Fortinet black logo

User Guide

Use OnSight as a proxy for the FortiMonitor Agent

24.1.0
Copy Link
Copy Doc ID af1daa65-c273-11ec-9fd1-fa163e15d75b:301107
Download PDF

Use OnSight as a proxy for the FortiMonitor Agent

Monitoring your internal infrastructure when it does not have outbound access can be problematic. You can use an OnSight vCollector instance as a proxy, centralizing the flow of data and reducing outband access to a single instance.

Set OnSight as a proxy during Agent installation

During Agent installation, you have the option to set up the OnSight as a proxy for the FortiMonitor Agent using the Agent manifest file.

  1. Create an Agent manifest file. To create the file, see the following sections:

  2. Edit the manifest file and set the aggregator_url parameter to point to the URL or IP address of your OnSight or OnSights.
    If you replace the aggregator URL value within the Agent configuration file with the OnSight Agent Proxy URL, all Agent communication will flow through the proxy. You can also place multiple URLs should you have more than one OnSight. This introduces high availability to your internal monitoring to ensure that you are always receiving the Agent metric data, even if one of your OnSight instances is not responding.

Using Multiple Aggregator URLs
In most mission critical environments, it is highly recommended that you deploy multiple OnSights for a high availability pair. You can also specify each OnSight as an aggregator endpoint in your agent's config file. It is a best practice to use DNS with multiple A records in order to make changes centrally without having to visit each agent.

Linux

For Linux, this file is located in /etc/panopta-agent/ (panopta-agent) or /etc/fm-agent/ (fm-agent) with the following content:

[AgentConfig]
version = 2017.03.14
server_key = ****-****-****-****
aggregator_url = https://10.121.32.25:8443, https://10.121.32.26:8443

Windows

For Windows, the file is located in C:\Program Files (x86)\PanoptaAgent\Agent.cfg (panopta-agent) or C:\Program Files (x86)\FortimonitorAgent\Agent.cfg (fm-agent) and the relevant section of the configuration is shown below:

<?xml version="1.0" encoding="utf-8"?>
<agent>
<service>
<add key="AggregatorUrl" value="https://10.121.32.25:8443" />
<add key="ServerKey" value="****-****-****-****" />
</service>
</agent>

Note: If you are using the Windows version of the Agent, you will have to restart the service from within the services menu before seeing any configuration changes take place.

3. Save and close the file.

4. Use the Manual Install method to install and add the OnSight proxy to FortiMonitor. For step 2 of the Manual Install Instructions (shown below), use the manifest file you created in the previous steps.

See Install the FortiMonitor Agent to learn more about Agent installation methods.

Agent manifest file

The manifest file is only used for initial installation. For more information, see Agent manifest file.

Use OnSight as a proxy for an existing FortiMonitor Agent

OnSight version 2020.68 or later

If your OnSight version is 2020.68 or later, you can use the following OnSight CLI commands:

To enable the proxy functionality, run:

sudo onsight configure-vcollector --enable-agent-proxy

To disable the Agent proxy, run:

sudo onsight configure-vcollector --disable-agent-proxy

For more information, see Manage and configure your OnSight vCollector.

OnSight version 2020.67 or lower

To use OnSight as a proxy for an existing FortiMonitor Agent, perform the following:

  1. Define the Aggregator URL in the FortiMonitor Agent configuration file. For Linux this can be found in /etc/panopta-agent/panopta_agent.cfg. For Windows, it is usually the agent.conf file in the directory you created for the FortiMonitor Agent. Keep this file open for later.

  2. From the instance's tree in the control pane, select the OnSight instance to open its details page.

  3. Click the IP Address of the OnSight to open the OnSight Console.

  4. On the OnSight Console login page, enter the following credentials:

    • Username: admin

    • Password: <OnSight key>

      Successfully logging in will open the OnSight Console.

  5. Select Enable in the Agent proxy field to get a URL that can be used as the proxy.

If you replace the aggregator URL value within the Agent configuration file with the OnSight Agent Proxy URL, all Agent communication will flow through the proxy. You can also place multiple URLs should you have more than one OnSight. This introduces high availability to your internal monitoring to ensure that you are always receiving the Agent metric data, even if one of your OnSight instances is not responding.

Use OnSight as a proxy for the FortiMonitor Agent

Monitoring your internal infrastructure when it does not have outbound access can be problematic. You can use an OnSight vCollector instance as a proxy, centralizing the flow of data and reducing outband access to a single instance.

Set OnSight as a proxy during Agent installation

During Agent installation, you have the option to set up the OnSight as a proxy for the FortiMonitor Agent using the Agent manifest file.

  1. Create an Agent manifest file. To create the file, see the following sections:

  2. Edit the manifest file and set the aggregator_url parameter to point to the URL or IP address of your OnSight or OnSights.
    If you replace the aggregator URL value within the Agent configuration file with the OnSight Agent Proxy URL, all Agent communication will flow through the proxy. You can also place multiple URLs should you have more than one OnSight. This introduces high availability to your internal monitoring to ensure that you are always receiving the Agent metric data, even if one of your OnSight instances is not responding.

Using Multiple Aggregator URLs
In most mission critical environments, it is highly recommended that you deploy multiple OnSights for a high availability pair. You can also specify each OnSight as an aggregator endpoint in your agent's config file. It is a best practice to use DNS with multiple A records in order to make changes centrally without having to visit each agent.

Linux

For Linux, this file is located in /etc/panopta-agent/ (panopta-agent) or /etc/fm-agent/ (fm-agent) with the following content:

[AgentConfig]
version = 2017.03.14
server_key = ****-****-****-****
aggregator_url = https://10.121.32.25:8443, https://10.121.32.26:8443

Windows

For Windows, the file is located in C:\Program Files (x86)\PanoptaAgent\Agent.cfg (panopta-agent) or C:\Program Files (x86)\FortimonitorAgent\Agent.cfg (fm-agent) and the relevant section of the configuration is shown below:

<?xml version="1.0" encoding="utf-8"?>
<agent>
<service>
<add key="AggregatorUrl" value="https://10.121.32.25:8443" />
<add key="ServerKey" value="****-****-****-****" />
</service>
</agent>

Note: If you are using the Windows version of the Agent, you will have to restart the service from within the services menu before seeing any configuration changes take place.

3. Save and close the file.

4. Use the Manual Install method to install and add the OnSight proxy to FortiMonitor. For step 2 of the Manual Install Instructions (shown below), use the manifest file you created in the previous steps.

See Install the FortiMonitor Agent to learn more about Agent installation methods.

Agent manifest file

The manifest file is only used for initial installation. For more information, see Agent manifest file.

Use OnSight as a proxy for an existing FortiMonitor Agent

OnSight version 2020.68 or later

If your OnSight version is 2020.68 or later, you can use the following OnSight CLI commands:

To enable the proxy functionality, run:

sudo onsight configure-vcollector --enable-agent-proxy

To disable the Agent proxy, run:

sudo onsight configure-vcollector --disable-agent-proxy

For more information, see Manage and configure your OnSight vCollector.

OnSight version 2020.67 or lower

To use OnSight as a proxy for an existing FortiMonitor Agent, perform the following:

  1. Define the Aggregator URL in the FortiMonitor Agent configuration file. For Linux this can be found in /etc/panopta-agent/panopta_agent.cfg. For Windows, it is usually the agent.conf file in the directory you created for the FortiMonitor Agent. Keep this file open for later.

  2. From the instance's tree in the control pane, select the OnSight instance to open its details page.

  3. Click the IP Address of the OnSight to open the OnSight Console.

  4. On the OnSight Console login page, enter the following credentials:

    • Username: admin

    • Password: <OnSight key>

      Successfully logging in will open the OnSight Console.

  5. Select Enable in the Agent proxy field to get a URL that can be used as the proxy.

If you replace the aggregator URL value within the Agent configuration file with the OnSight Agent Proxy URL, all Agent communication will flow through the proxy. You can also place multiple URLs should you have more than one OnSight. This introduces high availability to your internal monitoring to ensure that you are always receiving the Agent metric data, even if one of your OnSight instances is not responding.