- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiSIEM Loadbalancer
Hi,
we have 3 collectors and 3 workers.
Regarding those pages and input:
Collector Architectures | FortiSIEM 7.2.1 | Fortinet Document Library
FortiSIEM External Ports | FortiSIEM 6.1.2 | Fortinet Document Library
For redundancy of the workers, there is no need anymore for any loadbalancing between collectors and workers, because this is natively implemented, when I understood this correctly.
In front of the 3 collectors, I want to place a kind of loadbalancing, to reach the internal collectors from outside, and also, to provide the security, that there is always a collector up and running.
For the agents on Windows and / or UNIX, I am not sure, which port they will send the logs to, using normal syslog-facilites, it will be port 514. So, here it would be nice, if someone knows, which ports I need to have opened for the Agent?
Solved: Port 443, as read here: FortiSIEM Linux Agent | FortiSIEM 7.2.2 | Fortinet Document Library
Healthcheck: If possible, I want to use the Fortigate in front of my setup to loadbalance to the collectors, and it would be nice and helpful, to have a kind of healthcheck. I would use the REST-API of the collector, does anybody know which request I could use to determine if the host is up or down?
Thanks for your help
Ronny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ronny,
The collector sends status update to supervisor and can view in GUI > Health. This provides more comprehensive details like uptime,cached logs , memory and cpu utilization, EPS and disk usage etc
If you are using any other health at max you would be able to only check up/down status.
Refer API Integration guide > FortiSIEM - Performance and Health API section. For this you need an account that can login to Fortinet Developer Network. Sales or CS team can help on that.
Documentation link: https://docs.fortinet.com/document/fortisiem/7.0.3/integration-api-guide
Prem Chander R
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@premchanderr I just want to have a quick page-request to determine if the node is up or down, to decide, from a simple Fortigate-setup, whether to include inside loadbalancing or not. Do you have a small as easy as possible GET-request to the collector to receive an response, if it is up or down, to use on a existing Fortigate virtual server for health check? There is currently no need for deeper handling of loadbalancing, because, this can not be achievied by a Fortigate, but maybe with the help of HAProxy for example. But this is not needed yet. Maybe you have an idea? It would help much.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Related Documentation that can be helpful:
https://community.fortinet.com/t5/FortiSIEM/Troubleshooting-Tip-How-to-query-FortiSIEM-API-from-comm...
Prem Chander R
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Secucard
You just want to connect to a collector over HTTPS and have it respond something like this?
{"status":"OK"}
or if there is an issue, something like this?
{"status":"ISSUE", "down_processes":["phParser"]}
![](/skins/images/314F488D15A2016126B094729A0E57E8/responsive_peak/images/icon_anonymous_message.png)