Fortinet Document Library

Version:


Table of Contents

User Guide

21.4.0
Copy Link

Use OnSight as a proxy for the FortiMonitor Agent

Monitoring your internal infrastructure when it does not have outbound access can be problematic. You can use an OnSight vCollector instance as a proxy, centralizing the flow of data and reducing outband access to a single instance.   

Set OnSight as a proxy during Agent installation 

During Agent installation, you have the option to set up the OnSight as a proxy for the FortiMonitor Agent using the Agent manifest file

  1. Create an Agent manifest file. To create the file, see the following sections:

  2. Edit the manifest file and set the aggregator_url parameter to point to the URL or IP address of your OnSight or OnSights. 
    If you replace the aggregator URL value within the Agent configuration file with the OnSight Agent Proxy URL, all Agent communication will flow through the proxy. You can also place multiple URLs should you have more than one OnSight. This introduces high availability to your internal monitoring to ensure that you are always receiving the Agent metric data, even if one of your OnSight instances is not responding.

Using Multiple Aggregator URLs
In most mission critical environments, it is highly recommended that you deploy multiple OnSights for a high availability pair. You can also specify each OnSight as an aggregator endpoint in your agent's config file. It is a best practice to use DNS with multiple A records in order to make changes centrally without having to visit each agent.

For Linux, this file is located in /etc/panopta-agent/ with the following content:

[AgentConfig]
version = 2017.03.14
server_key = ****-****-****-****
aggregator_url = https://10.121.32.25:8443, https://10.121.32.26:8443

For Windows, the file is located in C:\Program Files\PanoptaAgent\Agent.cfg or C:\Program Files(x86)\PanoptaAgent\Agent.cfg and the relevant section of the configuration is shown below:

<?xml version="1.0" encoding="utf-8"?>
<agent>
<service>
<add key="AggregatorUrl" value="https://10.121.32.25:8443" />
<add key="ServerKey" value="****-****-****-****" />
</service>
</agent>

Note: If you are using the Windows version of the Agent, you will have to restart the service from within the services menu before seeing any configuration changes take place.

3. Save and close the file.

4. Run the Windows or Linux command to install and add the OnSight proxy to FortiMonitor. 

Example Agent manifest file 

The contents of the manifest file for both Windows and Linux are shown below. You do not need to specify values for everything. A detailed description of each parameter is explained below the sample contents:

[agent]
customer_key = ****-****-****-****
server_key = ****-****-****-****
aggregator_url = <The IP address/ port of your OnSight>
server_group = 3467
fqdn = www.panopta.com
server_name = Panopta
interface_mapping = private:10.100.100.2,private2:10.100.100.13
templates = 8
tags = tag, anothertag, anotherone
partner_server_ID = 828765
disable_server_match = true
custom_plugin_url = https://s3.amazonaws.com/custom-panopta-plugins/my-custom-plugins.zip
enable_countermeasures = true
countermeasures_remote_plugins = https://s3.amazonaws.com/some-s3-bucket/custom-plugins.zip
countermeasures_refresh_plugins = 6

The other parameters are described in detail in this section.

Use OnSight as a proxy for an existing FortiMonitor Agent 

OnSight version 2020.68 or later

If your OnSight version is 2020.68 or later, you can use the following OnSight CLI commands:

To enable the proxy functionality, run:

sudo onsight configure-vcollector --enable-agent-proxy

To disable the Agent proxy, run:

sudo onsight configure-vcollector --disable-agent-proxy

For more information, see Manage and configure your OnSight vCollector.

OnSight version 2020.67 or lower

To use OnSight as a proxy for an existing FortiMonitor Agent, perform the following:

  1. Define the Aggregator URL in the FortiMonitor Agent configuration file. For Linux this can be found in /etc/panopta-agent/panopta_agent.cfg. For Windows, it is usually the agent.conf file in the directory you created for the FortiMonitor Agent. Keep this file open for later.

  2. From the instance's tree in the control pane, select the OnSight instance to open its details page. 

  3. Click the IP Address of the OnSight to open the OnSight Console.

  4. On the OnSight Console login page, enter the following credentials:

    • Username: admin

    • Password: <OnSight key>

      Successfully logging in will open the OnSight Console.

  5. Select Enable in the Agent proxy field to get a URL that can be used as the proxy.

If you replace the aggregator URL value within the Agent configuration file with the OnSight Agent Proxy URL, all Agent communication will flow through the proxy. You can also place multiple URLs should you have more than one OnSight. This introduces high availability to your internal monitoring to ensure that you are always receiving the Agent metric data, even if one of your OnSight instances is not responding.

Use OnSight as a proxy for the FortiMonitor Agent

Monitoring your internal infrastructure when it does not have outbound access can be problematic. You can use an OnSight vCollector instance as a proxy, centralizing the flow of data and reducing outband access to a single instance.   

Set OnSight as a proxy during Agent installation 

During Agent installation, you have the option to set up the OnSight as a proxy for the FortiMonitor Agent using the Agent manifest file

  1. Create an Agent manifest file. To create the file, see the following sections:

  2. Edit the manifest file and set the aggregator_url parameter to point to the URL or IP address of your OnSight or OnSights. 
    If you replace the aggregator URL value within the Agent configuration file with the OnSight Agent Proxy URL, all Agent communication will flow through the proxy. You can also place multiple URLs should you have more than one OnSight. This introduces high availability to your internal monitoring to ensure that you are always receiving the Agent metric data, even if one of your OnSight instances is not responding.

Using Multiple Aggregator URLs
In most mission critical environments, it is highly recommended that you deploy multiple OnSights for a high availability pair. You can also specify each OnSight as an aggregator endpoint in your agent's config file. It is a best practice to use DNS with multiple A records in order to make changes centrally without having to visit each agent.

For Linux, this file is located in /etc/panopta-agent/ with the following content:

[AgentConfig]
version = 2017.03.14
server_key = ****-****-****-****
aggregator_url = https://10.121.32.25:8443, https://10.121.32.26:8443

For Windows, the file is located in C:\Program Files\PanoptaAgent\Agent.cfg or C:\Program Files(x86)\PanoptaAgent\Agent.cfg and the relevant section of the configuration is shown below:

<?xml version="1.0" encoding="utf-8"?>
<agent>
<service>
<add key="AggregatorUrl" value="https://10.121.32.25:8443" />
<add key="ServerKey" value="****-****-****-****" />
</service>
</agent>

Note: If you are using the Windows version of the Agent, you will have to restart the service from within the services menu before seeing any configuration changes take place.

3. Save and close the file.

4. Run the Windows or Linux command to install and add the OnSight proxy to FortiMonitor. 

Example Agent manifest file 

The contents of the manifest file for both Windows and Linux are shown below. You do not need to specify values for everything. A detailed description of each parameter is explained below the sample contents:

[agent]
customer_key = ****-****-****-****
server_key = ****-****-****-****
aggregator_url = <The IP address/ port of your OnSight>
server_group = 3467
fqdn = www.panopta.com
server_name = Panopta
interface_mapping = private:10.100.100.2,private2:10.100.100.13
templates = 8
tags = tag, anothertag, anotherone
partner_server_ID = 828765
disable_server_match = true
custom_plugin_url = https://s3.amazonaws.com/custom-panopta-plugins/my-custom-plugins.zip
enable_countermeasures = true
countermeasures_remote_plugins = https://s3.amazonaws.com/some-s3-bucket/custom-plugins.zip
countermeasures_refresh_plugins = 6

The other parameters are described in detail in this section.

Use OnSight as a proxy for an existing FortiMonitor Agent 

OnSight version 2020.68 or later

If your OnSight version is 2020.68 or later, you can use the following OnSight CLI commands:

To enable the proxy functionality, run:

sudo onsight configure-vcollector --enable-agent-proxy

To disable the Agent proxy, run:

sudo onsight configure-vcollector --disable-agent-proxy

For more information, see Manage and configure your OnSight vCollector.

OnSight version 2020.67 or lower

To use OnSight as a proxy for an existing FortiMonitor Agent, perform the following:

  1. Define the Aggregator URL in the FortiMonitor Agent configuration file. For Linux this can be found in /etc/panopta-agent/panopta_agent.cfg. For Windows, it is usually the agent.conf file in the directory you created for the FortiMonitor Agent. Keep this file open for later.

  2. From the instance's tree in the control pane, select the OnSight instance to open its details page. 

  3. Click the IP Address of the OnSight to open the OnSight Console.

  4. On the OnSight Console login page, enter the following credentials:

    • Username: admin

    • Password: <OnSight key>

      Successfully logging in will open the OnSight Console.

  5. Select Enable in the Agent proxy field to get a URL that can be used as the proxy.

If you replace the aggregator URL value within the Agent configuration file with the OnSight Agent Proxy URL, all Agent communication will flow through the proxy. You can also place multiple URLs should you have more than one OnSight. This introduces high availability to your internal monitoring to ensure that you are always receiving the Agent metric data, even if one of your OnSight instances is not responding.