FortiSIEM General Installation

General Installation

Configuring Worker Settings

If you are using an FortiSIEM clustered deployment that includes both Workers and Collectors, you must define the Address of your Worker nodes before you register any Collectors. When you register your Collectors, the Worker information will be retrieved and saved locally to the Collector. The Collector will then upload event and configuration change information to the Worker.

Worker Address in a Non-Clustered Environment

If you are not using an FortiSIEM clustered deployment, you will not have any Worker nodes. In that case, enter the IP address of the Supervisor for the Worker Address, and your Collectors will upload their information directly to the Supervisor.

  1. Log in to your Supervisor node.
  2. Go to Admin > General Settings > System.
  3. For Worker Address, enter a comma-separated list of IP addresses or host names for the Workers.

The Collector will attempt to upload information to the the listed Workers, starting with the first Worker address and proceeding until it finds an available Worker.

 

Registering the Supervisor
  1. In a Web browser, navigate to the Supervisor’s IP address: https://<Supervisor IP> 2. Enter the login credentials associated with your FortiSIEM license, and then click Register.
  2. When the System is ready message appears, click the Here link to log in to FortiSIEM.
  3. Enter the default login credentials.
User ID admin
Password admin*1
Cust/Org ID super
  1. Go to Admin > Cloud Health and check that the Supervisor Health is Normal.
Registering the Worker
  1. Go to Admin > License Management > VA Information.
  2. Click Add, enter the new Worker’s IP address, and then click OK.
  3. When the new Worker is successfully added, click OK.

You will see the new Worker in the list of Virtual Appliances.

  1. Go to Admin > Cloud Health and check that the Worker Health is Normal.
Registering the Collector to the Supervisor

The process for registering a Collector node with your Supervisor node depends on whether you are setting up the Collector as part of an enterprise or multi-tenant deployment. For a multi-tenant deployment,you must first create an organization and add Collectors to it before you register it with the Supervisor. For an enterprise deployment, you install the Collector within your IT infrastructure and then register it with the Supervisor.

Create an Organization and Associate Collectors with it for Multi-Tenant Deployments

Register the Collector with the Supervisor for Enterprise Deployments

Create an Organization and Associate Collectors with it for Multi-Tenant Deployments
  1. Log in to the Supervisor.
  2. Go to Admin > Setup Wizard > Organizations.
  3. Click Add.
  4. Enter Organization Name, Admin User, Admin Password, and Admin Email.
  5. Under Collectors, click New.
  6. Enter the Collector Name, Guaranteed EPS, Start Time, and End Time.
  7. Click Save.

The newly added organization and Collector should be listed on the Organizations tab.

  1. In a Web browser, navigate to https://<Collector-IP>:5480.
  2. Enter the Collector setup information.
Name Collector Name
User ID Organization Admin User
Password Organization Admin Password
Cust/Org ID Organization Name
Cloud URL Supervisor URL

 

  1. Click

The Collector will restart automatically after registration succeeds.

  1. In the Supervisor interface, go to Admin > Collector Health and check that the Collector Health is Normal.
Register the Collector with the Supervisor for Enterprise Deployments
  1. Log in to the Supervisor.
  2. Go to Admin > License Management. and check that Collectors are allowed by the license.
  3. Go to Setup Wizard > General Settings and add at least the Supervisor’s IP address.

This should contain a list of the Supervisor and Worker accessible IP addresses or FQDNs.

  1. Go to Setup Wizard > Event Collector and add the Collector information.
Setting Description
Name Will be used in step 6
Guaranteed EPS This is the number of Events per Second (EPS) that this Collector will be provisioned for
Start Time Select Unlimited
End Time Select Unlimited
  1. Connect to the Collector at https://:<IP Address of the Collector>:5480.
  2. Enter the Name from step 4.
  3. Userid and Password are the same as the admin userid/password for the Supervisor.
  4. The IP address is the IP address of the Supervisor.
  5. For Organization, enter Super.
  6. The Collector will reboot during the registration, and you will be able to see its status on the Collector Health page.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU