Appliance Setup
Option
Description
--i6
IPv6-formatted address
--m6
IPv6 prefix
--g6
IPv6 gateway
-o
Installation option.
-z
Time zone. Possible values are
US/Pacific
,
Asia/Shanghai
,
Europe/London
, or
Africa/Tunis
--testpinghost
The URL used to test connectivity
Once the configuration is complete, the system reboots automatically.
Step 5: Register Collectors
Collectors can be deployed in Enterprise or Service Provider environments.
l
l
Enterprise Deployments
For enterprise deployments, follow these steps:
1.
Log in to Supervisor with
Admin
privileges.
2.
Go to
ADMIN > Settings > System > Event Worker
.
a.
Enter the IP of the Worker node. If a Supervisor node is only used, then enter the IP of the Supervisor node.
Multiple IP addresses can be entered on separate lines. In this case, the Collectors will load balance the upload
of events to the listed Event Workers.
Note
: Rather than using IP addresses, a DNS name is recommended. The reasoning is, should the IP
addressing change, it becomes a matter of updating the DNS rather than modifying the Event Worker IP
addresses in FortiSIEM.
b.
Click
OK
.
3.
Go to
ADMIN > Setup > Collectors
and add a Collector by entering:
a. Name
– Collector name.
b. Guaranteed EPS
– This is the EPS that the Collector will always be able to send. It could send more if there is
excess EPS available.
c. Start Time
and
End Time
– set to
Unlimited
.
4.
SSH to the Collector and run following script to register Collectors:
phProvisionCollector --add <
user
> '<
password
>' <
Super IP or Host
> <
Organization
>
<
CollectorName
>
The password should be enclosed in single quotes to ensure that any non-alphanumeric characters are escaped.
a.
Set
user
and
password
use the admin User Name and password for the Supervisor.
b.
Set
Super IP or Host
as the Supervisor's IP address.
c.
Set
Organization
. For Enterprise deployments, the default name is Super.
d.
Set
CollectorName
from
.
FortiSIEM 6.3.1 500F Collector Configuration Guide
11
Fortinet Technologies Inc.
