- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiSIEM: Network Change
Hi guys,
I changed the ip of the supervisor by entering configFSM.sh and it changed successfully. I entered the register command to register the collector to the new sup ip, but I get an error like this. Does anyone know the reason?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
If your Supervisor node is also a ClickHouse node then you also need to update the IP in the ClickHouse config files as per the documentation below
If your Supervisor node is the data upload destination for the collectors then you'll need to update the IP Admin > Settings > Cluster Config > Event Upload Workers
If neither of these fixes the problem then please open a FortiCare ticket.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First of all, thanks for your feedback and information sharing. In my test environment, I added keeper and data, query as supervisor. I did the first step, keeper node, but in step 2, config.d directory is empty. I need to do the other steps. I kindly ask for your support.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In Addtional, When I tested the clickhouse, got below error.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think I overcame the clickhouse test problem, but the collector is still not collecting logs. I would appreciate comments from anyone who has an idea about this issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Adem,
I tested the process outlined in the documentation and it works OK for me. Unfortunately I can't give you any more system specific troubleshooting advice here. You can open a FortiCare ticket if your system is under support.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi @BenBrit
I don't get an error on the clickhouse side anymore, my current problem is that the collector stops the log flow as soon as I change the supervisor ip. "Last Receiver" shows that moment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you have access to the collector
You could try to re-register the collector with the command ...
phProvisionCollector --update
(Note the word update here .. rather than add)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I tried this process as you said and then we expect it to reboot itself, but the reboot does not happen.
Continuing to provision the Collector
This collector is registered successfully. Waiting for reboot...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In additional, Is it enough to change the ip of the components alone for the change or should the hostname also change?