Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
saidbelhaj
New Contributor

FortiSiem Agent windows

Hello,

I'm trying to install Fortisiem Agent for windows server but I can't and I don't know wha't the problem. "failed to register this agent computer with Fortisiem Super".

I added a user test and password test123. IP supervisor was 192.168.1.2 version 5.2.1. Organization Super.

I follow all steps  for install guide but I can't find: Go to ADMIN > Setup > Organizations and locate the Organization (ID, Name) or to create an organization. Also if I should install a collecor, I already installed and I added it to supervisor (ip: 192.168.1.3) but how can I use it.

InstallSettings.xml:

<?xmlversion="1.0"encoding="utf-8"?>

<InstallConfigVersion="1">

<Org>

<ID>ORG_ID</ID>

<Name>Super</Name>

</Org>

<Super>

<Name>192.168.1.2</Name>

<Port>443</Port>

</Super>

<Registration>

<Username>test</Username>

<Password>test123</Password>

</Registration>

<Proxy><Server></Server><Port></Port></Proxy><SSLCertificate>ignore</SSLCertificate>

</InstallConfig>

 

How can I handle this problem?

4 REPLIES 4
FSM_FTNT
Staff
Staff

Hi,

 

The steps you are referring to are for the MSSP configured version of FortiSIEM, if you don't see "ADMIN > Setup > Organizations " it is because you have FortiSIEM configured as the Enterprise version. Instead, configure an Agent user under "CMDB > Users > Create a new user > check the box for System Admin > Edit it so that you are on the screen with the password > You will also see a checkbox to make the user an Agent Admin".

 

In FortiSIEM 5.2.1 and 5.2.5 release it requires a Collector for the Agent to upload the events to. The Agent connects to the Super for config and health status and uploads the logs to the Collector that is defined in the configuration.

 

Hope this helps.

 

 

Anton_Chagovec

For me it worked as it is visible below:

 

<?xml version="1.0" encoding="utf-8"?>     <InstallConfig Version="1">       <Org>         <ID>1</ID>         <Name>Super</Name>       </Org>       <Super>         <Name>IP of supervisor x.x.x.x</Name>         <Port>443</Port>       </Super>     <HostName>Name of server where agent is installed</HostName>     <Registration>         <Username>Super(leave it as it is "Super/")/Username you configured in CMDB</Username>         <Password> add Password</Password>          </Registration>       <Proxy>         <Server></Server>         <Port></Port>       </Proxy>       <SSLCertificate>ignore</SSLCertificate>     </InstallConfig>

 

You can also check API.

sean_gurdon

Are there any additional troubleshooting that can be done? i'm having a very similar issue, where the Agent isn't able to register with the SIEM. I have gone through the trouble shooting guide, verified all of the aspects work yet, i'm still unable to successfully register. I have built multiple collectors and was able to register them to the siem just fine, and with the same login credentials i may add. I will attach me installconfig below, i have windows firewall off, and i can web browse to the SIEM site from my machine, any help will be greatly appreciated. 

 

<?xml version="1.0" encoding="utf-8"?> <InstallConfig Version="1"> <Org> <ID>1</ID> <Name>Super</Name> </Org> <Super> <Name>SIEM IP</Name> <Port>443</Port> </Super> <HostName>fsm-01</HostName> <Registration> <Username>Super/admin2</Username> <Password>correctpassword</Password> </Registration> <Proxy> <Server></Server> <Port></Port> </Proxy> <SSLCertificate>ignore</SSLCertificate> </InstallConfig>

 

FSM_FTNT

Hi Sean,

 

<HostName>fsm-01</HostName>

 

This should be the hostname of the Windows server rather than the FortiSIEM Super.

 

 

Installation logs for the new Windows agent are stored in C:\ProgramData\AccelOps\Agent\Logs\. Logs are hidden files, change Windows Explorer settings to display hidden files to see the log directory

Things to look out for in the logs - Proxy.log

 

o 403 Forbidden means there's a password issue

 

Can also look at the install logs this way using MSIexec Install to debug Install issues, make sure InstallSettings.xml is in the same directory as the msi.

  C:\Users\administrator>msiexec.exe /i "C:\ administrator\<path>\<agentinstaller>.msi"  /l*v C:\ administrator \install.log
Labels
Top Kudoed Authors