Help
FortiSIEM Discussions
KarlH
Contributor

Created on ‎10-17-2024 06:42 AM Edited on ‎10-17-2024 08:17 AM

Seeking advice for re-install of VM (All in One type) Collector only Azure cloud,

The customer has lost their collector LOGIN password we needed to login to clean the disk space from needless clickhouse service running now we have to re-install unless there is a safe procedure on the collector for Rocky Linux to reset the password. Has Anyone done this?

 

The clients collector presently is  7.1.3.0165  was running on Azure Cloud VM

Our super is 7.1.3

If I cant reset the password then;

We are new to the install procedures, ( i.e Ive never done an install before)  I'm seeking advice on the most stable version to install? do we use 7.1? or 7.2?

Collector VM is on Azure (Cloud). Would the setup be the same  process as onPrem VM?

 

Which All in One build do I download from here?

 

https://support.fortinet.com/support/#/downloads/firmware

 

Thank you , really need the help.

Karl Henning, Security Engineer, CISSP
Karl Henning, Security Engineer, CISSP
462
0 Kudos
2 Solutions
FSM_FTNT
Staff
Staff
In response to KarlH

Created on ‎10-23-2024 11:58 AM

If you want to install an earlier 7.1.x version of FSM Collector you should be able to deploy from here

 

Use the app offer instead of vm offer

 

https://azuremarketplace.microsoft.com/en-us/marketplace/apps/fortinet.fortinet-fortisiem?tab=Overvi...

 

View solution in original post

331
0 Kudos
KarlH
Contributor
In response to FSM_FTNT

Created on ‎10-23-2024 12:02 PM

Thank you.

Karl Henning, Security Engineer, CISSP

View solution in original post

Karl Henning, Security Engineer, CISSP
326
0 Kudos
6 REPLIES 6
premchanderr
Staff
Staff

Created on ‎10-20-2024 09:53 PM

Hi @KarlH ,


To know the linux OS version enter a terminal and type "lsb_release -a" or "cat /etc/os-release."

Then you need to involve Linux Administrator and check linux forums to reset root password.


Since its third party links I cannot post it in Fortinet forum.

 

The collector must be same version as supervisor or n-1 version of supervisor. Never a higher version of collector would sync well with supervisor.  

 

Regarding image it is same for all FortiSIEM Nodes ( super,worker or collector) . Example if hypervisor is ESX then have to choose FSM_Full_All_ESX_7.2.3_build0256.zip. If Azure hypevirsor then FSM_Full_All_AZURE_7.2.3_build0256.zip etc 

 

Do refer the installation document to know detailed steps:

https://docs.fortinet.com/document/fortisiem/7.2.3/azure-installation-guide/496685/fresh-installatio...

https://docs.fortinet.com/document/fortisiem/7.2.3/esx-installation-guide/131018/fresh-installation

Regards,
Prem Chander R
417
0 Kudos
KarlH
Contributor

Created on ‎10-21-2024 06:11 AM Edited on ‎10-21-2024 08:58 AM

Hello, 

Our supervisor is 7.1.3 not 7.2.3. I found a collector FSM_Full_All_ESX_7.1.3_build0165.  But it seems to imply that I need to install 6.5 and then 6.2, As I mentioned they have a 6.5 installed now and no root access. Is there a full fresh install for 7.1.3 collector?.  They have lost their pw and cannot log on, re-deploy is only option,  They had 6.5 presently but no way to login. Does this mean we have to reinstall 6.5 then 6.7 and then 7.1.3?

 

 

Also for the Azure config, they are running a VM within  the Azure cloud would that not still be the

an .ova file for VMWare?

Karl Henning, Security Engineer, CISSP
Karl Henning, Security Engineer, CISSP
405
0 Kudos
premchanderr
Staff
Staff
In response to KarlH

Created on ‎10-21-2024 08:43 PM

Hi @KarlH ,


You can directly install a new collector from 7.1.3 and then register the collector to super. Move all the devices to latest collector and then delete the old collector. 

 

You can "Create a VM Using a FortiSIEM7.2.3Azure Marketplace Image" this is simpler and easy method.

Regards,
Prem Chander R
377
0 Kudos
KarlH
Contributor
In response to premchanderr

Created on ‎10-22-2024 05:13 AM Edited on ‎10-22-2024 05:55 AM

Ok thank you Prem,

 

Shouldn't Fortinet have the collector images already?  I'm not comfortable creating an image of a collector for the customer that seems prone to errors on my part prolonging getting them back up and running. I know little about creating a collector image.

Maybe you meant FortiSIEM 7.1.3 Azure not 7.2.3 as I mentioned that is the version on the super. I have never used  Market place to create an image I have alway downloaded the iso or ova from the vendor who supports the content.

I gave  the client the ESX 7.1.3 ova and the PDF already. 

Karl Henning, Security Engineer, CISSP
Karl Henning, Security Engineer, CISSP
361
0 Kudos
FSM_FTNT
Staff
Staff
In response to KarlH

Created on ‎10-23-2024 11:58 AM

If you want to install an earlier 7.1.x version of FSM Collector you should be able to deploy from here

 

Use the app offer instead of vm offer

 

https://azuremarketplace.microsoft.com/en-us/marketplace/apps/fortinet.fortinet-fortisiem?tab=Overvi...

 

332
0 Kudos
KarlH
Contributor
In response to FSM_FTNT

Created on ‎10-23-2024 12:02 PM

Thank you.

Karl Henning, Security Engineer, CISSP
Karl Henning, Security Engineer, CISSP
327
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.