Deleting Organizations
- Log into your Supervisor node as a Super/Global user.
- Go to Admin > Setup Wizard > Organizations.
- Write down the ID of the organization you want to delete.
- Go to Admin > Collector Health.
Note the IP Address and Collector Name of any Collectors associated with the organization you want to delete.
- Log out of your Supervisor node.
- SSH into the Collector hosts for the organization as root.
- Using phTools, stop the Collector processes.
- Power down the Collector.
- Log back into your Supervisor node as an Admin user for the organization you want to delete.
- Go to CMDB > Devices.
- Delete all devices in both the Device View and the VM View.
- Go to CMDB > Device View > Users, and delete all users except for the default admin account under which you are currently logged in.
- Go to Admin > Setup Wizard > Synthetic Transaction Monitoring and delete all STM tests.
- Log out of your Supervisor node, and then log back in as the Super/Global user.
- Go to Admin > Collector Health.
- Delete the organization’s Collectors.
Issues with Deleting Collectors Because of In-Memory Processes
You may encounter issues with deleting Collectors if there are processes in memory on the Supervisor that are related to Collector status that are updated to the CMDB. If you encounter these issues, please contact FortiSIEM Support.
- Delete the organization.
- Log out of your Supervisor node.
- SSH into the Supervisor host machine as root.
- In the /data directory, delete the eventdb database for that organization.
Finding the Right EventDB Database
You can tell which EventDB belongs to the organization you want to delete based on the organization ID that you wrote down in Step 3. For example, if the organization ID is 2005, you would look for /data/eventdb/CUSTOMER_2005 as the database to delete. Be careful that you don’t delete the EventDB for a continuing organization.