Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
alaxkar
Staff
Staff

Created on β€Ž09-11-2025 04:45 AM Edited on β€Ž09-11-2025 04:46 AM By Moderator

Article Id 410473

Technical Tip: How to remove an old supervisor from a FortiSIEM collector

Description This article describes how to remove an old supervisor from a FortiSIEM collector.
Scope FortiSIEM.
Solution

To remove the old supervisor from the collector, first disassociate the Old Supervisor from the Collector:

  1. Remove the collector from the GUI (Old Supervisor).
  2. Check the PostgreSQL database to verify that the collector has been removed:

 

psql -U phoenix phoenixdb
select * from ph_sys_collector; server
\q

 

  1. Remove the license from the collector:

 

cd /etc/opsd
ls –la
rm –f <----- Insert the file that is there - either .phoenixXXXXXX or .fortisiemXXX.
reboot now

 

  1. Add the collector in the GUI via the New Supervisor.

  2. Register the collector using the following command:

 

phProvisionCollector --add <Organization-user-name> <Organization-user-password> <Supervisor-IP> <Organization-name> <Collector-name>

 

After the registration is complete, the collector should restart automatically.

  1. Check the PostgreSQL database to see if the collector has been assigned a Natural ID.

 

psql -U phoenix phoenixdb
select * from ph_sys_collector;
\q

 

  1. Check the GUI/collector health.
61
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.