Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Francesko
Staff
Staff

Created on ‎10-29-2024 08:56 AM Edited on ‎12-09-2025 06:06 AM By Community Manager

Article Id 353381

Technical Tip: FortiSIEM Collector upgrade by using upgrade package downloaded from Fortinet Support Website

Description This article describes how to manually perform a FortiSIEM Collector upgrade when the 'Download Image' option from the Supervisor GUI does not download the image to the collector.
Scope

FortiSIEM v6.4 and above.
Solution

Requirements:

  1. FortiSIEM upgrade package downloaded locally to the host machine.
  2. SFTP client to upload the package to the collector.
  3. Root access to the collector.

 

Note: This is not an offline upgrade. The collector should have connectivity to the Internet on port 443 to the Rocky Linux 8 OS repositories hosted by Fortinet.

Before proceeding, make sure to have a snapshot or a backup in a working state. In addition, check the upgrade paths, important notes, and pre-upgrade checklist as described in the Upgrading to FortiSIEM 7.2.x

 

Steps to follow:

  1. Delete all existing files and directories located under the '/opt/upgrade/' directory.
    • Verify existing files and directories:  ls -la /opt/upgrade/
    • Delete all files and directories: rm -rf /opt/upgrade/*

  2. Upload the FortiSIEM Upgrade package to '/opt/upgrade/' by using an SFTP Client.

  3. Fix file and directory permissions by executing the following commands:


chown root:admin -R /opt/upgrade/
chmod 775 /opt/upgrade/
chmod 664 /opt/upgrade/*.zip

 

  1. Verify file and directory permissions:

 

ls -la /opt/
ls -la /opt/upgrade

 

The directory 'upgrade' should have the following permissions: 'drwxrwxr-x root admin'.
The file 'FSM_Upgrade_All_x.x.x_buildxxx.zip' should have the following permissions: '-rw-rw-r--  root admin'.

image.png
image.png

 

  1. Verify and compare the MD5 checksum of the uploaded file vs the checksum found on the Fortinet Support Website:

 

md5sum /opt/upgrade/*.zip


image.png

 

If the checksums are not the same, the upgrade package may be corrupted. In this case, download the file again from the Fortinet Support Website and repeat the steps starting from Step 1.

 

  1. To start the upgrade process, run the following commands from the collector CLI as root:

 

screen -S upgrade

sh -c /opt/phoenix/phscripts/bin/phcollectorimageinstaller.py FortiSIEM &>
/opt/phoenix/log/collector-upgrade.log

/usr/bin/python /opt/phoenix/phscripts/bin/phcollectorimageinstaller.py FortiSIEM


image.png

 

  1. Wait until the upgrade finishes (it may take more than 20 minutes to complete) and the following output should be presented on the terminal if the upgrade was successful:

     

Operation upgrade Failed with the error above
configureFSM.py returns 0


image.png

 

  1. Reboot the collector:

 

reboot

 

  1. After the reboot, verify if all collector processes are up and running:

 

phstatus

 

Additional Note: If the upgrade fails because the ZIP file could not be extracted or the 7z package is missing, install 7z on the collector by executing the following command:

 

dnf install p7zip -y

 

Related article:

Technical Tip: FortiSIEM upgrade best practices
3186
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.