Knowledge Base
ConfigSentry

Collector Requirements

What an On-Premise Collector host must provide before installation.

Download the collector bundle, extract it to a local folder, run it once, provide any Enter Locally values if prompted, and let it install its watchdog service entry automatically.

1. Network and Access

  • Unproxied outbound HTTPS access to https://www.secdit.com/configsentry/.
  • Connectivity to each configured appliance host and SSH port.
  • SSH credentials with sufficient privilege to read the full configuration. Recommended role: Read-Only Admin.

2. Windows Collector (.exe)

  • Windows 10 / 11, or Windows Server 2019 or later.
  • Permission to create a Windows Task Scheduler entry.
  • Permission to allow the collector syslog listener through Windows Firewall if syslog-triggered collection is enabled.

3. Linux / FreeBSD Collector Scripts

  • php-cli installed and available on PATH.
  • Either curl or wget installed.
  • Either bsdtar, tar with .tar.gz support, or PHP ZIP support as required by the current runtime package.
  • Permission to install a cron entry for the collector watchdog.

4. Syslog-Triggered Collection

The collector can listen for FortiGate configuration-change syslog messages and trigger a targeted collection run.

  • Default listener: 0.0.0.0:514.
  • The listen IP and UDP port can be configured from the collector page or entered locally.
  • If syslog-triggered collection is enabled, the collector service must be left running continuously.

5. FortiGate Syslog Configuration

Apply these commands on your FortiGate to send config-change syslog events to the collector. Replace syslogd with syslogd2, syslogd3, or syslogd4 to use a different syslog server slot.

config log syslogd setting
  set status enable
  set server "[collector server ip]"
  set port [custom port]
end

config log syslogd filter
  config free-style
    edit 99
      set category event
      set filter "(logid 0100044546 0100044547)"
    next
  end
end

The set port line is only required when using a custom port; omit it to use the default port 514. On a multi-vdom firewall, run these commands under the config global context.

6. Operational Notes

  • The collector service should remain enabled so scheduled collections and syslog-triggered collections can run automatically.
  • If the collector is not running continuously, syslog-triggered collection will not work.
  • Collector updates and config updates are downloaded from the secdit website according to the collector settings.
Back to Knowledge Base
Windows Install Guide Linux Install Guide