Help
FortiSIEM Discussions
Jesisidabuliu
New Contributor II

Created on ‎10-23-2023 09:44 PM

No File and Event Time Received after i move my collector to another server.

I didn't make any changes to the settings; I simply turned everything off, moved the collector to another server, and then turned them on one by one (collector > worker > supervisor). The status got updated, but It didn't receive any files and event times.

 

 

1.jpg

865
0 Kudos
5 REPLIES 5
Jesisidabuliu
New Contributor II

Created on ‎10-23-2023 11:26 PM

Case Closed .. i should turn on collector after fortisiem ..

855
Secusaurus
Contributor II
In response to Jesisidabuliu

Created on ‎10-23-2023 11:28 PM

Glad you found the solution.

In many cases, it also helps stopping and starting the collector via GUI. Usually you see that some of the processes on the collector are not working under the Health panel on the supervisor.

FCX #003451 | Fortinet Advanced Partner
FCX #003451 | Fortinet Advanced Partner
853
0 Kudos
thiago_inorpel
New Contributor II

Created on ‎02-13-2025 06:57 AM

Hey guys.
We are facing this same issue after installing and registering the collector on our instance. Both in MEA collector (docker) and in VM collector in external networks. Our collectors that serve our internal environment are working without problems. However, these other collectors that are external have this problem. We have already stopped and started the collectors through the supervisor GUI, but the problem continues, as well as restarting the collector processes and nothing. Are there any chances of this being network problems? The "last status updated" option is updated and shows communication, but we do not receive EPS from the collectors precisely because the Last File Received option and/or last event time are N/A. Any help is welcome, thank you

image.png

 

275
0 Kudos
Secusaurus
Contributor II
In response to thiago_inorpel

Created on ‎02-13-2025 07:27 AM

Hi @thiago_inorpel,

 

The collectors communicate to the Supervisor for status info and Workers for the events. In case you do not have an all-in-one-setup, make sure the Collectors are able to reach the Workers as well.

Also note, that you need to define the Supervisor and Worker addresses/FQDNs manually in the GUI (cluster config and/or override in organization setup).

 

In case you used FQDNs here, a common issue is that the DNS server is not able to deliver the correct IP (public DNS, internal FQDN). In case of IPs, a common issue is that you used internal IPs instead of the public ones (DNAT/VIP).

 

In any case, first step of troubleshooting might be to SSH on the Collector and ping the cluster, then curl https://(yourDefinedAddresses)/ your cluster.

 

Best,

Christian

FCX #003451 | Fortinet Advanced Partner
FCX #003451 | Fortinet Advanced Partner
263
thiago_inorpel
New Contributor II
In response to Secusaurus

Created on ‎02-13-2025 08:07 PM

Your analysis was fundamental. We made sure and saw that the collectors were not able to see the workers, so when we adjusted this, we immediately stopped and started the collectors in the GUI interface, waited a while and it was like magic, they started sending events. The VM collectors respond normally now, but the MEA (Analyzer) collectors still have this problem, anyway, I believe I know how to act from here. Thank you very much!

234
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.