Help
FortiSIEM Discussions
Secucard
New Contributor III

Created on ‎08-27-2024 12:10 AM Edited on ‎08-27-2024 12:48 AM

FortiSIEM Loadbalancer

Hi,

 

we have 3 collectors and 3 workers.

Regarding those pages and input:

Collector Architectures | FortiSIEM 7.2.1 | Fortinet Document Library

FortiSIEM External Ports | FortiSIEM 6.1.2 | Fortinet Document Library

 

For redundancy of the workers, there is no need anymore for any loadbalancing between collectors and workers, because this is natively implemented, when I understood this correctly.

 

In front of the 3 collectors, I want to place a kind of loadbalancing, to reach the internal collectors from outside, and also, to provide the security, that there is always a collector up and running.

 

For the agents on Windows and / or UNIX, I am not sure, which port they will send the logs to, using normal syslog-facilites, it will be port 514. So, here it would be nice, if someone knows, which ports I need to have opened for the Agent? 

Solved: Port 443, as read here: FortiSIEM Linux Agent | FortiSIEM 7.2.2 | Fortinet Document Library

 

Healthcheck: If possible, I want to use the Fortigate in front of my setup to loadbalance to the collectors, and it would be nice and helpful, to have a kind of healthcheck. I would use the REST-API of the collector, does anybody know which request I could use to determine if the host is up or down?

 

Thanks for your help

Ronny

421
0 Kudos
4 REPLIES 4
premchanderr
Staff
Staff

Created on ‎08-27-2024 08:29 PM

Hi Ronny,

 

The collector sends status update to supervisor and can view in GUI > Health. This provides more comprehensive details like uptime,cached logs , memory and cpu utilization, EPS and disk usage etc 

 

If you are using any other health at max you would be able to only check up/down status. 

 

Refer API Integration guide > FortiSIEM - Performance and Health API section. For this you need an account that can login to Fortinet Developer Network. Sales or CS team can help on that.

 

Documentation link: https://docs.fortinet.com/document/fortisiem/7.0.3/integration-api-guide

Regards,
Prem Chander R
398
0 Kudos
Secucard
New Contributor III
In response to premchanderr

Created on ‎08-28-2024 02:41 AM

@premchanderr I just want to have a quick page-request to determine if the node is up or down, to decide, from a simple Fortigate-setup, whether to include inside loadbalancing or not. Do you have a small as easy as possible GET-request to the collector to receive an response, if it is up or down, to use on a existing Fortigate virtual server for health check? There is currently no need for deeper handling of loadbalancing, because, this can not be achievied by a Fortigate, but maybe with the help of HAProxy for example. But this is not needed yet. Maybe you have an idea? It would help much.

376
0 Kudos
premchanderr
Staff
Staff

Created on ‎08-28-2024 12:03 AM

Related Documentation that can be helpful:
https://community.fortinet.com/t5/FortiSIEM/Troubleshooting-Tip-How-to-query-FortiSIEM-API-from-comm...

Regards,
Prem Chander R
382
0 Kudos
FSM_FTNT
Staff
Staff

Created on ‎08-28-2024 03:53 AM

Hi @Secucard 

You just want to connect to a collector over HTTPS and have it respond something like this?

{"status":"OK"}

or if there is an issue, something like this?

{"status":"ISSUE", "down_processes":["phParser"]}

363
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.