OnSight vCollector
The OnSight vCollector is a lightweight appliance that functions similarly to our public monitoring nodes, which runs uptime checks and synthetic monitoring against your publicly available servers and web endpoints. However, the OnSight vCollector sits within your private network and monitors resources that are not publicly exposed. The OnSight can run uptime and synthetic checks on your private infrastructure, monitoring things like RDP, database connectivity, and port availability.
The OnSight can also function as a proxy for servers that have the Server Agent installed but have no outbound connectivity. Also, the OnSight can monitor network devices, storage arrays, VMWare clusters, and private network-managed cloud resources such as RDS and DynamoDB.
The OnSight is a collection of Docker containers that provide the necessary services. During the installation of the OnSight, if Docker is not found on the target machine it will automatically be installed.
System requirements
OS requirements
The OnSight vCollector supports the following Linux distributions:
-
Debian 9 and 10
-
Ubuntu Server 18.04 LTS, 20.04 LTS, and 22.04 LTS
-
Redhat Enterprise 7.x, 8-8.8, and 9.0
-
CentOS 7.x and 8-8.2
-
Oracle Enterprise Linux 7.0
-
Amazon Linux 2 and 2018.03
Please note that podman should not be installed on the OS. We only use Docker currently. The installation process will install it if it is not found.
Resource requirements
These are the minimum resources required to install the OnSight.
-
Processor: 4 cores
-
Memory: 8 GB
-
Hard disk space: 50 GB
Note: You can use the SMALL=1 parameter to install the OnSight to machines that only have 2 cores and 4 GB of memory. This can be used for deployments with less than 1000 metrics. Command example:
curl -fsSL https://packages.panopta.com/install/onsight/onsight-install.sh > onsight-install.sh && SMALL=1 bash onsight-install.sh <CUSTOMER KEY>
For larger deployments involving a significant number of network devices or advanced synthetic checks, please contact our support team to help determine the resource requirements for your environment.
Network connectivity requirements
The host machine must have outbound access to the following:
Port |
Destination |
Used for |
443 |
rx.us01.fortimonitor.com aggregator2.panopta.com aggregator2-secondary.panopta.com |
Primary and fail-over communication with the FortiMonitor cloud |
443, 80 |
repo.fortimonitor.com |
OnSight software updates |
443 |
hub.docker.com |
OnSight software updates |
443 |
download.docker.com get.docker.com *.docker.io |
Docker download and installation |
The host machine must have inbound access to the following ports allowed:
Port |
Protocol |
Usage |
---|---|---|
22 |
TCP |
Used to SSH into host |
8443 |
TCP |
Used to configure the OnSight as a proxy for agents |
162 |
UDP |
Used for SNMP Trap receipt |
444 |
TCP |
Used for NCM console |
Docker IP change requirements
The OnSight vCollector uses Docker. The default network space defined by Docker is 172.17.0.0/12 with Docker using 172.17.0.1/16 as its IP address and the first container using the 172.17.0.2/16 IP address.
This can conflict with the your internal network IP space and cause the OnSight to not be able to communicate with the your network devices. Specifically, if you have any hosts in the 172.16.0.0/12 space, as defined by RFC 1918, then you must change your Docker configuration to allow for the OnSight to successfully reach those networks.
To resolve this, update your Docker host to use a different IP range.
Note: The following must be performed before installing the OnSight vCollector.
1. Add a file (or modify if it exists): /etc/docker/daemon.json
{
"default-address-pools":
[
{"base":"192.168.0.0/16","size":24}
]
}
Where:
-
base is the network to allocate to docker created and managed networks.
-
size is the netmask of each block created within the base.
In the above example this would use 192.168.0.0/16 for all networks and an individual network would have a netmask of /24.
2. After adding or modifying the above file, restart the docker service. The docker service and all the associated iptables NAT rules will get set up accordingly.
Deployment methods
Installation Method |
Best for |
---|---|
You're comfortable operating in a Linux environment |
|
You're deploying the OnSight in an AWS environment |
|
You prefer a "black box" deployment |
Configure OnSight to use an HTTP proxy
In certain restricted network environments, it may not be possible to allow the OnSight VM itself to reach out to the public internet to reach the FortiMonitor cloud. For these situations, you can set up the OnSight to push its data through an HTTP proxy that you have on your network.
To do so, run the following command as root:
sudo onsight configure-vcollector --enable-agent-proxy