FortiSIEM Moving CMDB to a separate Database Host

Leave a reply

Moving CMDB to a separate Database Host

It is desirable to move the CMDB (postgres) database to a separate host for the following reasons:

  1. In larger deployments, reduce the database server load on the supervisor node in order to allow more resources for application server and other backend modules
  2. Whenever high availability for CMDB data is desired, it is easier and cleaner to set up separate hosts with postgres replication that are managed separately than do this on the embedded postgres on the supervisor. This is especially true in AWS environment where AWS Postgresql Relational Database Service (RDS) is just a few clicks to set up a DB instance that replicates across availability zones and automatically does failover
Freshly Installed Supervisor

 

Install separate Postgresql DB servers or AWS RDS instance in Multi-AZ mode. Use Postgresql version 9.1 or greater. I’ll use the RDS
example in the remaining steps. For instance, let’s say the hostname of RDS in us-west-2 region is

phoenixdb.XXXXXX.us-west-2.rds.amazonaws.com on port 5432 with username ‘phoenix’, DB name ‘phoenixdb’ and password ‘YYYYYYYY’. You will need to allow super and worker nodes to be able to connect to port 5432 on the RDS service. You will have to change security groups to allow this

  1. Make sure the above RDS host is reachable from FortiSIEM supervisor
  2. Install FortiSIEM supervisor node and configure it as usual including adding a license
  3. Stop all the running services so that CMDB will not be modified further 5. Dump the CMDB data in the local postgres DB into a local file 6.  Import schema/data into the external postgres.
  4. Change phoenix_config.txt to add DB_SERVER_* info
  5. Change glassfish application server’s domain.xml to point to the external CMDB server
  6. Change phoenix_config.txt to remove checking for postgres process 10. Disable postgres from starting up

 

 

Production / Existing Supervisor
  1. Install and have the external postgres ready as described at the beginning of the previous section
  2. Take point-in-time snapshots of supervisor to revert back if you hit any issue
  3. Stop crond on super, and wait for phwatchdog to stop
  4. Stop Apache on super and all workers so that collectors start buffering events
  5. Shutdown the worker nodes while you move CMDB out
  6. Follow the instructions from “Freshly Installed Supervisor” to complete the steps
Related articles

FortiSIEM Windows Agent and Agent Manager Install

Moving CMDB to a separate Database Host

FortiSIEM Windows Agent and Agent Manager Install

FortiSIEM can discover and collect performance metrics and logs from Windows Servers in an agent less fashion via WMI. However agents are
needed when there is a need to collect richer data such as file integrity monitoring and from a large number of servers.

This section describes how to setup FortiSIEM Windows Agent and Agent Manager as part of FortiSIEM infrastructure.

 

 

This entry was posted in Administration Guides, Fortinet GURU, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.