Help
FortiSIEM Discussions
KarlH
Contributor

Created on ‎10-09-2024 09:03 AM Edited on ‎10-09-2024 09:06 AM

How to correctly re-register a Collector all ph procs are down.

! collector was registered at one point

lost the password

updated password then tried to run phtools start all

prcos are down and will not come up.

 

/opt/phoenix/bin/phProvisionCollector --add admin 'biglong pw' siem vendor org
Continuing to provision the Collector
Failed to register collector!
Cause:
The organization "130862006-vendor" has already registered a collector with name "collector name"

 

(But we had to change the credentials) 

Do these procedures still apply  to re-register a collector?  after getting the above error  , all their ph procs are down. 

 

:1. SSH to FortiSIEM Supervisor

2. Enter the following command to login into PSQL:        #psql -U phoenix phoenixdb 

   3. Update the PSQL Database:        =>ph_sys_collector set natural_id='' where name=<collector name>;  

  4. Quit PSQL:        =>\q   

 5. Re-register the Collector to Supervisor. Find in the related articles bellow "How to register a Collector or Super".    Revised:
    In step 3 full synxax => update ph_sys_collector set natural_id = '' where name = 'collector name'

 

 

phtools --start all
[PH_MODULE_LOCAL_CONFIG_LOADED]:[eventSeverity]=PHL_INFO,[procName]=phtools,[fileName]=phConfigLoader.cpp,[lineNumber]=168,[configName]=global,[phLogDetail]=Module loaded local config successfully
[PH_LICENSE_ERROR]:[eventSeverity]=PHL_ERROR,[procName]=phtools,[fileName]=phInstalledLicense.cpp,[lineNumber]=170,[errorString]=License Error: Please request new license from support, thanks!,[phLogDetail]=License error, please contact support.

 

 

Is it  a License issue? Do we investigate the phoenix log?

 

Karl Henning, Security Engineer, CISSP
Karl Henning, Security Engineer, CISSP
319
0 Kudos
1 Solution
premchanderr
Staff
Staff
In response to KarlH

Created on ‎10-10-2024 07:15 PM

Hi @KarlH ,
This is the command to update:
# /opt/phoenix/bin/phProvisionCollector --update <user> '<password>' <Super IP or Host> <Organization> <CollectorName>

For delete there is no command. 

Before deleting a collector, we must ensure no devices are pointing to this collector in CMDB.

  1. CMDB > Devices > Discovered by > Select the collector we want to delete from the drop-down.
  2. If devices are showing up under this collector, that is the root cause of this error.
  3. Please move those devices to a different collector.
  4. Select the device > Edit > Collector > Select a different collector from the drop-down.
  5. If there is no device under the collector, now you try to delete the collector from GUI. Go to Organization > Edit the org > select collector and delete. 
Regards,
Prem Chander R

View solution in original post

238
4 REPLIES 4
kcanalichio
New Contributor III

Created on ‎10-09-2024 09:06 AM

You can try using the phProvision --update to re-register.  Otherwise get with TAC or rebuild the collector.

314
premchanderr
Staff
Staff

Created on ‎10-10-2024 01:00 AM

Hi,

Error: The organization "130862006-vendor" has already registered a collector with name "collector name"

 

You would have to use --update or delete "130862006-vendor" collector first before re-install.

Regards,
Prem Chander R
277
KarlH
Contributor
In response to premchanderr

Created on ‎10-10-2024 08:36 AM

HI what is the complete command please?   phProvision -delete 130862006-vendor ?

and then the follow up command?  would be the ProvisionCollector command a

 

and following the phtools --start all?

 

Will this allow the procs to start then?

Karl Henning, Security Engineer, CISSP
Karl Henning, Security Engineer, CISSP
261
0 Kudos
premchanderr
Staff
Staff
In response to KarlH

Created on ‎10-10-2024 07:15 PM

Hi @KarlH ,
This is the command to update:
# /opt/phoenix/bin/phProvisionCollector --update <user> '<password>' <Super IP or Host> <Organization> <CollectorName>

For delete there is no command. 

Before deleting a collector, we must ensure no devices are pointing to this collector in CMDB.

  1. CMDB > Devices > Discovered by > Select the collector we want to delete from the drop-down.
  2. If devices are showing up under this collector, that is the root cause of this error.
  3. Please move those devices to a different collector.
  4. Select the device > Edit > Collector > Select a different collector from the drop-down.
  5. If there is no device under the collector, now you try to delete the collector from GUI. Go to Organization > Edit the org > select collector and delete. 
Regards,
Prem Chander R
239
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.