Prerequisites:

1. The column Agent Status should indicate 'Running Active'.
   
   

   

    

• If the Agent is registered with Collector IP, the Agent must be sending its updates to the Collector IP correctly. Verify this by running the following command in the Collector:

tail -f /etc/httpd/logs/ssl_access_log | grep <AGENT_IP>

Successful update log example: 

10.0.0.4--[12/Nov/2025:11:46:51 +0100] "PUT //phoenix/rest/linuxAgent/update HTTP/1.1" 200 280

• If the Agent or Event status shows Disconnected. Follow the KB article link to fix these issues: Troubleshooting Tip: Win/Linux Agent registration with Collector as Proxy and troubleshooting.

• If the Agent is registered with the Supervisor, verify the status as previously mentioned, but run the tail command on the Supervisor node. If there is an issue with the Agent or Events status. Follow the KB article link to fix this issue: Troubleshooting Tip: Windows Agent registered with Supervisor but not uploading events.

2. Upload the files to the Image Server. If the Linux host (Agents) connects to the Collector or Supervisor using Public IPs or via a Load Balancer IP, before uploading the upgrade .sh file to the Image Server, add the publicIP/loadbalancerIP or FQDN in Image Server -> Custom Update. Only after this step, upload the file. See the link for this information: Image Server Settings

    

3. Verify the file was uploaded successfully in Supervisor by running the following command:
   
   

psql phoenixdb phoenix -c "select param_str, type, progress from ph_task where type = 'ImageSetup'"

The progress column should indicate 100, and the superFQDN in the URL should point to the correct IP/FQDN that the agent will use to download the image.

Troubleshooting:

1. On the Linux host, run the following tail command:
   
   

tail -f /opt/fortinet/fortisiem/linux-agent/log/phoenix.log

2. On the Supervisor GUI -> Agent Health tab -> Select the host -> Action -> Download Image, and review the Upgrade Status column.

    

3. On the Linux host, review the output of the tail command for errors. If no related errors are shown, review the following folder on the Linux host to verify the Image has been downloaded.

ls -la /opt/fortinet/fortisiem/linux-agent/upgrade

4. Review the Upgrade Status column in the Supervisor GUI. If the download was successful, run the Install Image task. 

If the download Image failed:

Review the Linux phoenix log for errors:

cat /opt/fortinet/fortisiem/linux-agent/log/phoenix.log

Note: If the phoenix log shows an error where the Linux host failed to contact the Supervisor IP/FQDN when the Agent is registered with the Collector IP. Example: 

PH_HTTP_CLIENT_GET_INIT_RESPONSE_FAILED]:[eventSeverity]=PHL_ERROR,[procName]=phLinuxAgent,[fileName]=phHttpClient.cpp,[lineNumber]=1039,[infoURL]=https://FSMSupervisor.siem.local:443//phoenix/rest/config/applicationPackage,[phLogDetail]=Http client failed to get initial response from URL

This is a known bug affecting the Linux Agent version 7.2.x and below. This is because these versions do not have the SuperOverride option. 

To fix this issue, the agent needs to be manually upgraded to v7.3.0 and the SuperOverride option used. See the Installation Guide for more information: Installing Linux Agent.

If the Agent is registered with the Collector FQDN/IP. Ensure the agent-proxy.conf file contains all the proxy configuration lines from the latest release document. See the link below for the Linux Agent Configuration Guide v7.4.2.
Setup the Collector as an HTTPS Proxy