Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Francesko
Staff
Staff

Created on ‎10-29-2024 08:56 AM

Article Id 353381

Technical Tip: FortiSIEM Collector upgrade by using upgrade package downloaded from Fortinet Support Website

Description This article describes how to manually perform a FortiSIEM Collector upgrade when the 'Download Image' option from the Supervisor GUI is not downloading the image to the collector.
Scope

FortiSIEM v6.4 and above.
Solution

Requirements:

  1. FortiSIEM upgrade package downloaded locally to the host machine.
  2. SFTP client to upload the package to the collector.
  3. Root access to the collector.

Note: This is not an offline upgrade. Collector should have connectivity to the Internet on port 443 to the Rocky Linux 8 OS repositories hosted by Fortinet.

Before proceeding, make sure to have a snapshot or a backup in a working state of the collector. In addition, check the upgrade paths, important notes and pre-upgrade checklist as described in the Upgrade Guide

 

Steps to follow:

  1. Delete all existing files and directories located under the '/opt/upgrade/' directory.
    • Verify existing files and directories:  ls -la /opt/upgrade/
    • Delete all files and directories: rm -rf /opt/upgrade/*

  2. Upload the FortiSIEM Upgrade package to '/opt/upgrade/' by using a SFTP Client.

  3. Fix file and directory permissions by executing the following commands:

    chown root:admin -R /opt/upgrade/
    chmod 775 /opt/upgrade/
    chmod 664 /opt/upgrade/*.zip

  4. Verify file and directory permissions:

    ls -la /opt/
    ls -la /opt/upgrade

    The directory 'upgrade', should have the following permissions: 'drwxrwxr-x root admin'.
    The file 'FSM_Upgrade_All_x.x.x_buildxxx.zip' should have the following permissions: '-rw-rw-r--  root admin'.

    image.png
    image.png
  5. Verify and compare the md5 checksum of the uploaded file vs the checksum found on the Fortinet Support Website:

    md5sum /opt/upgrade/*.zip

    image.png

     

    If the checksums are not the same, the upgrade package may be corrupted. In this case, download the file again from the Fortinet Support Website and repeat the steps starting from Step 1.

  6. To start the upgrade process, run the following commands from the collector CLI as root:

    screen -S upgrade

    sh -c /opt/phoenix/phscripts/bin/phcollectorimageinstaller.py FortiSIEM &>
    /opt/phoenix/log/collector-upgrade.log

    /usr/bin/python /opt/phoenix/phscripts/bin/phcollectorimageinstaller.py FortiSIEM

    image.png

  7.  Wait until the upgrade finishes (it may take more than 20 minutes to complete) and the following output should be presented on the terminal if the upgrade was successful:

    Operation upgrade Failed with the error above
    configureFSM.py returns 0

    image.png

  8. Reboot the collector:

    reboot

  9. After the reboot, verify if all collector processes are up and running:

    phstatus

 

Additional Note: If the upgrade fails because the ZIP file could not be extracted or the 7z package is missing, install 7z on the collector by executing the following command:

 

dnf install p7zip -y
94
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.