Help
FortiSIEM Discussions
Jesisidabuliu
New Contributor

Created on ‎04-07-2024 07:45 PM

Would like to know the process to shutdown and bootup FortiSIEM

I would like to do some upgrades on the server. I need to know which components I should shut down first and which should be shut down last, as well as the order for booting them up. This includes the supervisor, worker, collectors, and NFS.
Thanks.

422
0 Kudos
1 Solution
sioannou
Contributor

Created on ‎04-08-2024 12:32 AM

Ok, that is easy then.

If the upgrade will take more than 2 - 3 hours and you have a cluster architecture, start by shutting down the collectors first and then workers and finally the Supervisor. 

If the upgrade will take less than 2 - 3 hours you can leave the collectors on. 

 

From there upgrade any RAM or CPUs required and boot the infrastructure, Supervisor first, then workers and then collectors. 

 

Check services with phstatus and the logs on the supervisor and workers for any errors. 

 

The systems should be able to pick up any changes in RAM and CPU without any intervention. 

 

Hope it helps. 

 

S

 

View solution in original post

376
0 Kudos
9 REPLIES 9
sioannou
Contributor

Created on ‎04-07-2024 11:39 PM

Hi @Jesisidabuliu ,

 

The document at https://docs.fortinet.com/document/fortisiem/7.1.4/upgrade-guide/505373/upgrading-to-fortisiem-7-1-x provides all necessary information you have requested above. 

 

S

403
Jesisidabuliu
New Contributor
In response to sioannou

Created on ‎04-07-2024 11:51 PM

Hi Sioannou,

I'm not going to upgrade the version; I just want to upgrade my server hardware. I'd like to know the steps for switching off and switching back on, specifically which to switch off first and which to switch back on first.

397
0 Kudos
sioannou
Contributor

Created on ‎04-08-2024 12:09 AM

Hi @Jesisidabuliu ,

 

Is the environment virtualised?

If not, will you be migrating the disks across, are you upgrading your NFS storage hardware as well? 

 

S

391
0 Kudos
Jesisidabuliu
New Contributor
In response to sioannou

Created on ‎04-08-2024 12:26 AM

Hi @sioannou ,
Supervisor, worker, and collector are deployed in a VM ESXi. I'm just going to upgrade the memory of the server.

381
0 Kudos
sioannou
Contributor

Created on ‎04-08-2024 12:32 AM

Ok, that is easy then.

If the upgrade will take more than 2 - 3 hours and you have a cluster architecture, start by shutting down the collectors first and then workers and finally the Supervisor. 

If the upgrade will take less than 2 - 3 hours you can leave the collectors on. 

 

From there upgrade any RAM or CPUs required and boot the infrastructure, Supervisor first, then workers and then collectors. 

 

Check services with phstatus and the logs on the supervisor and workers for any errors. 

 

The systems should be able to pick up any changes in RAM and CPU without any intervention. 

 

Hope it helps. 

 

S

 

377
0 Kudos
Jesisidabuliu
New Contributor
In response to sioannou

Created on ‎04-08-2024 12:45 AM

Thank you so much @sioannou.
After everything is up, is there any command to check if the NFS is connected properly?

371
0 Kudos
mnovelli
Staff
Staff
In response to sioannou

Created on ‎04-12-2024 01:21 AM

Hi, you don't need to shutdown Collectors first. Collectors are able to ingest and buffering logs if there are no connection with Workers or Supervisor. Therefore, the rigth procedure is: 

  1. Stop the backend processes on Workers:

    phtools --STOP ALL

  2. Upgrade the Supervisor. Make sure the Supervisor is running the version you have upgraded to and that all processes are up and running.
    # phshowVersion.sh
    # phstatus
  3. Upgrade each Worker one by one
  4. Upgrade Collectors 

 

 

252
sioannou
Contributor

Created on ‎04-08-2024 01:29 AM

Yes, 

 

Commands as follows: 

1) first check the mounting point "cat /etc/fstab" check your nfs mounting points. 

2) Execute command "watch -n 1 nfsiostat" 

The command above will show you your Read/Write and error count to the NFS storage. 

 

Make sure no errors are present and that the read and write times are within acceptable limits. 

 

S

323
0 Kudos
Jesisidabuliu
New Contributor
In response to sioannou

Created on ‎04-08-2024 01:46 AM

I appreciate your answer. Thank you so much! @sioannou 

315
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.