Learn to use AI like a Pro. Learn More

Step-by-Step Guide

Fortisiem linux agent Installation and configuration

Estimated read time: 1:20

    Learn to use AI like a Pro

    Get the latest AI workflows to boost your productivity and business performance, delivered weekly by expert consultants. Enjoy step-by-step guides, weekly Q&A sessions, and full access to our AI workflow archive.

    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo
    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo

    Summary

    In this video, the creator guides viewers through the process of integrating a Linux server with Fortisiem using the Linux agent script on Ubuntu 24.04 LTS server. The tutorial explains how to collect and monitor logs and security events from the server with a comprehensive walkthrough. Key steps include downloading and installing the Linux agent, configuring SSH, creating necessary directories and user accounts, and setting up Fortisiem to process and analyze logs. The creator also demonstrates setting up the Fortisim collector and ensuring proper communication between components, enabling effective monitoring and management of security events.

      Highlights

      • The video guides users through the integration of a Linux server with Fortisiem using a Linux agent script on Ubuntu 24.04 LTS. πŸ”—
      • It covers SSH installation for secure communication and directory setup for transferring the installer. πŸ“‚
      • The creator explains user account creation for linking the Linux agent to Fortisiem effectively. πŸ‘₯
      • Users are shown how to configure Fortisiem to ensure it receives and analyzes logs precisely. πŸ“ˆ
      • The tutorial includes setting up a Fortisiem collector to handle event uploads and data processing efficiently. πŸ“Š

      Key Takeaways

      • Learn how to integrate a Linux server with Fortisiem using the Linux agent script on Ubuntu 24.04 LTS. πŸ› οΈ
      • Understand how to configure SSH and necessary directories for seamless data transfer. πŸ”’
      • Follow steps to create user accounts for linking the Linux agent to Fortisiem. πŸ‘€
      • Delve into setting up Fortisiem collector for effective log analysis and monitoring. πŸ”
      • Gain insights into configuring Fortisiem for optimal data processing and security events handling. 🌐
      • Witness a seamless integration step-by-step, ensuring triumph over technical complexities. πŸŽ‰

      Overview

      In this comprehensive tutorial, our creator takes on the task of integrating a Linux server with Fortisiem step by step. Starting with setting up the environment on Ubuntu 24.04 LTS, the video meticulously covers each detail to ensure viewers can seamlessly follow along. From downloading the required Linux agent to configuring SSH, every aspect is explained with precision.

        Viewers will appreciate the clear instructions on creating necessary directories and user accounts that are vital for the smooth integration process. The setup includes demonstrating how to leverage Windows PowerShell for moving the Linux installer agent and ensuring directory permissions are correctly managed. With everything in place, the video shifts focus to employing Fortisiem's capabilities to manage logs.

          Overall, this guide illustrates not only the technical steps required but also provides insights into monitoring and optimizing security through Fortisiem’s features. From configuring the Fortisiem collector to ensuring data flows seamlessly into Fortisiem, the video leaves no stone unturned, equipping users with the competence to enhance their server's monitoring capabilities.

            Chapters

            • 00:00 - 00:30: Introduction and Overview The video introduces viewers to integrating a Linux server, specifically using Ubuntu 24.04 LTS, with the Linux agent script. The host welcomes viewers and provides an overview of what will be covered in the tutorial.
            • 00:30 - 01:30: Preparing the Server and Documentation Review This chapter discusses the preparation needed for setting up a server to collect logs and monitor security events. The focus is on a Linux server and involves reviewing documentation from Fortnite to ensure proper setup and functionality.
            • 01:30 - 03:00: Downloading and Installing the Linux Agent This chapter discusses the process of downloading and installing the Linux Agent, specifically for Ubuntu versions 14, 16, up to 24. It emphasizes the necessity of having a 'peruser' package installed and provides initial steps to start the installation process.
            • 03:00 - 05:00: SSH Installation and Preparation for Agent Installation The chapter titled 'SSH Installation and Preparation for Agent Installation' focuses on the process of installing SSH on a server. It also covers the preliminary steps required to prepare the server for agent installation. The chapter starts with a brief mention of initializing the server installation.
            • 05:00 - 06:30: Creating Directory and Copying Installer This chapter focuses on downloading and setting up the Linux agent. It begins with accessing the support portal at support.14.com to obtain the necessary Linux agent. The process includes downloading the agent and ensuring it is uploaded onto the Linux server's desktop, preparing it for installation.
            • 06:30 - 08:00: Creating User for Integration The chapter explains the process of creating a user for integration. The user is instructed to navigate to the support firmware download section, perform a search for the specific firmware version mentioned ('7 0 7.3 three'), and download it.
            • 08:00 - 10:30: Running the Installation Command The chapter focuses on the process of running the installation command for a Linux agent. It mentions a specific file, 'Linux aent 7.3.2 to zip', that needs to be downloaded as part of this process. The chapter instructs the reader to download this file and indicates a wait time for the download to complete, which is an essential step in updating the firmware.
            • 10:30 - 15:00: Testing Installation and Setting Up Photosim The chapter focuses on setting up Photosim by first installing SSH on an Ubuntu server. It guides the reader through the process of installing the SSH server using specific commands.
            • 15:00 - 20:00: Installing FortiSIEM Collector Chapter Title: Installing FortiSIEM Collector The chapter covers the installation of the FortiSIEM Collector. It briefly mentions that SSH has been installed and proceeds with downloading an unspecified item, indicating it is located under the downloads section. The transcript doesn't provide further details on the installation process or additional steps involved.
            • 20:00 - 27:00: Registering Collector with FortiSIEM The chapter provides instructions on setting up a directory on a Linux server to install the FortiSIEM Linux installer. It involves copying the installer from a Windows environment to the Linux server and ensuring the directory has the appropriate permissions.
            • 27:00 - 34:00: Agent and Host Template Configuration This chapter focuses on the process of agent and host template configuration. It begins with an introduction on the usage of the SAP command, indicating its relevance and application in setting up templates. Further details on configuring the templates are covered, highlighting key steps and considerations to ensure optimal setup and integration. The chapter serves as a guide for IT professionals seeking to efficiently manage and deploy templates within SAP systems. Additional insights and best practices might be shared to enhance understanding and execution.
            • 34:00 - 39:00: Final Configuration and Verification This chapter guides the reader through the process of final configuration and verification in a system setup. It involves using the Windows PowerShell to perform tasks related to copying files in a Linux environment. Readers are expected to grasp how to use PowerShell commands to facilitate operations across different operating systems.

            Fortisiem linux agent Installation and configuration Transcription

            • 00:00 - 00:30 Hi, welcome once again to my channel and in this video I'm going to show you how to integrate Linux server to uh for and currently I'm running uh Linux uh I'm running Ubuntu 24.04 04 uh to LTS uh server and I'm going to use the Linux agent uh script to to integrate uh the
            • 00:30 - 01:00 server to the forim so that we can collect logs, monitor the logs and security events from the uh from the Linux server that we have currently. [Music] So uh if you check the documentation from for uh Fortnite we'll
            • 01:00 - 01:30 see that um the for currently support Ubuntu 1416 up to 24 and we need to also uh you know have a peruser package we need to install which is this. So I would start with installing uh this directly. So these are Linux
            • 01:30 - 02:00 server install. Okay.
            • 02:00 - 02:30 Right. So the next thing for us is to download the Linux agent uh from the support portal. If you go to support the 14.com, we need to download the Linux agent and upload it to the uh Linux servers um desktop so that we can be able to install it. So, so go to services
            • 02:30 - 03:00 uh go to support firmware download then search for the same then download 7 0 7.3 three some
            • 03:00 - 03:30 3.2 then you would see Linux aent 7.3.2 to zip. So we have to download this then your firmware. So let's wait for the download. The Linux agent is
            • 03:30 - 04:00 done. One of the first things we need to do is to install SSH on the Ubuntu server. So let's try and install SSH. So app open uh SSH server.
            • 04:00 - 04:30 So now we've been able to install SSH. Let's move it to download. So it's under downloads. Okay.
            • 04:30 - 05:00 So we need to create a directory on the Linux server uh where we are going to copy and paste the uh 40s Linux installer from the Windows to the Linux and also we are meant to also give it the right permission for the directory to be copied. So let's do that.
            • 05:00 - 05:30 So, we need to use the SAP command from
            • 05:30 - 06:00 the Windows PowerShell to copy the Linux
            • 06:00 - 06:30 um installer agent from the Windows to the Linux server that we want to install it on. So, let's do that.
            • 06:30 - 07:00 So the installer has been copied um into the Linux server. So let's check and uh confirm that we have the agent installer on the Linux server we want to install it
            • 07:00 - 07:30 So let's add same we need to create a username. for the agent that we're going to use so that we can be able to link and integrate the Linux agent directly to photosim. So uh if you come to photosim
            • 07:30 - 08:00 under cmdb you would see user. So under user you see photosim user. Let's create new. So want to create an agent uh username for for this. You can give it any name. So far you can remember the username and the password because we are going to use it for the integration. So let's let's let's name it agent. Then um come to sim
            • 08:00 - 08:30 attributes then under for sim role click on admin agent then give it a password. Um, okay. And let's save it. So, we
            • 08:30 - 09:00 have this name set up. So, the username has been set up. So the next thing is for us to go to the Linux agent um the Linux uh server. Let's go to Linux server and uh from the documentation we need to run this command uh from to install the agent on the Linux. So um if you go to let let me I've copied it to into a note. So this is
            • 09:00 - 09:30 bash for the same Linux agent installer. This is the name of the installer that we we copied uh to the Linux server. Then the super IP is the IP address of the photo sim. Let's copy this which is so let's paste it here. Then the organization ID is one. So if you look at this the
            • 09:30 - 10:00 organization is um super then the scope is local. We need to then the organization name is super. Then the agent ID agent username the one we just created agent. Then the agent password
            • 10:00 - 10:30 is so let's copy this and let's paste it. Let's use puty to sign in to to login. So I use puty to log to I use puty to log to the Linux server. Then in the Linux server we have um ls
            • 10:30 - 11:00 cd. So ls uh cd download. So I'm in directory where the Linux server the Linux agent uh was pasted. So let's just copy and paste uh the command and let's run it. So let's use sudo
            • 11:00 - 11:30 Okay.
            • 11:30 - 12:00 Okay. Yes. What's up?
            • 12:00 - 12:30 And the last
            • 12:30 - 13:00 [Music] one DNS
            • 13:00 - 13:30 use. So, let's go back and now install. Let's run the bash command again, which is this. Now installation installation is successful. So now so let's start the
            • 13:30 - 14:00 agent then. So, we're going to SSH it into the Linux uh server that has the agent installed on it using Puty or any other one. Then we are going to run the following command to start um the
            • 14:00 - 14:30 services.
            • 14:30 - 15:00 Let's go to the for sim and under for
            • 15:00 - 15:30 sim let's go to cmdb and devices. By the time we come here we would have seen that uh Unix uh Linux has been has been added. Let's
            • 15:30 - 16:00 click this. So you can see we have Ubuntu and we have the IP address and the status is the status is currently unmanaged. So let's change this status to approve so that we can move ahead. So what we need to do now is to um go to
            • 16:00 - 16:30 admin and uh create the uh Linux agent template. So under here let's create new. Let's give it Linux. Then um let's also go ahead monitor. Let's check all this uh what we want it to monitor for us. Under sys log also we want a level of um
            • 16:30 - 17:00 information from this. Okay. So you can determine which of these processes you want logs for based on what you want. Then then go to log file. So under log file we want to also monitor um uh directory. You can be able to
            • 17:00 - 17:30 monitor directory on the log uh on the from on the scene from the Linux. So let's try put this directory here for for monitoring sake and I will use my name as as the prefix. So then we can also have what is known as file integrity monitoring by monitoring um what the status and mod
            • 17:30 - 18:00 modification state of each know file within the Linux server. I'll just have to just for us to know who is if any if any log is being modified or we can be able to uh know that as well. Let's save. Then the process monitoring let's just check it. Let's ensure everything is well. Okay,
            • 18:00 - 18:30 let's save. So once this is saved, we've created uh the Linux agent template. The next thing, so the next thing is to assign to host. So let's just name it Linux. And um yeah, we have enixu then
            • 18:30 - 19:00 save. Uh let's click this Linux template and um let's save. So we need to install at least one for sim collector for uh the Linux agent uh to work. So let's quickly do that. So go to admin and um go to settings and config uh cluster
            • 19:00 - 19:30 config. So under the event upload workers we need to put the FQDN of the photosim which is the supervisor there. So instead of using the IP address we'll use the FQDN that means you should have registered it on your DNS. Then also go to admin settings and also go to the FQDN um system and also paste uh the FQDN or photosim in the field there. So you
            • 19:30 - 20:00 should have defined this in your DNS uh server so that the forim IP address will be reservable uh to the DNS. So let's quickly install the 40 sim virtual collector on the VMware Workstation Pro. So uh we are going to use the same image that we use for installing for sim supervisor and we are going to set it up for collector. So um navigate to where the photosim um image
            • 20:00 - 20:30 is that you downloaded earlier. Uh double click it and import it on the VMware Workstation Pro. If you don't know how to do that, kindly watch the uh previous video on how I installed for SIM supervisor allin-one. on.
            • 20:30 - 21:00 of four virtual course that we're going to be using. Then we need to put um add
            • 21:00 - 21:30 additional uh disk for the uh for the SDA uh to be 100 gig uh so that the event can be passed successfully. Then um using that then click okay. Now we can start the the VM center.
            • 21:30 - 22:00 So you'll be required to change the password from the default password so you can give it your own uh password. Make sure you remember the password. So the next thing is to um go
            • 22:00 - 22:30 to CD uh to the bin directory so we can be able to launch the config um wizard. So use this command to lo uh to launch the config uh wizard. Select yes. Um choose your time zone and your country uh time zone. Then
            • 22:30 - 23:00 uh select collector and install without fips. Then uh select next. Next. Uh, next. Choose IPv4. Then give it an IP address. I'll use 230. Then I'll also include my DNS which is 10.1513220 and a public DNS which is 8.8.8.8. Then click next. Then uh make
            • 23:00 - 23:30 sure that you have the 40 uh 40 collector um IP address registered on the DNS so you can be able to you can be able to resolve resolve it. So the the IP address will be resolvable to the FQDN that we're going to set here. So on my DNS I already have uh FSM collector as uh the 230 and you can see my uh photosim IP uh DNS as FSM uh which is
            • 23:30 - 24:00 222. So um I'll give the FQDN FSM collector dot uh cyberpoint.com. Next. Enter. Then next. Then run it. So we would allow this to run. It will take time. Uh by
            • 24:00 - 24:30 the end uh at the end of the whole installation, it will bring out a prompt which is installation successful and it's going to reboot. Ensure that all these take place.
            • 24:30 - 25:00 So SSH we need to um SSH into the uh
            • 25:00 - 25:30 collector now uh using putty uh 10.15.13.230 that we just set up. Then um login with the root and the password that you set up. Then we need to um run this command in order to register it with the photo sim. Um so I have the command in my note
            • 25:30 - 26:00 pad. So let's run this command um and add the admin is the username uh for the photosim and the password of the photosim itself. Then we have the IP address of the forim as supervisor. The super is the organization and uh FSM collector uh was the one we set up initially. So if you go to admin uh setup and uh collector uh we added new and you see the name we gave it is uh 40
            • 26:00 - 26:30 sim collector uh guaranteed EPS 500 upload rate limit and EPS 2,000 and uh we save. So we're using that parameter uh in here to we copy this and we paste it on the uh 40 uh on the 40 sim collector that we um ssh in and we can see that we've been able to successfully register the 40 sim uh collector uh
            • 26:30 - 27:00 virtual collector uh with the system. So if you go to um admin health and collector health, you'll see that the for sim has been successfully integrated. It's still at a critical um stage. The status is going to change data to um normal. So let's continue with the Linux um setup uh Linux agent
            • 27:00 - 27:30 uh setup. So let's go to Linux agent. Then um let's go to host to template association. Click new. Then give it a name. I'll give it Linux. And um I'll select the Linux um agent. Um and also we have the FSM collector. Now select it. Then under the host I will select the Ubuntu server under Unix
            • 27:30 - 28:00 Ubuntu. Then um under device save it then save. Then we are going to apply. So apply this. So yes once it's applied uh we can now see that the agent on the agent on the Linux server will start you know sending logs. So um if you come to CMDB no um let's go to admin and under
            • 28:00 - 28:30 collector you would see that we have collector installed and the state health is normal and you can see that we have all know event passers know coming through them. Then if you go to the agent earth which is for the photosim you can see we have all the process and um the resources be the uptime CPU
            • 28:30 - 29:00 network and disk utilization um being uh sent to photosyn then um under cmdb let's go back to uh Ubuntu you know you can see that this uh Ubuntu server that we installed which is 10.151 and agent logs. If you click on this, if you double click on
            • 29:00 - 29:30 it, so you will see summary of the um the server, the IP addresses, device type, the head and also the performances in terms of categories, severity and all the uh properties uh in terms of interfaces, processors and all that. Coming to properties uh auto monitor. We can see that the agent got some level of event um some couple of minutes ago and we can see all the other
            • 29:30 - 30:00 resources on the uh Linux uh server. Then we can also see all the running applications and um hardware storage configuration. Then another thing is also that we can also look at the logs. Uh if you look at details uh one minute okay seen all this then when you
            • 30:00 - 30:30 come come to incences you would see all the events being sent uh from Ubuntu server. You can see Linux file content Ubuntu discovery via buin system network connections as per security. Under security we have all these agent file. This is file integrity monitoring being sent from the Linux server. So we have uh successfully installed and integrated
            • 30:30 - 31:00 uh the the Linux server uh to photosim and it's getting you know uh logs and events from the for sims from the Linux server. Huh?
            • 31:00 - 31:30 Free audio post production. by alphonic.com.