Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
aldodelgadomtz
Staff
Staff

Created on ‎08-31-2024 05:35 AM

Article Id 337952

Technical Tip: How to replace a Worker node in FortiSIEM

Description This article describes the simplest way to replace a Worker node.
Scope FortiSIEM.
Solution
  1. Before re-join a Worker, deploy a VM from scratch as follows: Fresh Installation.
  2. Be sure that the Worker is under the same release version from the Supervisor. Check the compatibility matrix: FortiSIEM Version Compatibility for Rocky Linux Based Releases.
  3. In case the behavior remains the same on the Worker, do the following:
    1. Follow the instructions in the KDB to remove the Worker correctly: Deleting Worker Node.
    2. Access the Supervisor node via CLI and execute the following command:

      cd /opt/phoenix
      rm -f .nfs.json

    3. Deploy a new Worker with 16 vCPU and 32 GB in RAM with the following KDB: Fresh Installation.
    4. Proceed to add the node again as follows: Adding a Worker Node.

  1. Finally, access via CLI to the Collector and execute the following commands in the strictly stipulated order:

mv /etc/opsd/.fortisiem4x0 /var/tmp
shutdown -r now
phProvisionCollector --update admin <password> <super IP or host> Super <collectorName>

 

Note: It is very important to re-add a Collector node because it is not able to update Worker information automatically.
210
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.