Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
koolishami
Staff
Staff

Created on ‎05-20-2025 11:00 PM Edited on ‎10-07-2025 07:11 AM By Moderator

Article Id 392828

Troubleshooting Tip: Linux Agent installed successfully, but does not appear in CMDB or shows as 'Disconnected' in CMDB

Description This article describes how to resolve an issue where the FortiSIEM Linux Agent shows a 'Disconnected' status on the Supervisor, or when the agent registers successfully but does not appear in the CMDB.
Scope

FortiSIEM v7.0.X, v7.1.X, 7.2.X, Linux host OS: RHEL 9.5 or Rocky Linux 9.5.
Solution

Root cause:

On some Linux operating systems, SELinux (Security-Enhanced Linux) is enabled by default in Enforcing mode.

This may block the FortiSIEM Linux Agent (FSM) from writing its template file on the host system.

 

As a result:

  • The agent is unable to determine which log types to collect.
  • No logs are sent to the Supervisor.
  • The agent status remains 'Disconnected'.

 

Workaround:

Temporarily switch SELinux to Permissive mode. Once the Linux Agent becomes active and starts sending logs, revert SELinux to Enforcing mode. The agent will remain in a 'Running Active' state.

 

Change SELinux status to 'permissive' using the following command:

 

setenforce 0

 

For more information, refer to the official Red Hat documentation: Changing SELinux to permissive mode.

 

Solution:

Upgrade Supervisor, collector and Linux agent to version 7.3.2 or above.
289
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.