Fortinet black logo

User Guide

FortiMonitor Windows Agent

24.1.0
Copy Link
Copy Doc ID af1daa65-c273-11ec-9fd1-fa163e15d75b:261832
Download PDF

FortiMonitor Windows Agent

Quick Tips

  • Confirm that the proper .NET version is installed for the Agent you are using (.NET 4.0 or 4.5).

  • Check Add/Remove programs (for MSI Agent) to confirm if installation was completed.

  • Verify if the Windows Agent service is running/started.

Agent one line installer not working

If this occurs, you should either update your version of PowerShell, or follow the manual instructions for installing the agent.

How to uninstall the Agent

You can uninstall the Agent by removing it from the programs menu, you can follow detailed instructions here.

32bit/64bit Agent Installations

For installing the 86x version of the Agent, you must follow the manual install instructions for PowerShell installation instead of using the one-liner.

Error installing due to unsupported protocol (TLS 1.0)

If the windows agent fails to install, you can typically find the reason in the install log which is located in the root C drive. If you are seeing the following error:

AGENT: Check to Aggregator API failed with message: The requested security protocol is not supported.

This means that server is attempting to communicate with the FortiMonitor cloud over the deprecated (and insecure) TLS 1.0 protocol. This can be very common on windows 2008 R2 servers which do not have Service Pack 2 and only have .NET 4 installed. In order to solve the problem, you must either apply SP2 or install .NET framework 4.5 or higher which dynamically selects the right TLS protocol. Once you have installed that, restart the windows agent install and it should succeed.

More information on this topic can also be read on the following Microsoft help article: https://support.microsoft.com/en-us/help/3154517/support-for-tls-system-default-versions-included-in-the-net-framework

Certain metrics don't appear as available in the metric pane

You may find that certain core system/application metrics are not showing as "available" on your windows server. This can occur if the underlying Perfmon counter has become corrupted on the system. This problem can be resolved by running the following command in an administrative PowerShell command window:

lodctr /R

Once this has completed, restart the windows agent and allow a few minutes for the agent to report up the available metrics.

More information can be found on the lodctr command here: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/lodctr

Additional support

Please send the Agent logs and Windows Event Application Log to our support team so we can further assist you. You can find the Agent logs in the following directory:

C:\Program Files (x86)\FortimonitorAgent\Logs\ .

In some cases, to obtain additional diagnostic information, it may be required to put the Agent into DEBUG mode. This triggers the Agent to add more verbose logging of its internal operations. To do this, perform the following steps:

  1. From the Windows Agent server, open C:\Program Files (x86)\FortimonitorAgent\bin\logging.config.

  2. Locate the line that shows:
    <level value="INFO" />

  3. Edit the line to enable DEBUG logging. The line should now look like:
    <level value="DEBUG" />

  4. Save the changes.

  5. Go to C:\Program Files (x86)\FortiMonitorAgent\logs and remove the current agent.log , discovery.log, and metric.log files.

  6. From the Windows Services Control Panel, restart the FortiMonitorAgent service to apply the changes to the logging level.

  7. Rebuild the metadata for the Windows Server and allow 5-10 minutes for the data to collect.

  8. Send the Agent logs and Windows Event Application Log to our support team.

FortiMonitor Windows Agent

Quick Tips

  • Confirm that the proper .NET version is installed for the Agent you are using (.NET 4.0 or 4.5).

  • Check Add/Remove programs (for MSI Agent) to confirm if installation was completed.

  • Verify if the Windows Agent service is running/started.

Agent one line installer not working

If this occurs, you should either update your version of PowerShell, or follow the manual instructions for installing the agent.

How to uninstall the Agent

You can uninstall the Agent by removing it from the programs menu, you can follow detailed instructions here.

32bit/64bit Agent Installations

For installing the 86x version of the Agent, you must follow the manual install instructions for PowerShell installation instead of using the one-liner.

Error installing due to unsupported protocol (TLS 1.0)

If the windows agent fails to install, you can typically find the reason in the install log which is located in the root C drive. If you are seeing the following error:

AGENT: Check to Aggregator API failed with message: The requested security protocol is not supported.

This means that server is attempting to communicate with the FortiMonitor cloud over the deprecated (and insecure) TLS 1.0 protocol. This can be very common on windows 2008 R2 servers which do not have Service Pack 2 and only have .NET 4 installed. In order to solve the problem, you must either apply SP2 or install .NET framework 4.5 or higher which dynamically selects the right TLS protocol. Once you have installed that, restart the windows agent install and it should succeed.

More information on this topic can also be read on the following Microsoft help article: https://support.microsoft.com/en-us/help/3154517/support-for-tls-system-default-versions-included-in-the-net-framework

Certain metrics don't appear as available in the metric pane

You may find that certain core system/application metrics are not showing as "available" on your windows server. This can occur if the underlying Perfmon counter has become corrupted on the system. This problem can be resolved by running the following command in an administrative PowerShell command window:

lodctr /R

Once this has completed, restart the windows agent and allow a few minutes for the agent to report up the available metrics.

More information can be found on the lodctr command here: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/lodctr

Additional support

Please send the Agent logs and Windows Event Application Log to our support team so we can further assist you. You can find the Agent logs in the following directory:

C:\Program Files (x86)\FortimonitorAgent\Logs\ .

In some cases, to obtain additional diagnostic information, it may be required to put the Agent into DEBUG mode. This triggers the Agent to add more verbose logging of its internal operations. To do this, perform the following steps:

  1. From the Windows Agent server, open C:\Program Files (x86)\FortimonitorAgent\bin\logging.config.

  2. Locate the line that shows:
    <level value="INFO" />

  3. Edit the line to enable DEBUG logging. The line should now look like:
    <level value="DEBUG" />

  4. Save the changes.

  5. Go to C:\Program Files (x86)\FortiMonitorAgent\logs and remove the current agent.log , discovery.log, and metric.log files.

  6. From the Windows Services Control Panel, restart the FortiMonitorAgent service to apply the changes to the logging level.

  7. Rebuild the metadata for the Windows Server and allow 5-10 minutes for the data to collect.

  8. Send the Agent logs and Windows Event Application Log to our support team.