AMI OnSight vCollector rotation procedure
This page outlines the steps required to replace an OnSight vCollector from an AMI while preserving all existing checks and historical data associated with the original OnSight vCollector. This document assumes the user has a basic knowledge of Amazon Machine Images and/ or other disk images as well as basic knowledge of virtual machines provisioning.
Installation Procedure
-
The standard AMI is available within the AWS Marketplace by searching for FortiMonitor.
-
Keep a text editor open as some of the following steps require some temporary notation.
-
There will be a short window of downtime while completing these steps, typically 1-2 minutes.
The instructions below outline the procedure for replacing an existing OnSight.
-
Provision a new VM using the OnSight vCollector machine image.
-
Perform appropriate network configuration.
-
Obtain the customer key for your tenant - this may be found via the Control Panel by navigating to the portrait icon in the upper right corner of the navigation bar and looking under My Account. Note this for a later step.
-
Obtain the OnSight key for the current OnSight vCollector that will be replaced. This may be found by navigating to the details page for the OnSight vCollector in the Control Panel. Note this for a later step.
-
Shutdown the existing OnSight vCollector that is being replaced. The container or VM should be disabled to prevent any future registration issues with this appliance.
-
On the newly created OnSight vCollector, run the following commands from Root-level access (items in CAPS should be replaced with the respective key values saved in steps 3 and 4):
-
onsight configure-collector --customer-key CUSTOMER-KEY-FROM-STEP-3
-
onsight configure-collector --appliance-key ONSIGHT-KEY-FROM-STEP-4
-
onsight start-vcollector
-
-
Return to the Control Panel, navigate to the details page of the OnSight vCollector, and verify data flow has been restored.