- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiSIEM HA: Unable to Add Primary Follower in FortiSIEM
FortiSIEM Version: 7.2.4.0268
Scenario:
- Attempting to add a Primary Follower
- UI indicates the operation was successful
- Primary Follower does not appear in "ADMIN > License > Nodes"
- Follower has same configuration as Super
Error Logs:
[root@supervisor log]# tail -f phoenix.log | grep 'AddSuperFollower'
2024-11-11T15:44:00.483510+05:30 supervisor phMonitorSupervisor[3228]: [PH_GENERIC_INFO]:[eventSeverity]=PHL_INFO,[procName]=phMonitorSupervisor,[fileName]=phSuperFollowerManager.cpp,[lineNumber]=52,[phLogDetail]=670-Cluster-AddSuperFollower: Started (<task createTime="1731320038094" id="17351962" type="AddSuperFollower"><custId>1</custId><parameters>192.168.60.41,192.168.60.40,</parameters></task>)
2024-11-11T15:44:00.512980+05:30 supervisor phMonitorSupervisor[3228]: [PH_GENERIC_INFO]:[eventSeverity]=PHL_INFO,[procName]=phMonitorSupervisor,[fileName]=phSuperFollowerManager.cpp,[lineNumber]=55,[phLogDetail]=670-Cluster-AddSuperFollower: Check license
2024-11-11T15:44:00.544014+05:30 supervisor phMonitorSupervisor[3228]: [PH_GENERIC_INFO]:[eventSeverity]=PHL_INFO,[procName]=phMonitorSupervisor,[fileName]=phSuperFollowerManager.cpp,[lineNumber]=66,[phLogDetail]=670-Cluster-AddSuperFollower: Collect config data of this follower
2024-11-11T15:44:00.624042+05:30 supervisor phMonitorSupervisor[3228]: [PH_GENERIC_INFO]:[eventSeverity]=PHL_INFO,[procName]=phMonitorSupervisor,[fileName]=phSuperFollowerManager.cpp,[lineNumber]=110,[phLogDetail]=670-Cluster-AddSuperFollower: Check validity of follower 192.168.60.40
2024-11-11T15:44:00.652602+05:30 supervisor phMonitorSupervisor[3228]: [PH_GENERIC_INFO]:[eventSeverity]=PHL_INFO,[procName]=phMonitorSupervisor,[fileName]=phSuperFollowerManager.cpp,[lineNumber]=121,[phLogDetail]=670-Cluster-AddSuperFollower: Configure SSH Key
2024-11-11T15:44:00.797687+05:30 supervisor phMonitorSupervisor[3228]: [PH_GENERIC_INFO]:[eventSeverity]=PHL_INFO,[procName]=phMonitorSupervisor,[fileName]=phSuperFollowerManager.cpp,[lineNumber]=132,[phLogDetail]=670-Cluster-AddSuperFollower: Run script phinitleader
2024-11-11T15:44:01.820056+05:30 supervisor phMonitorSupervisor[3228]: [PH_GENERIC_INFO]:[eventSeverity]=PHL_INFO,[procName]=phMonitorSupervisor,[fileName]=phSuperFollowerManager.cpp,[lineNumber]=148,[phLogDetail]=670-Cluster-AddSuperFollower: Send AddSuperFollower task to super follower 192.168.60.40
2024-11-11T15:46:17.388497+05:30 supervisor phMonitorSupervisor[3228]: [PH_CLUSTER_SEND_TASK_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phMonitorSupervisor,[fileName]=phSuperFollowerManager.cpp,[lineNumber]=154,[task]=add super follower,[errorString]=Failed to execute AddSuperFollower task on node 192.168.60.40,[phLogDetail]=670-Cluster-AddSuperFollower: Failed to send task
- Labels:
-
FortiSIEM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI, first revert back to the snapshot before initiating the HA in the leader node and follower node . then ssh into the nodes from leader to follower and follower to leader without using the password by trusting the devices once this ssh is validated reinitiate the HA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I think best is to know why it failed before reverting back
From the logs I see the failure is on the Follower node when it executes the HA task
If you can get the logs from followers /opt/phoenix/log/phoenix.log and search for the failures - you should see the cause for the failure to execute the task
Can you add this failure logs from Follower here please ?
Reverting back and running the setup may result in same failure as we are not sure about the cause and know revert and re-config will fix it