Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
flunaibarra
Staff
Staff

Created on ‎03-13-2024 07:45 AM Edited on ‎07-28-2025 02:39 AM By Community Manager

Article Id 304400

Technical Tip: Linux Agent Registration with Supervisor and Troubleshooting

Description

This article describes how to register the Linux agent with the Supervisor and how to troubleshoot.
Before going through this documentation, review the document links below to verify that the correct Linux agent package is for the version of the registered FortiSIEM.

Related documents:

FortiSIEM Linux Agent

FortiSIEM Version Compatibility for Rocky Linux Based Releases
Scope Linux Agent v6.x.x, v7.0.x, v7.3.x, Supervisor v6.x.x, v7.0.x, v7.3.x.
Solution

Prerequisites:

  • From FortiSIEM - Create a new agent user account:
    • For Enterprise: Go to CMDB -> Users -> FortiSIEM Users -> New -> Add User Name, Select the pencil icon beside System Admin, checkmark Agent Admin, add password, and Save.
    • For Service Provider: Go to Global View -> Admin -> Setup -> Organization -> Select the Organization -> Edit -> Agent User: Enter a username, Agent Password: Enter a password -> Save.
      • Collect the Organization's information from Admin -> Setup -> Organization (Organization Name and Organization ID).

  • From Linux Host
    • Make sure the software and package requirements are installed, depending on the OS version.
      FortiSIEM Linux Agent
    • Test connection from host to Supervisor on port 443:

wget --no-check-certificate https://<SUPER_IP>:443


wget_SP.png

 

    • Run the Installation script:

bash fortisiem-linux-agent-installer-7.x.xxxxxxsh -s <SUPER_IP> -i <ORG_ID> -o <ORG_NAME> -u <AGENT_USER> -p <AGENT_PWD> -n <HOST_NAME>

    • The script will register the agent successfully if all the prerequisites are correct.


Linux_bash_successful.png

 

If the script finds an issue, it will prompt an error message indicating the cause of the failure.


linux_bash_fail.png


Troubleshooting:

There are 3 main reasons for the registration to fail:

  1. The package requirements are not installed in the host, or the OS version is not supported.
  2. The registration information, including Supervisor IP/FDQN, username, password, Orgname, and OrgID, is incorrect.
  3. Connection issues include network configuration/communication on port 443, NAT, SSL inspection, external firewall rules blocking, certificate configuration, etc.

 

  • Review the Debugging information available in two log files:

/opt/fortinet/fortisiem/linux-agent/log/fortisiem-linux-agent.log
/opt/fortinet/fortisiem/linux-agent/log/phoenix.log

 

If error codes 401 and 403 are found, review registration information, such as the ORG name, ORG ID, agent username, and password. If necessary, create a new agent user account.

 

  • Check supervisor logs to confirm the host connection reaches the Supervisor. SSH to Supervisor:

 

cat /etc/httpd/logs/ssl_access_log | grep <host_IP>


httpd_registration.png

 

Review the HTTP status code.

  • Leave the tail command running in Supervisor and run the installation on the host:

tail -f /opt/glas*/dom*/dom*/logs/phoenix.log   

 

 Registration log entries should be received. 

For example:

 

Super_Registration-logs.png

 

If no registration logs are showing in the phoenix.log, the host is not reaching the Supervisor on port 443. Check network configuration.
1615
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.