Fortinet black logo

User Guide

OnSight vCollector

24.1.0
Copy Link
Copy Doc ID af1daa65-c273-11ec-9fd1-fa163e15d75b:410856
Download PDF

OnSight vCollector

The OnSight vCollector is a lightweight appliance that functions similarly to our public monitoring nodes, which runs uptime checks and synthetic monitoring against your publicly available servers and web endpoints. However, the OnSight vCollector sits within your private network and monitors resources that are not publicly exposed. The OnSight can run uptime and synthetic checks on your private infrastructure, monitoring things like RDP, database connectivity, and port availability.

The OnSight can also function as a proxy for servers that have the Server Agent installed but have no outbound connectivity. Also, the OnSight can monitor network devices, storage arrays, VMWare clusters, and private network-managed cloud resources such as RDS and DynamoDB.

The OnSight is a collection of Docker containers that provide the necessary services. During the installation of the OnSight, if Docker is not found on the target machine it will automatically be installed.

System requirements

OS requirements

The OnSight vCollector supports the following Linux distributions:

  • Debian 9 and 10

  • Ubuntu Server 18.04 LTS, 20.04 LTS, and 22.04 LTS

  • Redhat Enterprise 7.x, 8-8.8, and 9.0

  • CentOS 7.x and 8-8.2

  • Oracle Enterprise Linux 7.0

  • Amazon Linux 2 and 2018.03

Please note that podman should not be installed on the OS. We only use Docker currently. The installation process will install it if it is not found.

The docker SNAP package requires additional configuration that may be environment dependent. We currently only support the docker.io package installation. If the SNAP version was installed during installation, you should remove it and install the docker.io package using your package manager.

Resource requirements

These are the minimum resources required to install the OnSight.

  • Processor: 4 cores

  • Memory: 8 GB

  • Hard disk space: 50 GB

Note: You can use the SMALL=1 parameter to install the OnSight to machines that only have 2 cores and 4 GB of memory. This can be used for deployments with less than 1000 metrics. Command example:

curl -fsSL https://packages.panopta.com/install/onsight/onsight-install.sh > onsight-install.sh && SMALL=1 bash onsight-install.sh <CUSTOMER KEY>

For larger deployments involving a significant number of network devices or advanced synthetic checks, please contact our support team to help determine the resource requirements for your environment.

Network connectivity requirements

The host machine must have outbound access to the following:

Port

Destination

Used for

443

rx.us01.fortimonitor.com

aggregator2.panopta.com

aggregator2-secondary.panopta.com

Primary and fail-over communication with the FortiMonitor cloud

443, 80

repo.fortimonitor.com

OnSight software updates

443

hub.docker.com

OnSight software updates

443

download.docker.com

get.docker.com

*.docker.io

Docker download and installation

The host machine must have inbound access to the following ports allowed:

Port

Protocol

Usage

22

TCP

Used to SSH into host

8443

TCP

Used to configure the OnSight as a proxy for agents

162

UDP

Used for SNMP Trap receipt

444

TCP

Used for NCM console

Docker IP change requirements

The OnSight vCollector uses Docker. The default network space defined by Docker is 172.17.0.0/12 with Docker using 172.17.0.1/16 as its IP address and the first container using the 172.17.0.2/16 IP address.

This can conflict with the your internal network IP space and cause the OnSight to not be able to communicate with the your network devices. Specifically, if you have any hosts in the 172.16.0.0/12 space, as defined by RFC 1918, then you must change your Docker configuration to allow for the OnSight to successfully reach those networks.

To resolve this, update your Docker host to use a different IP range.

Note: The following must be performed before installing the OnSight vCollector.

1. Add a file (or modify if it exists): /etc/docker/daemon.json

{

"default-address-pools":

[

{"base":"192.168.0.0/16","size":24}

]

}

Where:

  • base is the network to allocate to docker created and managed networks.

  • size is the netmask of each block created within the base.

    In the above example this would use 192.168.0.0/16 for all networks and an individual network would have a netmask of /24.

2. After adding or modifying the above file, restart the docker service. The docker service and all the associated iptables NAT rules will get set up accordingly.

Deployment methods

Installation Method

Best for

One-liner installer

You're comfortable operating in a Linux environment
You have a specific server image you want to conform to
You have an available Linux VM

AWS AMI

You're deploying the OnSight in an AWS environment
You're looking for the simplest cloud deployment method

Virtual image

You prefer a "black box" deployment
You have the available resources to allocate to a VM
You'd like to deploy on the HyperVisor of your choosing

Configure OnSight to use an HTTP proxy

In certain restricted network environments, it may not be possible to allow the OnSight VM itself to reach out to the public internet to reach the FortiMonitor cloud. For these situations, you can set up the OnSight to push its data through an HTTP proxy that you have on your network.

To do so, run the following command as root:

sudo onsight configure-vcollector --enable-agent-proxy

OnSight vCollector

The OnSight vCollector is a lightweight appliance that functions similarly to our public monitoring nodes, which runs uptime checks and synthetic monitoring against your publicly available servers and web endpoints. However, the OnSight vCollector sits within your private network and monitors resources that are not publicly exposed. The OnSight can run uptime and synthetic checks on your private infrastructure, monitoring things like RDP, database connectivity, and port availability.

The OnSight can also function as a proxy for servers that have the Server Agent installed but have no outbound connectivity. Also, the OnSight can monitor network devices, storage arrays, VMWare clusters, and private network-managed cloud resources such as RDS and DynamoDB.

The OnSight is a collection of Docker containers that provide the necessary services. During the installation of the OnSight, if Docker is not found on the target machine it will automatically be installed.

System requirements

OS requirements

The OnSight vCollector supports the following Linux distributions:

  • Debian 9 and 10

  • Ubuntu Server 18.04 LTS, 20.04 LTS, and 22.04 LTS

  • Redhat Enterprise 7.x, 8-8.8, and 9.0

  • CentOS 7.x and 8-8.2

  • Oracle Enterprise Linux 7.0

  • Amazon Linux 2 and 2018.03

Please note that podman should not be installed on the OS. We only use Docker currently. The installation process will install it if it is not found.

The docker SNAP package requires additional configuration that may be environment dependent. We currently only support the docker.io package installation. If the SNAP version was installed during installation, you should remove it and install the docker.io package using your package manager.

Resource requirements

These are the minimum resources required to install the OnSight.

  • Processor: 4 cores

  • Memory: 8 GB

  • Hard disk space: 50 GB

Note: You can use the SMALL=1 parameter to install the OnSight to machines that only have 2 cores and 4 GB of memory. This can be used for deployments with less than 1000 metrics. Command example:

curl -fsSL https://packages.panopta.com/install/onsight/onsight-install.sh > onsight-install.sh && SMALL=1 bash onsight-install.sh <CUSTOMER KEY>

For larger deployments involving a significant number of network devices or advanced synthetic checks, please contact our support team to help determine the resource requirements for your environment.

Network connectivity requirements

The host machine must have outbound access to the following:

Port

Destination

Used for

443

rx.us01.fortimonitor.com

aggregator2.panopta.com

aggregator2-secondary.panopta.com

Primary and fail-over communication with the FortiMonitor cloud

443, 80

repo.fortimonitor.com

OnSight software updates

443

hub.docker.com

OnSight software updates

443

download.docker.com

get.docker.com

*.docker.io

Docker download and installation

The host machine must have inbound access to the following ports allowed:

Port

Protocol

Usage

22

TCP

Used to SSH into host

8443

TCP

Used to configure the OnSight as a proxy for agents

162

UDP

Used for SNMP Trap receipt

444

TCP

Used for NCM console

Docker IP change requirements

The OnSight vCollector uses Docker. The default network space defined by Docker is 172.17.0.0/12 with Docker using 172.17.0.1/16 as its IP address and the first container using the 172.17.0.2/16 IP address.

This can conflict with the your internal network IP space and cause the OnSight to not be able to communicate with the your network devices. Specifically, if you have any hosts in the 172.16.0.0/12 space, as defined by RFC 1918, then you must change your Docker configuration to allow for the OnSight to successfully reach those networks.

To resolve this, update your Docker host to use a different IP range.

Note: The following must be performed before installing the OnSight vCollector.

1. Add a file (or modify if it exists): /etc/docker/daemon.json

{

"default-address-pools":

[

{"base":"192.168.0.0/16","size":24}

]

}

Where:

  • base is the network to allocate to docker created and managed networks.

  • size is the netmask of each block created within the base.

    In the above example this would use 192.168.0.0/16 for all networks and an individual network would have a netmask of /24.

2. After adding or modifying the above file, restart the docker service. The docker service and all the associated iptables NAT rules will get set up accordingly.

Deployment methods

Installation Method

Best for

One-liner installer

You're comfortable operating in a Linux environment
You have a specific server image you want to conform to
You have an available Linux VM

AWS AMI

You're deploying the OnSight in an AWS environment
You're looking for the simplest cloud deployment method

Virtual image

You prefer a "black box" deployment
You have the available resources to allocate to a VM
You'd like to deploy on the HyperVisor of your choosing

Configure OnSight to use an HTTP proxy

In certain restricted network environments, it may not be possible to allow the OnSight VM itself to reach out to the public internet to reach the FortiMonitor cloud. For these situations, you can set up the OnSight to push its data through an HTTP proxy that you have on your network.

To do so, run the following command as root:

sudo onsight configure-vcollector --enable-agent-proxy