Help
FortiSIEM Discussions
KarlH
Contributor

Created on ‎11-07-2024 09:13 AM Edited on ‎11-07-2024 09:20 AM

Operation timed out. Collector is not responding. During Download of Image from SIEM 7.1.3

Hello,

 

I have been search the posts here and I am seeing a few different replies to this.

Can some one please clarify the reason for this error?

 

One suggests

 

Adding the ip hostname of supervisor to  /etc/hosts. Is that all that has to be done? 

 

 I still get the error when I select to down load to the client, does some DNS cache need to be cleared or something?

 

 

Another suggests

 

In some of these cases we will need to see the error from the Collectors
 side.
 There are 2 locations for collector upgrade logs to find out why the
 collector failed : 

/usr/local/upgrade/logs/ansible.log
 /opt/phoenix/log/collector-upgrade.log


 we will need to see why
 Your have 3 options
 1- Spin up a new collector in the customers environment with the build
 that we need
 This will bypass the upgrade all together and just spin up a new
 collector and provision it as the same hostname and IP as the old one
 2- Add the build image to the collector and upgrade the collector from
 the CLI of the collector
3 Continue to troubleshoot the current method of downloading and

installing the Image from the Super GUI. IF the upgrade fails we will need
 the logs from the Collectors themselves

if the customer runs

 

 curl --head -ik https://Collector:YjUPdzcQii@siem.grncld.com:443/CollectorUpgrade/tar/FSM_Upgrade_All_7.1.3_b
uild0165.zip

 

can I run the upgrade from the SIEM GUT  for them?

or what command would the customer run,  I would rather get this fixed so they do not have to doe this I need the remote download to work.

 

thanks Karl

 

 

Karl Henning, Security Engineer, CISSP
Karl Henning, Security Engineer, CISSP
Labels:
388
0 Kudos
1 Solution
bradanderson912
New Contributor

Created on ‎11-26-2024 03:11 PM Edited on ‎11-26-2024 03:11 PM

Ensure the supervisor's IP and hostname are correctly added to /etc/hosts, and check for any DNS caching issues by flushing the DNS cache. If the problem persists, Fix the logs at /usr/local/upgrade/logs/ansible.log and /opt/phoenix/log/collector-upgrade.log. Alternatively, you can try upgrading the collector from the CLI or spinning up a new collector as a last resort.

View solution in original post

174
0 Kudos
4 REPLIES 4
Goutham_FTNT
Staff
Staff

Created on ‎11-08-2024 06:59 AM

Hi Karl,

 

The operation timeout error indicates that the collector cannot reach Super to get the image from image server (Super)

 

On Super > Admin > License > Node > Make a note of the Super name here (This can be different from the name provided in /etc/hosts)

From collector curl -k https://Name_pulled_from_License_node

Do you see 200OK ?
If yes then it could be because of the script execution fails on the collector end :
tail -f /opt/phoenix/log/phoenix.log (On collector)

Now try to download the image and please provide the error messge from above tail -f logs 

Regards,

Goutham

349
KarlH
Contributor

Created on ‎11-12-2024 10:35 AM

HI @Goutham_FTNT  I have read that document thank you

 

I have 11 clients and counting all with various versions of collector versions from 6.5 to 7.0.2. And there are more that are failing as we speak. Getting on to each clients collector will take weeks. And yet there is no log on the supervisors that can give my clues about why there is a timeout to download the image to the remote collector? I find this hard to believe. So we are to now re-deploy collector images on 11 clients and counting?

 

Thanks, Karl

Karl Henning, Security Engineer, CISSP
Karl Henning, Security Engineer, CISSP
299
0 Kudos
KarlH
Contributor

Created on ‎11-21-2024 05:18 AM

@Goutham_FTNTThe EventPackahger is crashing  thats why I am not getting any health status updates to the SIEM, I also cannot get curl to run to download image to the collector.

 

curl --head -ik https://Collector:YjUPdzcQii@siem.grncld.com:443/CollectorUpgrade/tar/FSM_Upgrade_All_7.1.3_build016...
HTTP/1.1 200 OK
Date: Thu, 21 Nov 2024 13:17:18 GMT
Server: Apache
X-XSS-Protection: 1; mode=block
x-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src 'self' https://*.duosecurity.com https://*.googleapis.com https://*.gstatic.com; img-src 'self' data: https://maps.googleapis.com https://maps.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com;
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Mon, 04 Nov 2024 18:41:19 GMT
ETag: "bb89fbf1-6261aa173777b"
Accept-Ranges: bytes
Content-Length: 3146382321
Content-Type: text/html; charset=UTF-8

Karl Henning, Security Engineer, CISSP
Karl Henning, Security Engineer, CISSP
222
0 Kudos
bradanderson912
New Contributor

Created on ‎11-26-2024 03:11 PM Edited on ‎11-26-2024 03:11 PM

Ensure the supervisor's IP and hostname are correctly added to /etc/hosts, and check for any DNS caching issues by flushing the DNS cache. If the problem persists, Fix the logs at /usr/local/upgrade/logs/ansible.log and /opt/phoenix/log/collector-upgrade.log. Alternatively, you can try upgrading the collector from the CLI or spinning up a new collector as a last resort.

175
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.