- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Would like to know the process to shutdown and bootup FortiSIEM
I would like to do some upgrades on the server. I need to know which components I should shut down first and which should be shut down last, as well as the order for booting them up. This includes the supervisor, worker, collectors, and NFS.
Thanks.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, that is easy then.
If the upgrade will take more than 2 - 3 hours and you have a cluster architecture, start by shutting down the collectors first and then workers and finally the Supervisor.
If the upgrade will take less than 2 - 3 hours you can leave the collectors on.
From there upgrade any RAM or CPUs required and boot the infrastructure, Supervisor first, then workers and then collectors.
Check services with phstatus and the logs on the supervisor and workers for any errors.
The systems should be able to pick up any changes in RAM and CPU without any intervention.
Hope it helps.
S
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Jesisidabuliu ,
The document at https://docs.fortinet.com/document/fortisiem/7.1.4/upgrade-guide/505373/upgrading-to-fortisiem-7-1-x provides all necessary information you have requested above.
S
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sioannou,
I'm not going to upgrade the version; I just want to upgrade my server hardware. I'd like to know the steps for switching off and switching back on, specifically which to switch off first and which to switch back on first.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Jesisidabuliu ,
Is the environment virtualised?
If not, will you be migrating the disks across, are you upgrading your NFS storage hardware as well?
S
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @sioannou ,
Supervisor, worker, and collector are deployed in a VM ESXi. I'm just going to upgrade the memory of the server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, that is easy then.
If the upgrade will take more than 2 - 3 hours and you have a cluster architecture, start by shutting down the collectors first and then workers and finally the Supervisor.
If the upgrade will take less than 2 - 3 hours you can leave the collectors on.
From there upgrade any RAM or CPUs required and boot the infrastructure, Supervisor first, then workers and then collectors.
Check services with phstatus and the logs on the supervisor and workers for any errors.
The systems should be able to pick up any changes in RAM and CPU without any intervention.
Hope it helps.
S
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much @sioannou.
After everything is up, is there any command to check if the NFS is connected properly?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, you don't need to shutdown Collectors first. Collectors are able to ingest and buffering logs if there are no connection with Workers or Supervisor. Therefore, the rigth procedure is:
-
Stop the backend processes on Workers:
phtools --STOP ALL
- Upgrade the Supervisor. Make sure the Supervisor is running the version you have upgraded to and that all processes are up and running.
# phshowVersion.sh
# phstatus - Upgrade each Worker one by one
- Upgrade Collectors
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes,
Commands as follows:
1) first check the mounting point "cat /etc/fstab" check your nfs mounting points.
2) Execute command "watch -n 1 nfsiostat"
The command above will show you your Read/Write and error count to the NFS storage.
Make sure no errors are present and that the read and write times are within acceptable limits.
S
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I appreciate your answer. Thank you so much! @sioannou