Created on 03-13-2024 07:45 AM Edited on 03-13-2024 08:50 AM By Jean-Philippe_P
Description | This article describes how to register the Linux agent with the Supervisor and how to troubleshoot. Before going through this documentation, review the doc links below to verify that the correct Linux agent package is for the version of the registered FortiSIEM. Linux Agent Installation Guide:
FortiSIEM Compatibility Matrix: |
Scope | Linux Agent 6.x, 7.x, 7.1.x. Supervisor 6.x.x, 7.0.x, 7.1.x. |
Solution |
Prerequisites:
There are 3 reasons for the registration to fail:
Review the Debugging information available in two log files: /opt/fortinet/fortisiem/linux-agent/log/fortisiem-linux-agent.log
If error codes 401 and 403 are found, review registration information, such as the ORG name, ORG ID, agent username, and password. If necessary, create a new agent user account.
Check supervisor logs to verify the host connection. SSH to Supervisor:
Leave running the tail command in Supervisor and run the installation in the host:
For example: [PH_AUDIT_AGENT_INSTALLED]:[phCustId]=1,[hostName]=Ubuntu22043-VM.dmzforest.local,[eventSeverity]=PHL_INFO,[phEventCategory]=2,[procName]=AppServer,[srcIpAddr]=172.16.4.135,[type]=Linux,[user]=agent_admin,[monitorState]=Registered,[phAgentId]=200106,[phLogDetail]=Agent is installed |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.