Use the FortiMonitor Agent manifest file
Using the Agent manifest file is a great way to automate the configuration of servers in your FortiMonitor account. If you opt to use the Agent manifest file, you can seed many of the configuration values and have the Agent automatically add the server into FortiMonitor.
The Agent manifest file is only used during the initial installation of the Agent. Subsequent changes must be made using the FortiMonitor Agent configuration file. This file can be found in the following directories:
Windows fm-agent: C:\Program Files (x86)\FortimonitorAgent\Agent.config
The Agent manifest file can also be used in conjunction with the Agent oneliner which normally generates a new manifest file with the server's customer and/or server keys. If you have an existing manifest file on the server, the manifest file will be detected and the information from the Agent onliner will be injected into the existing file. Any settings on the existing manifest file will be preserved.
Windows PowerShell or MSI
Create a manifest file in C:\, for example C:\SampleAgent.manifest. Once this is added, you can set the desired default values. At a minimum, you should add the customer key parameter like below:
Basic Agent Manifest File
[agent]
customer_key = xxxx-xxxx-xxxx-xxxx
If you are using PowerShell, run the following command from within the same directory as install.ps1. The Agent will install and add the server to your FortiMonitor account.
Powershell Install Command
./install.ps1 -ManifestFile "[Full File Path]\SampleAgent.manifest"
If you are using MSI, run the following command from within the same directory as the MSI. The Agent will install and add the server to your FortiMonitor account.
MSI Install Command
msiexec /i fm-agent-[version number].msi MANIFESTFILE="[FULL FILE PATH]\SampleAgent.manifest"
Linux
Create the manifest file in /etc/fm-agent-manifest. Then you can install the Agent with either the following command:
Linux fm-agent
curl -s https://repo.fortimonitor.com/install/fm_agent_install.sh | bash /dev/stdin --customer-key CUSTOMER_KEY_HERE
Example Manifest file
The content of the manifest file for both Windows and Linux are shown below. You do not need to specify values for everything. A detailed description of each parameter is explained below the sample content:
[agent]
customer_key = afsdyngoaeppmfqefa
server_key = ashe-pokf-bfhb-eabn
aggregator_url = myappliance.localsite.com
server_group = 3467
fqdn = www.fortimonitor.com
server_name = FortiMonitor
interface_mapping = private:10.100.100.2,private2:10.100.100.13
templates = 8
tags = tag, anothertag, anotherone
partner_server_ID = 828765
disable_server_match = true
custom_remote_plugins = https://s3.amazonaws.com/custom-panopta-plugins/my-custom-plugins.zip
enable_countermeasures = true
countermeasures_remote_plugins = https://s3.amazonaws.com/some-s3-bucket/custom-plugins.zip
countermeasures_refresh_plugins = 6
[attributes]
operating system = ubuntu
version = 14.04
Parameters
|
Parameter |
Description |
|---|---|
|
customer_key |
This identifies you with your FortiMonitor account. By setting this value, the agent will automatically add the server to the FortiMonitor control panel. You can find this key in the control panel under My Account under your icon at the top right. |
|
server_key
|
The server key is what allows the Agent to communicate with our servers securely. You have the option of setting this value if you like. However, we highly recommend that you allow a key to be generated for you and linked to the server in FortiMonitor accordingly. Note: all server keys must be unique. |
|
aggregator_url
|
This controls the API which the Agent communicates with to report its results. You should not enter an aggregator URL unless you are using FortiMonitor Onsight as a proxy for servers that do not have outbound public internet access. If you are using FortiMonitor Onsight as a proxy and don't know the aggregator URL, please contact our support team. |
|
server_group
|
This controls which group your server gets added to in the control panel. Any server template(s) that you have set to be applied to this group will be applied to this server as well. The value of the server group is identified by an ID or a name. If you go to an instance group in the control panel, you can see that group's ID number at the end of that page's URL. |
|
FQDN
|
This field acts as an override for the hostname that is auto-detected by the Agent. If you do not include this field, your server will be given its natural FQDN in the control panel. |
|
server_name |
This field lets you set a logical name for this server. That name will identify the server in the control panel. |
|
interface_mapping
|
This value is only used if:
If your server has multiple network interfaces and the template which is being applied has placeholders for multiple network interfaces, you have to provide a mapping of the IP for that network interface to the placeholder. For example, if your server template has the network interface placeholder named Private, and your server has a network interface with the IP set to 10.100.100.2, you would configure it like this: interface_mapping = private:10.100.100.2 |
|
templates
|
This field lets you choose which templates you would like to apply to this server. The value of the template is identified by an ID. If you go to a server template in the control panel, you can see that template's ID number at the end of that page's URL. |
|
tags
|
This field would allow you to add tags to your server. This can be set to any value but would need to be comma-separated to indicate different tags. tags = tag1, tag2, tag3 |
|
partner_server_id
|
This value can be used by FortiMonitor partners in order to store their own internal unique identifiers for that server. Setting the value in the manifest file sets it on the Server/Instance object which can then help in server lookups by the partner's ID (via API or within the control panel). |
|
disable_server_match
|
The default behavior, when customer_key is provided, is to do some automatic server matching by hostname or IP. In some cases, this may be undesirable if you have overlapping private IP ranges across environments. This option allows you to disable the matching logic. |
|
attributes
|
You can also add an additional field for attributes. This will need to go underneath the rest of the manifest file configurations, and you can set the attributes to any value. |
|
custom_remote_plugins
|
If you have written your own custom plugins, you can host them centrally and have the agent retrieve them during installation so that you do not have to manually manage them post-install. The value of this variable can be a compressed archive (.zip, .tar or .tgz) or a single python file (with a .py extension). New plugins are fetched from the URL defined in custom_remote_plugins during metadata rebuilds. By default, metadata rebuilds occur once every hour. You also have the option to manually re-fetch new plugins by issuing a metadata rebuild command, either through the control panel or the command line. Additional notes for the Windows Agent When using custom_remote_plugins to remotely pull and install custom plugins:
Using this parameter in an existing Windows Agent installation requires a service restart. |
|
enable_countermeasures |
This flag enables the CounterMeasures remediation feature in the Agent. Read more about this here. |
|
countermeasures_remote_plugins
|
If you have written your own custom CounterMeasures plugins, you can host them centrally and have the Agent retrieve them during installation so that you do not have to manually manage them post-install. The value of this variable can be a compressed archive (.zip, .tar or .tgz). |
|
countermeasures_refresh_plugins
|
If you would like updates to your CounterMeasures plugins to automatically be applied, you can optionally set countermeasures_refresh_plugins to the number of hours for the refresh interval and the Agent will re-fetch the newest plugins from your remote plugin location. |
|
plugin_configuration
|
To pass plugin configuration to a standard FortiMonitor plugin or one of your own custom plugins, specify those at the bottom of the file. Examples for Linux and Windows are shown in the following sections. |
|
force_thread_culture |
Set the current culture to English. To enable, add the following parameter: |
|
auto_update |
Windows fm-agent only Enables the Windows Agent auto-update feature. To enable, add the following parameter: auto_update = true |
|
scheduled_update |
Windows fm-agent only Set a specific time for the Agent to update. This should be in military-time format; for example, 2:09 PM would be set as 14:09. The agent will query/attempt an update at this time.
If this flag is not used, the Agent will select a random time within 24 hours of its startup to check for a download; this should be logged in the Agent log. |
Linux custom plugin configuration
Manifest file
[agent]
customer_key = gfoadsvuhyadsflvhea
server_group = 3548
[attributes]
operating system = ubuntu
version = 14.04
[mysql]
username = USERNAME
password = PASSWORD
Windows custom plugin configuration
Manifest file
[agent]
customer_key = gfoadsvuhyadsflvhea
server_group = 3548
[attributes]
operating system = ubuntu
version = 14.04
<agent>
<plugins>
<ntp>
<add key="ntp_host" value="pool.ntp.org">
<add key="ntp_port" value="123">
</add></add></ntp>
</plugins>
</agent>