Hi everyone,

I'm setting up a FortiSIEM Supervisor All-in-one (AIO) with version 7.2.0, but I've encountered an issue with the Collector.

When I go to Admin → Setup → Collector, there is no option to configure the Collector’s IP or designate the server as a Collector. It seems like the Collector role is not enabled by default in my AIO environment. I also checked using systemctl, and the phCollector service does not exist on the system.

Steps I’ve already taken:

  1. I checked the /opt/phoenix/config/phoenix_config.txt file to verify if the Collector role is enabled, but it seems unrecognized.
  2. Tried to find and start the Collector service, but the system says it doesn't exist.
  3. Restarted the main FortiSIEM services (phoenix), but the issue persists.

I need to monitor events from Windows servers, but I'm encountering issues with WMI/OMI. I'm receiving errors such as "WMI failed (Login to remote object error)" and "OMI failed (Win32_OperatingSystem Result not found via OMI)", even though everything is enabled on the Windows machines.

Without the Collector, I cannot add the template for the Windows agent I've created.

Has anyone experienced something similar or knows how to properly configure the All-in-one server as a Collector? Do I need to install an additional package or run a specific command?

Thanks in advance for your help!

Labels:
486
0 Kudos
1 Solution
premchanderr
Staff
Staff
In response to Thonno

Created on ‎10-13-2024 11:23 PM

Hi @Thonno ,

 

Yes in local scope only collector would be visible.  In Enterprise license you can add  any number of collectors. 

 

Collector is separate VM , there is no other option and you need to deploy a new VM. 
Post that can register the collector to supervisor. 

 

Documentation:

https://docs.fortinet.com/document/fortisiem/7.2.3/esx-installation-guide/131018/fresh-installation#...

Regards,
Prem Chander R

View solution in original post

388
5 REPLIES 5
premchanderr
Staff
Staff

Created on ‎10-11-2024 03:11 AM Edited on ‎10-11-2024 03:11 AM

Hi @Thonno ,


To view Admin → Setup → Collector you would need to be in Super>Local Scope.

I guess you are in Super>Global scope and your box is deployed as service provider license. This case do you see  Admin → Setup → Organizations ?

Regards,
Prem Chander R
463
Thonno
New Contributor III
In response to premchanderr

Created on ‎10-11-2024 03:44 AM

Hi, I am in

  • Organization: Super
  • User: admin
  • Scope: Local

I actually don’t see Admin / Setup / Organizations.

I see the Collector option under Admin / Setup; I tried to create a collector, but the problem is that I have an AIO environment, and I don’t have any additional VMs/servers with roles adjacent to the Supervisor.

After creating the collector, I see the error "No Connection" under Admin / Health / Collector Health because I don’t have any other servers.

 

I have only the AIO Enterprise license.

 

453
0 Kudos
premchanderr
Staff
Staff
In response to Thonno

Created on ‎10-13-2024 11:23 PM

Hi @Thonno ,

 

Yes in local scope only collector would be visible.  In Enterprise license you can add  any number of collectors. 

 

Collector is separate VM , there is no other option and you need to deploy a new VM. 
Post that can register the collector to supervisor. 

 

Documentation:

https://docs.fortinet.com/document/fortisiem/7.2.3/esx-installation-guide/131018/fresh-installation#...

Regards,
Prem Chander R
389
leonardheroiu
New Contributor

Created on ‎10-15-2024 01:34 AM

Hello


Did you found a workaround or a resolution?

356
Thonno
New Contributor III
In response to leonardheroiu

Created on ‎10-16-2024 03:08 AM

Hi, I finally solved it by configuring the credentials in OMI with kerberos-auth instead of ntlm-auth, and it worked. In WMI or OMI, ntlm has always given me issues. I ended up not using the Agent because, after reviewing the licenses, I realized I only had 2 agents available for installation.

317
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.