|
Multi-tenant Collectors handle devices and logs from multiple Organizations. It must be defined under the Super/Local Organization as follows:
- Switch to Super/Local org view.
- Go to Setup -> Collector, add 'Collector' and save.
- Register the collector to the super with the command :
phProvisionCollector --add <Organization-user-name> <Organization-user-password> <Supervisor-IP> <Organization-name> <Collector-name>
If the collector is already registered, remove it from the GUI and re-register it to the super as follows:
- Remove the collector from the GUI: From the global view, go to Admin -> Organization -> Edit and delete the collector from there.
- Remove license from collector: ssh to collector:
# rm -f /etc/opsd/.fortisiem4x0
- Add the collector in the GUI.
- Register collector the Super:
# phProvisionCollector --add <user> <password> <super IP or host> <organization> <collectorName>
Example:
# phProvisionCollector --add admin 'PASSWORD' supervisor.nslsec.net ManagedFirewalls collector001.nslsec.net
- Reboot:
Check that the processes are up and running:
# phstatus
- Switch back to the Global view.
- For each Collector that will be multi-tenant, do the following: SSH to Collector and modify the following line under /opt/phoenix/config/phoenix_config.txt:
# vim /opt/phoenix/config/phoenix_config.txt
Change:
Multi_Tenant_Collectors=false
To:
Multi_Tenant_Collectors=true
- Reboot the Collector.
- Create Organizations as follows:
- Log in to Super-Global Organization.
- Go to ADMIN -> Setup -> Organizations and create an Organization.
- Add Agent credentials for Agent registration.
- Define the Include/Exclude IP Address ranges if devices belonging to various Organizations are going to send logs to multi-tenant Collectors.
Related document:
FortiSIEM Deployment Scenarios
|
