Technical Tip: How to safely shut down, reboot FortiSIEM

fgallardo1 · ‎08-21-2025

Description

This article describes the process of safely shutdown or reboot a FortiSIEM Supervisor node, FortiSIEM must be previously prepared before any maintenance window to avoid issues with the file system or applications.

Scope

FortiSIEM 7.2.4.

Solution

There is no option to shut down or reboot the system through the Web interface so this process must be done thought the FortiSIEM Command line.

Elements used for this article:

Platform: AWS cloud.

Firmware version: 7.2.4

Event Database: ClickHouse

SSH Connect to the Supervisor command line, and check the current PH processes and services status with the following command:

phstatus

Output example:

Every 1.0s: /opt/phoenix/bin/phstatus.py fsm1: Wed Aug 20 19:19:45 2025

System uptime: 19:13:46 up 6 min, 1 user, load average: 0.88, 1.24, 0.71

Tasks: 34 total, 0 running, 34 sleeping, 0 stopped, 0 zombie

Cpu(s): 8 cores, 12.1%us, 0.6%sy, 0.0%ni, 87.0%id, 0.0%wa, 0.2%hi, 0.0%si, 0.0%st

Mem: 31946944k total, 12531444k used, 16396700k free, 12664k buffers

Swap: 26058744k total, 0k used, 26058744k free, 4219520k cached

PROCESS UPTIME CPU% VIRT_MEM RES_MEM

phParser 04:42 0 3004m 1165m

phQueryMaster 04:42 0 1212m 115m

phRuleMaster 04:42 0 948m 116m

phRuleWorker 04:42 0 1654m 422m

phQueryWorker 04:42 0 1611m 401m

phDataManager 04:42 0 2006m 575m

phDiscover 04:42 0 662m 78m

phReportWorker 04:42 0 1764m 403m

phReportMaster 04:42 0 812m 88m

phIpIdentityWorker 04:42 0 1227m 89m

phIpIdentityMaster 04:42 0 613m 59m

phAgentManager 04:42 0 1742m 79m

phCheckpoint 04:42 0 324m 36m

phPerfMonitor 04:42 0 912m 97m

phDataPurger 04:42 0 706m 83m

phEventForwarder 04:42 0 631m 48m

phMonitor 05:51 0 1532m 664m

Apache 06:10 0 317m 18m

Rsyslogd 06:09 0 192m 4596k

Node.js-charting 06:04 0 10938m 82m

Node.js-pm2 05:51 0 653m 58m

Node.js-exporter 06:01 0 10918m 66m

Node.js-jsreport 06:07 0 1398m 128m

phFortiInsightAI 06:10 0 12015m 203m

phAnomalyWorker 04:14 0 1289m 196m

AppSvr 05:50 10 11152m 4429m

DBSvr 06:10 0 823m 105m

phAnomalyMaster 04:14 0 1277m 189m

phGenerativeAI 04:15 0 587m 111m

SVNLite 06:10 0 11822m 399m

phClickHouseMonitor 05:40 0 2195m 27m

ClickHouseServer 06:07 0 4604m 792m

ClickHouseKeeper 06:07 0 1239m 147m

Redis 05:52 0 246m 72m

Check the OS and Database version:

cat /etc/os-release

postgres --version

Run the following commands to stop the process and services:

systemctl stop crond

phtools --stop all

killall -9 phMonitor

systemctl stop postgresql-13

phxctl stop

systemctl stop httpd

systemctl stop phFortiInsightAI

ps -fea | grep redis <----- Identify the admin PIDs for redis

kill PID <----- Close the process

ps -fea | grep node

killall node

Output example:

Every 1.0s: /opt/phoenix/bin/phstatus.py fsm1: Wed Aug 20 19:49:47 2025

System uptime: 19:13:46 up 50:50, 1 user, load average: 0.57, 1.76, 1.91

Tasks: 34 total, 0 running, 5 sleeping, 29 stopped, 0 zombie

Cpu(s): 8 cores, 0.2%us, 0.2%sy, 0.0%ni, 99.4%id, 0.0%wa, 0.1%hi, 0.0%si, 0.0%st

Mem: 31946952k total, 2993260k used, 25829068k free, 12540k buffers

Swap: 26058744k total, 0k used, 26058744k free, 4260748k cached

PROCESS UPTIME CPU% VIRT_MEM RES_MEM

phParser DOWN

phQueryMaster DOWN

phRuleMaster DOWN

phRuleWorker DOWN

phQueryWorker DOWN

phDataManager DOWN

phDiscover DOWN

phReportWorker DOWN

phReportMaster DOWN

phIpIdentityWorker DOWN

phIpIdentityMaster DOWN

phAgentManager DOWN

phCheckpoint DOWN

phPerfMonitor DOWN

phDataPurger DOWN

phEventForwarder DOWN

phMonitor DOWN

Apache DOWN

Rsyslogd 36:08 0 192m 6124k

Node.js-charting DOWN

Node.js-pm2 DOWN

Node.js-exporter DOWN

Node.js-jsreport DOWN

phFortiInsightAI DOWN

phAnomalyWorker DOWN

AppSvr DOWN

DBSvr DOWN

phAnomalyMaster DOWN

phGenerativeAI 36:08 0 587m 111m

SVNLite 36:09 0 11822m 453m

phClickHouseMonitor DOWN

ClickHouseServer 36:32 0 4419m 835m

ClickHouseKeeper 37:42 0 1236m 145m

Redis DOWN

Finally, run the following commands to shut down or reboot. This will close all remaining running applications and processes.

shutdown <----- Completely powering off the device.

reboot <----- Brief power loss.

Technical Tip: How to safely shut down, reboot FortiSIEM

You are leaving our website