Fortinet black logo

Migrating from FortiSIEM 5.3.0, 5.3.1, or 5.3.2

6.1.0
Copy Link
Copy Doc ID d34cba35-88d8-11ea-9384-00505692583a:505373
Download PDF

Migrating from FortiSIEM 5.3.0, 5.3.1, or 5.3.2

WARNING: FortiSIEM 5.3.3 and 5.4.0 cannot be upgraded to FortiSIEM 6.1.0. You must upgrade to FortiSIEM 6.1.1.

This section describes how upgrade from FortiSIEM 5.3.0, 5.3.1, or 5.3.2 to FortiSIEM 6.1.0.

Pre-Migration Checklist

To perform the migration, the following prerequisites must be met:

Create the Directories

  1. Delete the Worker from the Super GUI.
  2. Stop/Shutdown the Worker.
  3. Create a /svn/53x-settings directory and symlink it to /images. For FSM running on Hyper-V, you only need a tiny amount of space to backup 5.3.0, 5.3.1, or 5.3.2 system settings, so use the /svn partition (a partition other than root) instead of a new disk. The following screen shot illustrates this:

Download the Backup Script

Download the FortiSIEM Hyper-V backup script to start migration. Follow these steps:

  1. Download the file FSM_Backup_5.3_Files_6.1.0_build0112.zip from the support site.
  2. Copy the file to the 5.3.0, 5.3.1, or 5.3.2 Hyper-V instance (for example, /svn/53x-settings) that you are planning to migrate to 6.1.0.
  3. Unzip the .zip file:

    # cd /svn/53x-settings

    # unzip FSM_Backup_5.3_Files_6.1.0_build0112.zip

Run the Backup Script and Shutdown System

Follow these steps to run the backup script:

  1. Go to the directory that contains the backup-config file, for example:

    # cd /svn/53x-settings/fsm-53x-backup-config

  2. Run the sh backup script to backup the 5.3.0, 5.3.1, or 5.3.2 settings that will be migrated later into the new 6.1 OS.

    # sh backup

  3. Shutdown the system.

    # shutdown -h now

Migrate All-in-one Installation

Download and Uncompress the 6.1.0 Hyper-V Root VHDX

Download the compressed FortiSIEM Hyper-V root VHDX migration. Follow these steps:

  1. Download the file FortiSIEM-HyperV-6.1.0.0112.zip from the support site.
  2. Copy the file to your 5.3.0, 5.3.1, or 5.3.2 Hyper-V host that is currently running the 5.3.0, 5.3.1, or 5.3.2 instance.
  3. Use unzip tools to uncompress the .zip file to obtain the FortiSIEM-HyperV-6.1.0.0112.zip file. Store it in the same folder where you have your 5.3.0, 5.3.1, or 5.3.2 disks.

Modify the 5.3.0, 5.3.1, or 5.3.2 Instance to use new VHDX

  1. Open the Hyper-V Manager and select your 5.3.0, 5.3.1, or 5.3.2 VM.
  2. Right-click on the VM, the click Settings.

  3. Navigate to the first hard drive under IDE Controller 0. Click Browse and select the new 6.1 VHDX you just uncompressed. Click Open.

  4. Navigate to Processor, change 8 vCPUs to 16.
  5. Navigate to Memory, change 16GB to 64GB. Click Apply.

  6. Click SCSI Controller, Hard Drive, Click Add. Similar to Fresh Install steps 12- 19, add a new hard drive of size 100GB for the /opt partition. Below is a screen shot of the final screen of Add new hard drive.

  7. Click OK on the VM settings screen to complete making changes to the VM for migration.

  8. Connect to the VM Console and Start the VM from Hyper-V Manager.

  9. The system will start with the FortiSIEM 6.1 OS.

  10. The system will boot up. When the command prompt window opens, log in with the default login credentials: user: root and Password: ProspectHills.
  11. You will be required to change the password. Remember this password for future use.

Migrate to FortiSIEM 6.1.0

  1. Find the device name of the original 5.3.0, 5.3.1, or 5.3.2 SVN volume using fdisk -l and mount it to /mnt. This contains the backup of 5.3.0, 5.3.1, or 5.3.2 system settings that will be used during migration. Copy the 5.3.0, 5.3.1, or 5.3.2 settings that were previously backed up and then umount /mnt, for example:

    # mount /dev/sdb1 /mnt

    # mkdir /restore-53x-settings

    # cd /restore-53x-settings

    # rsync -av /mnt/53x-settings/. .

    # ln -sf /restore-53x-settings /images

    # umount /mnt

  2. Run the configFSM.sh command to configure the migration via a GUI, for example:

    # configFSM.sh

  3. In the Configure TIMEZONE screen of the GUI select 2 No. Press Next.

  4. Select your node type: Supervisor, Worker, or Collector. This step is usually performed on Supervisor. Press Next.

  5. On the Configure Supervisor screen, select the operation 6 migrate_6_1_0. Press Next.

  6. Test network connectivity by entering a host name that can be resolved by your DNS Server (entered in the previous step) and responds to ping. The host can either be an internal host or a public domain host like google.com. Press Next.

  7. Click Run on the confirmation page once you make sure all the values are correct. The options for the configureFSM.py script are described in the table here.

  8. Wait for the operations to complete, and system to reboot.

  9. Login to the system after a few minutes. Wait several more minutes for all processes to start up. Execute the phstatus command, for example:

    # phstatus

  10. Remove the restored settings directories because you no longer need them, for example:

    # rm -rf /restore-53x-settings

    # rm -rf /svn/53x-settings

    # rm -f /images

Migrate Cluster Installation

This section provides instructions on how to migrate Supervisor, Workers, and Collectors separately in a cluster environment,

Delete Workers

  1. Login to the Supervisor.
  2. Go to Admin > License > Nodes and delete the Workers one-by-one.
  3. Go to the Admin > Cloud Health page and make sure that the Workers are not present.

    Note that the Collectors will buffer events while the Workers are down.

  4. Shutdown the Workers.

    SSH to the Workers one-by-one and shutdown the Workers.

Migrate Supervisor

Follow the steps in Migrate All-in-one Installation to migrate the supervisor node. Note: FortiSIEM 6.1.0 does not support Worker or Collector migration.

Install New Worker(s)

Follow the steps in Cluster Installation > Install Workers to install new Workers. You can either keep the same IP address or change the address.

Register Workers

Follow the steps in Cluster Installation > Register Workers to register the newly created 6.1.0 Workers to the 6.1.0 Supervisor. The 6.1.0 FortiSIEM Cluster is now ready.

Set Up Collector-to-Worker Communication

  1. Go to Admin > Systems > Settings.
  2. Add the Workers to the Event Worker or Query Worker as appropriate.
  3. Click Save.

Working with Pre-6.1.0 Collectors

Pre-6.1.0 Collectors and agents will work with 6.1.0 Supervisor and Workers. You can install 6.1.0 collectors at your convenience.

Install 6.1.0 Collectors

FortiSIEM does not support Collector migration to 6.1.0. You can install new 6.1.0 Collectors and register them to 6.1.0 Supervisor in a specific way so that existing jobs assigned to Collectors and Windows agent associations are not lost. Follow these steps:

  1. Copy the http hashed password file (/etc/httpd/accounts/passwds) from the old Collector.
  2. Disconnect the pre-6.1.0 Collector.
  3. Install the 6.1.0 Collector with the old IP address by the following the steps in Cluster Installation > Install Collectors.
  4. Copy the saved http hashed password file (/etc/httpd/accounts/passwds) from the old Collector to the 6.1.0 Collector.

    This step is needed for Agents to work seamlessly with 6.1.0 Collectors. The reason for this step is that when the Agent registers, a password for Agent-to-Collector communication is created and the hashed version is stored in the Collector. During 6.1.0 migration, this password is lost.

Register 6.1.0 Collectors

Follow the steps in Cluster Installation > Register Collectors, with the following difference: in the phProvisionCollector command, use the --update option instead of --add. Other than this, use the exactly the same parameters that were used to register the pre-6.1.0 Collector. Specifically, use this form of the

phProvisionCollector command to register a 6.1.0 Collector and keep the old associations:

# /opt/phoenix/bin/phProvisionCollector --update <user> '<password>' <Super IP or Host> <Organization> <CollectorName>

The password should be enclosed in single quotes to ensure that any non-alphanumeric characters are escaped.

Re-install new Windows Agents with the old InstallSettings.xml file. Both the migrated and the new agents will work. The new Linux Agent and migrated Linux Agent will also work.

Migrating from FortiSIEM 5.3.0, 5.3.1, or 5.3.2

WARNING: FortiSIEM 5.3.3 and 5.4.0 cannot be upgraded to FortiSIEM 6.1.0. You must upgrade to FortiSIEM 6.1.1.

This section describes how upgrade from FortiSIEM 5.3.0, 5.3.1, or 5.3.2 to FortiSIEM 6.1.0.

Pre-Migration Checklist

To perform the migration, the following prerequisites must be met:

Create the Directories

  1. Delete the Worker from the Super GUI.
  2. Stop/Shutdown the Worker.
  3. Create a /svn/53x-settings directory and symlink it to /images. For FSM running on Hyper-V, you only need a tiny amount of space to backup 5.3.0, 5.3.1, or 5.3.2 system settings, so use the /svn partition (a partition other than root) instead of a new disk. The following screen shot illustrates this:

Download the Backup Script

Download the FortiSIEM Hyper-V backup script to start migration. Follow these steps:

  1. Download the file FSM_Backup_5.3_Files_6.1.0_build0112.zip from the support site.
  2. Copy the file to the 5.3.0, 5.3.1, or 5.3.2 Hyper-V instance (for example, /svn/53x-settings) that you are planning to migrate to 6.1.0.
  3. Unzip the .zip file:

    # cd /svn/53x-settings

    # unzip FSM_Backup_5.3_Files_6.1.0_build0112.zip

Run the Backup Script and Shutdown System

Follow these steps to run the backup script:

  1. Go to the directory that contains the backup-config file, for example:

    # cd /svn/53x-settings/fsm-53x-backup-config

  2. Run the sh backup script to backup the 5.3.0, 5.3.1, or 5.3.2 settings that will be migrated later into the new 6.1 OS.

    # sh backup

  3. Shutdown the system.

    # shutdown -h now

Migrate All-in-one Installation

Download and Uncompress the 6.1.0 Hyper-V Root VHDX

Download the compressed FortiSIEM Hyper-V root VHDX migration. Follow these steps:

  1. Download the file FortiSIEM-HyperV-6.1.0.0112.zip from the support site.
  2. Copy the file to your 5.3.0, 5.3.1, or 5.3.2 Hyper-V host that is currently running the 5.3.0, 5.3.1, or 5.3.2 instance.
  3. Use unzip tools to uncompress the .zip file to obtain the FortiSIEM-HyperV-6.1.0.0112.zip file. Store it in the same folder where you have your 5.3.0, 5.3.1, or 5.3.2 disks.

Modify the 5.3.0, 5.3.1, or 5.3.2 Instance to use new VHDX

  1. Open the Hyper-V Manager and select your 5.3.0, 5.3.1, or 5.3.2 VM.
  2. Right-click on the VM, the click Settings.

  3. Navigate to the first hard drive under IDE Controller 0. Click Browse and select the new 6.1 VHDX you just uncompressed. Click Open.

  4. Navigate to Processor, change 8 vCPUs to 16.
  5. Navigate to Memory, change 16GB to 64GB. Click Apply.

  6. Click SCSI Controller, Hard Drive, Click Add. Similar to Fresh Install steps 12- 19, add a new hard drive of size 100GB for the /opt partition. Below is a screen shot of the final screen of Add new hard drive.

  7. Click OK on the VM settings screen to complete making changes to the VM for migration.

  8. Connect to the VM Console and Start the VM from Hyper-V Manager.

  9. The system will start with the FortiSIEM 6.1 OS.

  10. The system will boot up. When the command prompt window opens, log in with the default login credentials: user: root and Password: ProspectHills.
  11. You will be required to change the password. Remember this password for future use.

Migrate to FortiSIEM 6.1.0

  1. Find the device name of the original 5.3.0, 5.3.1, or 5.3.2 SVN volume using fdisk -l and mount it to /mnt. This contains the backup of 5.3.0, 5.3.1, or 5.3.2 system settings that will be used during migration. Copy the 5.3.0, 5.3.1, or 5.3.2 settings that were previously backed up and then umount /mnt, for example:

    # mount /dev/sdb1 /mnt

    # mkdir /restore-53x-settings

    # cd /restore-53x-settings

    # rsync -av /mnt/53x-settings/. .

    # ln -sf /restore-53x-settings /images

    # umount /mnt

  2. Run the configFSM.sh command to configure the migration via a GUI, for example:

    # configFSM.sh

  3. In the Configure TIMEZONE screen of the GUI select 2 No. Press Next.

  4. Select your node type: Supervisor, Worker, or Collector. This step is usually performed on Supervisor. Press Next.

  5. On the Configure Supervisor screen, select the operation 6 migrate_6_1_0. Press Next.

  6. Test network connectivity by entering a host name that can be resolved by your DNS Server (entered in the previous step) and responds to ping. The host can either be an internal host or a public domain host like google.com. Press Next.

  7. Click Run on the confirmation page once you make sure all the values are correct. The options for the configureFSM.py script are described in the table here.

  8. Wait for the operations to complete, and system to reboot.

  9. Login to the system after a few minutes. Wait several more minutes for all processes to start up. Execute the phstatus command, for example:

    # phstatus

  10. Remove the restored settings directories because you no longer need them, for example:

    # rm -rf /restore-53x-settings

    # rm -rf /svn/53x-settings

    # rm -f /images

Migrate Cluster Installation

This section provides instructions on how to migrate Supervisor, Workers, and Collectors separately in a cluster environment,

Delete Workers

  1. Login to the Supervisor.
  2. Go to Admin > License > Nodes and delete the Workers one-by-one.
  3. Go to the Admin > Cloud Health page and make sure that the Workers are not present.

    Note that the Collectors will buffer events while the Workers are down.

  4. Shutdown the Workers.

    SSH to the Workers one-by-one and shutdown the Workers.

Migrate Supervisor

Follow the steps in Migrate All-in-one Installation to migrate the supervisor node. Note: FortiSIEM 6.1.0 does not support Worker or Collector migration.

Install New Worker(s)

Follow the steps in Cluster Installation > Install Workers to install new Workers. You can either keep the same IP address or change the address.

Register Workers

Follow the steps in Cluster Installation > Register Workers to register the newly created 6.1.0 Workers to the 6.1.0 Supervisor. The 6.1.0 FortiSIEM Cluster is now ready.

Set Up Collector-to-Worker Communication

  1. Go to Admin > Systems > Settings.
  2. Add the Workers to the Event Worker or Query Worker as appropriate.
  3. Click Save.

Working with Pre-6.1.0 Collectors

Pre-6.1.0 Collectors and agents will work with 6.1.0 Supervisor and Workers. You can install 6.1.0 collectors at your convenience.

Install 6.1.0 Collectors

FortiSIEM does not support Collector migration to 6.1.0. You can install new 6.1.0 Collectors and register them to 6.1.0 Supervisor in a specific way so that existing jobs assigned to Collectors and Windows agent associations are not lost. Follow these steps:

  1. Copy the http hashed password file (/etc/httpd/accounts/passwds) from the old Collector.
  2. Disconnect the pre-6.1.0 Collector.
  3. Install the 6.1.0 Collector with the old IP address by the following the steps in Cluster Installation > Install Collectors.
  4. Copy the saved http hashed password file (/etc/httpd/accounts/passwds) from the old Collector to the 6.1.0 Collector.

    This step is needed for Agents to work seamlessly with 6.1.0 Collectors. The reason for this step is that when the Agent registers, a password for Agent-to-Collector communication is created and the hashed version is stored in the Collector. During 6.1.0 migration, this password is lost.

Register 6.1.0 Collectors

Follow the steps in Cluster Installation > Register Collectors, with the following difference: in the phProvisionCollector command, use the --update option instead of --add. Other than this, use the exactly the same parameters that were used to register the pre-6.1.0 Collector. Specifically, use this form of the

phProvisionCollector command to register a 6.1.0 Collector and keep the old associations:

# /opt/phoenix/bin/phProvisionCollector --update <user> '<password>' <Super IP or Host> <Organization> <CollectorName>

The password should be enclosed in single quotes to ensure that any non-alphanumeric characters are escaped.

Re-install new Windows Agents with the old InstallSettings.xml file. Both the migrated and the new agents will work. The new Linux Agent and migrated Linux Agent will also work.