Submit Search

Administrator Tools

This topic describes administration tools and scripts that are included with your FortiSIEM deployment, along with information on where to find and how to use them.

Tool	Description	How to Use It
listElasticEventAttributes.sh	listElasticEventAttributes gathers Elasticsearch event attributes for the number of days specified with the `days` value. This data is provided in a .CSV file that can be used to prepare a custom Elastic Search Event Attribute Template file. This file can be uploaded to replace the default Event Attribute template, potentially reducing the number of Event Attributes that Elasticsearch needs to search by default. For information on where to upload the custom file, see Configuring a Native, AWS, or Cloud Elasticsearch database. Note: You can change an Event Attribute type per your requirements if the default type is not suitable, but you will need to upload the custom Event Attribute template afterward.	Located in `/opt/phoenix/config/javaQueryServer/`. Usage `[root@FortiSIEM]#listElasticEventAtributes.sh destURL httpPort(9200) [user passwd] days socketTimeoutInMinute outputFile` `destURL` - The destination URL, normally the Elasticsearch URL. `httpPort` - The port number used to connect to Elasticsearch. `user` and `password` - Use your login username and password to access Elasticsesarch. days - The number of days you want this custom configuration to be applied, starting when the custom template is added to your Elasticsearch database configuration. socketTimeoutInMinute- The maximum time out period value in minutes for the socket . `outputFile` - The name you wish to name your output file. Example: `[root@FortiSIEM javaQueryServer# ./listElasticEventAttributes.sh https://172.30.56.180 9200 "username" "password" 3 10 /tmp/1.csv`
phClickHouseCSVExport	Used to export event information from FortiSIEM ClickHouse events to a CSV file.	See phClickHouseCSVExport in Exporting Events to Files.
phClickHouseImport	Used to import event information from eventDB to ClickHouse database.	See phClickHouseImport in Import Tools.
phExportESEvent	Used to export event information from FortiSIEM Elasticsearch events to a CSV file.	See phExportESEvent in Exporting Events to Files.
phExportEvent	A script to selectively delete event data per org and time interval . Used to export event information from FortiSIEM eventDB or Archive location to a CSV file.	See phExportEvent in Exporting Events to Files.
phTools	phTools is a simple tool for starting and stopping backend processes, and for getting change log information. When you upgrade your deployment, for example, you would use phTools to stop all backend processes.	Log in to the FortiSIEM host machine as `root`. Usage `[root@FortiSIEM]#phtools` Commands: --changelog, --start, --stop, --stats Target: ALL `--change-log` also supports `ERROR, TRACE, INFO,DEBUG, CRITICAL`
TestDBPurger	Use Only to Delete Data for a Single Date: You should only use this script to delete data for a single date and organization. If you try to delete data for multiple dates, the script will fail.	You can find the script at `/opt/phoenix/bin/TestDBPurger`. Run it in terminal mode and follow the instructions.
TestESSplitter	Run the TestESSplitter tool from a Supervisor or Worker node to export events from ElasticSearch to FortiSIEM eventDB format.	See TestESSplitter in Exporting Events to Files.
TestSegmentReader	Test Segment Reader is used to quickly read data segments in the eventdb through the command line. You can use this to manually inspect data integrity and parsed event attributes.	Log in to the FortiSIEM host machine as `root`. Usage `[root@FortiSIEM]#TestSegmentReader <segmentDir>`

Copyright © 2024 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy