Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
aldodelgadomtz
Staff
Staff

Created on ‎08-31-2024 05:52 AM Edited on ‎03-03-2025 02:51 AM By Moderator

Article Id 337984

Technical Tip: How to replace a Collector node in FortiSIEM

Description This article describes the simplest way to replace a Collector node.
Scope FortiSIEM.
Solution
  1. Follow the KDB in question to create a new Collector from scratch: Fresh Installation.
  2. If having Windows/Linux agents, back up the following file locally:

    ll /etc/httpd/accounts/passwds

  3. Once reinstalled, copy the previous file with the following commands:

    chown -R root.root /etc/httpd/accounts/passwds
    chmod -R 775 /etc/httpd/accounts/passwds

  4. Provision the new Collector as follows:

 

Usage: phProvisionCollector --update <Organization-user-name> <Organization-user-password> <Supervisor-IP/FQDN> <Organization-name> <Collector-name>

For examples:

- Enterprise mode, use admin/password and the org name is super, the collector name is Col01

phProvisionCollector --update admin password <Super IP or Host> super Col01

- Service Provider mode, with Organisation=CustA and its collector is Col01

phProvisionCollector --update Org_admin Org_password <Super IP/FQDN> CustA Col01

 

Note: It is not necessary to delete any configuration from the Supervisor's GUI.

 

583
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.