- Site Collector Overview
- Get Started with Site Collectors
- Install Site Collector
- Set Up Collectors
- Manage Site Collectors
- Site Collector Monitoring
- Troubleshoot the Site Collector
- Pre-checks failed during Site Collector installation and upgrade
- Site Collector UI shows the status INSTALLATION_ERROR
- Download Support Packages for Troubleshooting
- How to reboot the Virtual Machine (VM) successfully to apply security updates?
- What information must be added while creating a support ticket to resolve an issue?
- Site Collector UI is not displaying the heartbeats
- Splunk Collector can't be set up
- Splunk Collector is set up however, logs are not reaching DL/AA
- Only a few of the installed Splunk Collectors are processing logs or EPS has dropped by 50% as compared to last hour
- The Windows Active Directory Collector (formerly known as LDAP Collector) is set up, however, the context data is not reaching DL/AA
- The Windows Active Directory Collector (formerly known as LDAP Collector) is stuck in the ‘Update’ mode after deployment
- Installation is initiated; however, the collector shows the status as ‘Setting Up’ for some time
- Data Lake and Advanced Analytics Does Not Show Context Data
- Context Data from Windows Active Directory Collector is Segmented
- Minifi Permission Denied - Logback.xml File Missing and Config File Update - Failed Error Occurred while Installing the Windows Event Log Collector
- Where should I upload proxy certificates if I am running proxy with TLS interception?
- How to upgrade Linux collector instance?
Set Up Fortinet Collector
Fortinet Collector is a customized Syslog Collector which is designed to fetch log data specifically encoded with Octet Counting framing strategy such as Fortinet in which a transport receiver uses a defined message length to delimit a syslog message.
Fortinet Collector (also called as Syslog with Octet Counting) fetches syslog logs from various sources and pushes the logs to Exabeam Security Operations Platform for further processing. The Fortinet Collector supports only TCP/TLS protocol. For pulling Fortinet data through UDP, use the Syslog Collector.
To set up the Fortinet collector:
Log in to the Exabeam Security Operations Platform with your registered credentials.
Navigate to Collectors > Site Collectors.
Ensure that Site Collector is installed and in running state.
On the Site Collector page, click the Collectors Library tab, then click Fortinet.
In the Definition section, enter the required information as follows.
Collector Name – Specify a name for the Fortinet collector.
Note
Ensure that you specify different names for Site Collector instance and the Fortinet collector.
Site Collector Instance – Select the site collector instance for which you want to install the Fortinet collector.
Port – Enter the TCP port number of the Fortinet server, from the supported port range 1024 - 49151.
Note
If you use port 514, forward the port on the Site Collector VM and set up the Fortinet Collector with port 1514 or any other port from the supported port range.
Click Next.
In the Authentication section, select the required protocol: TCP. TCP helps for transmitting Syslog data over TCP securely and for ensuring reliable and ordered data transmission between networks. To configure a secure syslog ingestion, select TCP and enable the Secure Connection option.
To enable secure and encrypted TLS communication between your Fortinet server and the Fortinet Collector, download the Exabeam generated security certificates. Click Default Certificate, and click Download Certificate. Then save and apply the downloaded certificates on your Fortinet server.
Note
If you want to ingest Fortinet data via UDP, use the Syslog Collector.
To set up the Fortinet collector, click Setup.
The configuration for Fortinet Collector is complete. The collector is set up and ready to receive the logs pushed by Fortinet sources.
