Installing Alibaba Cloud Collector
This chapter describes how to install the FortiSIEM Alibaba Cloud Collector.
- Step 1: Download the Alibaba Package
- Step 2: Upload to Alibaba Cloud
- Step 3: Create the Image from the Uploaded File
- Step 4: Create an Instance from the Created Image
- Step 5: Register Collectors to Supervisor Node
Step 1: Download the Alibaba Package
Download the Alibaba Cloud Collector package from the Fortinet Support website https://support.fortinet.com. See "Downloading FortiSIEM Products" for more information on downloading products from the support website. The name of the collector download is FSM_Full_Collector_AlibabaCloud_5.3.1_build<build_number>.zip
.
Step 2: Upload to Alibaba Cloud
-
Use the following command to upload the collector image you created in the previous step:
$./ossutilmac64 cp file oss://<bucketName>/<FileName>
-
Log in to the Alibaba Cloud Web UI (Web interface). From the UI, select the uploaded file: File> Preview, and copy the file's URL.
Step 3: Create the Image from the Uploaded File
-
Log in to the Alibaba Cloud Web UI.
-
Navigate to the ECS ( Elastic Computing Service).
-
Click the Images tab.
-
Select Custom Images under SnapShot and Images in the left-hand pane:
-
Click Import Image on the top right of the Images screen.
-
Enter the OSS object Address that you copied in Step 2: "Upload to Alibaba Cloud", Sub-step 2: "Get the OSS link".
-
Click OK.
-
Wait until the image is created.
Step 4: Create an Instance from the Created Image
-
Select the image you created from the table on the Images tab in the Web UI.
-
Click Create Instance in the lower-right side of the Images tab.
Enter all of the required details, such as VPC, Security Groups, Elastic IP keypair, and so on, similar to Amazon AWS.
Step 5: Register Collectors to Supervisor Node
For Enterprise deployments, follow these steps:
-
Login to Supervisor with 'Admin' privileges.
-
Go to ADMIN > Setup > Collectors and add a Collector by entering:
-
Name – Collector Name.
-
Guaranteed EPS – this is the EPS that the Collector will always be able to send. It could send more if there is excess EPS available.
-
Start Time and End Time – set to 'Unlimited'.
-
-
SSH to the Collector and run following script to register Collectors:
phProvisionCollector --add <user> <password> <Super IP or Host> <Organization> <CollectorName>
-
Set User and Password use the admin User Name and password for the Supervisor
-
Set IP Address as 'Supervisor IP'.
-
Set Organization as 'Super'.
-
Set CollectorName from Step 2a.
The Collector will reboot during the Registration
-
-
Go to ADMIN > Health > Collector Health and see the status.
For Service Provider deployments, follow these steps:
-
Login to Supervisor with 'Admin' privileges.
-
Go to ADMIN > Setup > Organizations and add an Organization.
-
Enter the Organization Name, Admin User, Admin Password, and Admin Email.
-
Under Collectors, click New.
-
Enter the following details:
-
Collector Name – Collector Name.
-
Guaranteed EPS – this is the EPS that the Collector will always be able to send. It could send more if there is excess EPS available.
-
Start Time, and End Time - could be set as 'Unlimited'.
-
-
SSH to the Collector and run following script to register Collectors:
phProvisionCollector --add <user> <password> <Super IP or Host> <Organization> <CollectorName>
-
Set User and Password use the admin User Name and password for the Supervisor
-
Set IP Address as 'Supervisor IP'.
-
Set Organization as 'Super'.
-
Set CollectorName.
The Collector will reboot during the Registration
-
-
Go to ADMIN > Health > Collector Health and check the status.