Technical Tip: FortiPAM secret-related logs not parsed correctly by FortiAnalyzer

When FortiPAM v1.7 or v1.8 sends logs to FortiAnalyzer v7.2.x or below, the secret logs are not parsed correctly. These logs are parsed as if generated by a FortiGate instead:

Therefore, FortiAnalyzer v7.2.x displays these logs within the FortiGate/Traffic section. This behavior occurs because FortiAnalyzer v7.2.x lacks full support for FortiPAM v1.7 and v1.8 secret-related logs.

FortiAnalyzer v7.6.6, instead, can correctly parse FortiPAM v1.7 and v1.8 secret-related logs:

To verify which FortiPAM versions are supported by the current firmware, run the following command on the FortiAnalyzer CLI:

diagnose dvm supported-platforms list

Output on FortiAnalyzer v7.2.10:

Supported Versions:                 version: 100, mr: 0, branchpt: 0-416                 version: 100, mr: 1, branchpt: 417-9999          FortiPAM-1000G FPA1KG FPA1KG v1.0/1.1         FortiPAM-3000G FPA3KG FPA3KG v1.0/1.1         FortiPAM-AWS FPAAWS FPAAWS v1.0/1.1                 <alias> FPAV0E                 <alias> FPAVUL         FortiPAM-Azure FPAAZU FPAAZU v1.0/1.1                 <alias> FPAV0E                 <alias> FPAVUL         FortiPAM-GCP FPAGCP FPAGCP v1.0/1.1                 <alias> FPAV0E                 <alias> FPAVUL         FortiPAM-HyperV FPAHYV FPAHYV v1.0/1.1                 <alias> FPAV0E                 <alias> FPAVUL         FortiPAM-KVM FPAKVM FPAKVM v1.0/1.1                 <alias> FPAV0E                 <alias> FPAVUL         FortiPAM-VM64 FPAV64 FPAV64 v1.0/1.1                 <alias> FPAV0E                 <alias> FPAVUL 

Output on FortiAnalyzer v7.6.6:

Supported Versions:                 version: 100, mr: 0, branchpt: 0-416                 version: 100, mr: 1, branchpt: 417-677                 version: 100, mr: 2, branchpt: 678-847                 version: 100, mr: 3, branchpt: 848-1112                 version: 100, mr: 4, branchpt: 1113-1167                 version: 100, mr: 5, branchpt: 1168-1225                 version: 100, mr: 6, branchpt: 1226-1439                 version: 100, mr: 7, branchpt: 1440-1663                 version: 100, mr: 8, branchpt: 1664-9999          FortiPAM-100G FPA1HG FPA1HG v1.7/1.8         FortiPAM-400G FPA4HG FPA4HG v1.7/1.8         FortiPAM-1000G FPA1KG FPA1KG v1.0/1.1/1.2/1.3/1.4/1.5/1.6/1.7/1.8         FortiPAM-1100G FPA11G FPA11G v1.7/1.8         FortiPAM-3000G FPA3KG FPA3KG v1.0/1.1/1.2/1.3/1.4/1.5/1.6/1.7/1.8         FortiPAM-3100G FPA31G FPA31G v1.7/1.8         FortiPAM-AWS FPAAWS FPAAWS v1.0/1.1/1.2/1.3/1.4                 <alias> FPAV0E                 <alias> FPAVUL         FortiPAM-Azure FPAAZU FPAAZU v1.0/1.1/1.2/1.3/1.4/1.5/1.6/1.7/1.8                 <alias> FPAV0E                 <alias> FPAVUL         FortiPAM-GCP FPAGCP FPAGCP v1.0/1.1/1.2/1.3/1.4                 <alias> FPAV0E                 <alias> FPAVUL         FortiPAM-HyperV FPAHYV FPAHYV v1.0/1.1/1.2/1.3/1.4                 <alias> FPAV0E                 <alias> FPAVUL         FortiPAM-KVM FPAKVM FPAKVM v1.0/1.1/1.2/1.3/1.4/1.5/1.6/1.7/1.8                 <alias> FPAV0E                 <alias> FPAVUL         FortiPAM-VM64 FPAV64 FPAV64 v1.0/1.1/1.2/1.3/1.4                 <alias> FPAV0E                 <alias> FPAVUL 

Note: Due to a bug (fixed in FortiAnalyzer v7.6.6), FortiAnalyzer version 7.6.5 and below cannot display Secret File logs in the GUI.

FortiAnalyzer v7.6.6 provides full support for both parsing and displaying FortiPAM v1.7 and v1.8 secret-related logs.