Collector Clock Skew error is received when collector time is not in sync with Super. Make sure that Collector and Super are in sync with the same NTP server to avoid such issues and differences for no more than 2 minutes.

If the NTP client (chronyd) is not configured already, use the below steps to configure the NTP client on FortiSIEM nodes.

1. Verify chronyd running:

systemctl status chronyd.service

2. Configure the NTP client using the below configuration file (leave the configuration as default if the  Supervisor/worker/collectors have outbound internet access). Before making changes, make the backup file:

cp /etc/chrony.conf /etc/chrony.conf.bak_$(date +%F)

/etc/chrony.conf

Note:

• Use 'pool' for the pool of NTP servers.
• Use 'server' for mentioning IP of a specific NTP server. Ex: server 192.168.5.100 iburst prefer.

3. Once done, restart chronyd service

systemctl restart chronyd.service

4. Verify the new NTP pools:

chronyc sources

5. Confirm the NTP synchronization status:

chronyc sourcestats
chronyc tracking

Next, validate this by running the '#date' command on the super and collector. The time difference should not be more than 2 minutes.

Refer to Linux forums to learn more details on NTP sync and to involve the Linux Administrator.