Help
FortiSIEM Discussions
adem_netsys
Contributor

Created on ‎05-20-2024 11:38 AM

FortiSIEM: Network Change

Hi guys,

 

I changed the ip of the supervisor by entering configFSM.sh and it changed successfully. I entered the register command to register the collector to the new sup ip, but I get an error like this. Does anyone know the reason?

 

 
 

Ekran görüntüsü 2024-05-20 213333.png

1145
0 Kudos
11 REPLIES 11
BenBrit
Staff
Staff

Created on ‎05-21-2024 01:26 AM

Hi,

 

If your Supervisor node is also a ClickHouse node then you also need to update the IP in the ClickHouse config files as per the documentation below

https://help.fortinet.com/fsiem/7-1-6/Online-Help/HTML5_Help/appendix-clickhouse-handling-node-ip-ch...

 

If your Supervisor node is the data upload destination for the collectors then you'll need to update the IP Admin > Settings > Cluster Config > Event Upload Workers

 

If neither of these fixes the problem then please open a FortiCare ticket.

 

Thanks

907
0 Kudos
adem_netsys
Contributor
In response to BenBrit

Created on ‎05-21-2024 03:40 AM

@BenBrit 

First of all, thanks for your feedback and information sharing. In my test environment, I added keeper and data, query as supervisor. I did the first step, keeper node, but in step 2, config.d directory is empty. I need to do the other steps. I kindly ask for your support.

900
0 Kudos
adem_netsys
Contributor
In response to adem_netsys

Created on ‎05-21-2024 04:29 AM

In Addtional, When I tested the clickhouse, got below error.

 

Ekran görüntüsü 2024-05-21 142756.png

892
0 Kudos
adem_netsys
Contributor
In response to adem_netsys

Created on ‎05-21-2024 10:59 AM

I think I overcame the clickhouse test problem, but the collector is still not collecting logs. I would appreciate comments from anyone who has an idea about this issue.

871
0 Kudos
BenBrit
Staff
Staff
In response to adem_netsys

Created on ‎05-21-2024 11:26 AM

Hi Adem,

I tested the process outlined in the documentation and it works OK for me. Unfortunately I can't give you any more system specific troubleshooting advice here. You can open a FortiCare ticket if your system is under support.

Thanks.

868
0 Kudos
adem_netsys
Contributor
In response to BenBrit

Created on ‎05-21-2024 12:31 PM

hi @BenBrit 

I don't get an error on the clickhouse side anymore, my current problem is that the collector stops the log flow as soon as I change the supervisor ip. "Last Receiver" shows that moment.

 

861
0 Kudos
cdurkin_FTNT
Staff
Staff
In response to adem_netsys

Created on ‎05-21-2024 12:39 PM

If you have access to the collector


You could try to re-register the collector with the command ...

phProvisionCollector --update 

(Note the word update here .. rather than add)

860
0 Kudos
adem_netsys
Contributor
In response to cdurkin_FTNT

Created on ‎05-21-2024 12:44 PM

@cdurkin_FTNT 

 

I tried this process as you said and then we expect it to reboot itself, but the reboot does not happen.

 

Continuing to provision the Collector
This collector is registered successfully. Waiting for reboot...

859
0 Kudos
adem_netsys
Contributor
In response to adem_netsys

Created on ‎05-23-2024 01:43 AM

In additional, Is it enough to change the ip of the components alone for the change or should the hostname also change?

807
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.