Fortinet white logo
Fortinet white logo

User Guide

24.4.0

OnSight virtual image installation

OnSight virtual image installation

To deploy an OnSight vCollector as an image, you need to download the VMware image from the FortiMonitor package server and import the image into a designated hypervisor. vSphere 6.5 and above is required for the host to import the image. The system requirements are detailed here.

To install the OnSight vCollector, perform the following steps:

  1. Download the OnSight image.

  2. After downloading the OnSight image, import it as a virtual machine into your hypervisor. Once your OnSight is imported and booted, the VM will go through the normal Linux start up process, finishing with a login prompt.

    1. Log in with username fortimonitor and password fortimonitor. You will then be prompted to set a new password.
      Important note: Do not lose this password. Without it, there is no way to access the OnSight for further updates.

    2. Configure the network by running sudo onsight configure-network as root. See Network Configuration for more details.

    3. Run updates to pick up any recently released OS patches by running sudo apt update; sudo apt upgrade.

    4. Reboot the server by running shutdown -r now

    5. Register the OnSight by running sudo onsight register --customer-key <customer-key> as root. Your OnSight appliance key will also be displayed.
      where <customer-key> is your own customer key. To obtain your customer key, visit the Control Panel and click your avatar then select My Account.

  3. Proceed through the final steps of the OnSight installation process in the Control Panel, where you can assign things such as the Alert Timeline and Instance Group to use for your new OnSight.
    The OnSight will begin syncing immediately after deployment.

Network configuration

By default, the OnSight vCollector will attempt to use DHCP except in AWS, which pre-configures networking correctly. Basic network configuration is available by running:

sudo onsight configure-network

This will walk you through a series of steps that allows you to configure the following:

  • Select a network interface for the OnSight

  • Use static IP or DHCP

  • IP address

  • Gateway

  • Nameservers

For complex use cases like bridging multiple networks or custom route configurations, you need to manually configure the network. Please contact our support team if you need assistance.

NTP server configuration

The OnSight uses the default Ubuntu NTP servers for time synchronization. If your environment blocks outbound NTP access, you can configure the OnSight to use an internal NTP server using the following:

sudo onsight configure-ntp

This will request a list of servers to use then update the configuration and restart the NTP daemon to pick up the new servers.

OnSight virtual image installation

OnSight virtual image installation

To deploy an OnSight vCollector as an image, you need to download the VMware image from the FortiMonitor package server and import the image into a designated hypervisor. vSphere 6.5 and above is required for the host to import the image. The system requirements are detailed here.

To install the OnSight vCollector, perform the following steps:

  1. Download the OnSight image.

  2. After downloading the OnSight image, import it as a virtual machine into your hypervisor. Once your OnSight is imported and booted, the VM will go through the normal Linux start up process, finishing with a login prompt.

    1. Log in with username fortimonitor and password fortimonitor. You will then be prompted to set a new password.
      Important note: Do not lose this password. Without it, there is no way to access the OnSight for further updates.

    2. Configure the network by running sudo onsight configure-network as root. See Network Configuration for more details.

    3. Run updates to pick up any recently released OS patches by running sudo apt update; sudo apt upgrade.

    4. Reboot the server by running shutdown -r now

    5. Register the OnSight by running sudo onsight register --customer-key <customer-key> as root. Your OnSight appliance key will also be displayed.
      where <customer-key> is your own customer key. To obtain your customer key, visit the Control Panel and click your avatar then select My Account.

  3. Proceed through the final steps of the OnSight installation process in the Control Panel, where you can assign things such as the Alert Timeline and Instance Group to use for your new OnSight.
    The OnSight will begin syncing immediately after deployment.

Network configuration

By default, the OnSight vCollector will attempt to use DHCP except in AWS, which pre-configures networking correctly. Basic network configuration is available by running:

sudo onsight configure-network

This will walk you through a series of steps that allows you to configure the following:

  • Select a network interface for the OnSight

  • Use static IP or DHCP

  • IP address

  • Gateway

  • Nameservers

For complex use cases like bridging multiple networks or custom route configurations, you need to manually configure the network. Please contact our support team if you need assistance.

NTP server configuration

The OnSight uses the default Ubuntu NTP servers for time synchronization. If your environment blocks outbound NTP access, you can configure the OnSight to use an internal NTP server using the following:

sudo onsight configure-ntp

This will request a list of servers to use then update the configuration and restart the NTP daemon to pick up the new servers.