Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
idabouzi
Staff
Staff

Created on ‎03-06-2024 05:03 AM Edited on ‎10-23-2025 02:30 AM By Moderator

Article Id 303122

Technical Tip: How to apply a Content Update manually through the CLI

Description This article describes how to apply content updates manually through the CLI, as an alternative to performing an update automatically through the GUI: Content Update.
Scope FortiSIEM.
Solution
  1. Check the latest available update version in the output file /tmp/contentInfo. SSH to the Supervisor:

su admin

content-update.sh check <running_siem_version> <running_content_update_version> -o /tmp/contentInfo

Example:
      

su admin
content-update.sh check 7.4.2 901 -o /tmp/contentInfo
Latest version: 904

 

  1. Remove old content update files if there are any:

rm -rvf /opt/phoenix/ContentUpgrade/*

 

  1. Install the latest content update:

su - admin
$ content-update.sh apply <running_siem_version> <running_content_update_version> --pkg /opt/phoenix/ContentUpgrade/fullContentPkg.tgz

 

Example: Updating from the current running content updates version 901:

 

su - admin

content-update.sh apply 7.4.2 901 --pkg /opt/phoenix/ContentUpgrade/fullContentPkg.tgz
5% Downloading data packages.
10% Downloading GeoDB packages.
20% Importing device types
30% Importing event types
40% Importing event attributes
50% Importing rules
60% Importing reports
70% Importing parsers
80% Importing dashboards
100% newContentVersion: 904; imported: deviceType,eventType,eventAttribute,rule,report,parser,dashboard

 

  1. Update the CMDB with the content version installed on the system:

psql -U phoenix -d phoenixdb -c "update ph_sys_conf set value='<lastest_content_update_version>' where property = 'Content_Update_Version';"

 

Update 1 should be seen as the output.

Example

psql -U phoenix -d phoenixdb -c "update ph_sys_conf set value='904' where property = 'Content_Update_Version';" 

             

  1. Restart the application server:

 

rm -rf /opt/phoenix/cache/content/
rm -rf /opt/glassfish/domains/domain1/generated/
rm -rf /opt/glassfish/domains/domain1/osgi-cache/
killall -9 java

 

  1. Once the GUI is available again, navigate to ADMIN -> Content Update and select the 'Check Now' button, which should show a 'No available updates' message.

 

Troubleshooting:

Check if the backend is updated:

 

psql -U phoenix phoenixdb -c "select property,value from ph_sys_conf where property ilike '%content%';"


psql -U phoenix phoenixdb -c "select property,value from ph_sys_conf where property ilike '%content%';"
property | value
--------------------------+---------------
Content_Update_Version | 901 <---
Original_Content_Version | 901  
Content_Last_Check | 1760997604743
(3 rows)


If not:


psql -U phoenix phoenixdb -c "update ph_sys_conf set value=904 where property='Content_Update_Version';"

 

psql -U phoenix phoenixdb -c "select property,value from ph_sys_conf where property ilike '%content%';"
property | value
--------------------------+---------------
Content_Update_Version | 904 <---
Original_Content_Version | 901 
Content_Last_Check | 1760997604743
(3 rows)

 

Check:

 

cat /opt/phoenix/ContentUpgrade/VERSION

 

The output should only show the number 904.

If not, create it manually:

 

# cd /opt/phoenix/ContentUpgrade/
# vi VERSION
 904
:wq!

 

1070
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.