faz_cli_system_logforward – Log forwarding.

New in version 2.10.

Synopsis

• This module is able to configure a FortiAnalyzer device.
• Examples include all parameters and values need to be adjusted to data sources before usage.

Requirements

The below requirements are needed on the host that executes this module.

• ansible>=2.9.0

FortiAnalyzer Version Compatibility

	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
cli_system_logforward	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes	yes

Parameters

• enable_log - Enable/Disable logging for task type: bool required: false default: False
• proposed_method - The overridden method for the underlying Json RPC request type: str required: false choices: set, update, add
• bypass_validation - Only set to True when module schema diffs with FortiAnalyzer API structure, module continues to execute without validating parameters type: bool required: false default: False
• rc_succeeded - The rc codes list with which the conditions to succeed will be overriden type: list required: false
• rc_failed - The rc codes list with which the conditions to fail will be overriden type: list required: false
• state - The directive to create, update or delete an object type: str required: true choices: present, absent
• cli_system_logforward - Log forwarding. type: dict
• agg-archive-types - No description for the parameter type: array choices: [Web_Archive, Secure_Web_Archive, Email_Archive, File_Transfer_Archive, IM_Archive, MMS_Archive, AV_Quarantine, IPS_Packets] more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  agg-archive-types	True	True	True	True	True	True	True	True	True	True	True	True

• agg-logtypes - No description for the parameter type: array choices: [none, app-ctrl, attack, content, dlp, emailfilter, event, generic, history, traffic, virus, webfilter, netscan, fct-event, fct-traffic, fct-netscan, waf, gtp, dns, ssh, ssl, file-filter, asset, protocol, siem, ztna] more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  agg-logtypes	True	True	True	True	True	True	True	True	True	True	True	True

• agg-password - No description for the parameter type: str more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  agg-password	True	True	True	True	True	True	True	True	True	True	True	True

• agg-time - Daily at. type: int default: 0 more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  agg-time	True	True	True	True	True	True	True	True	True	True	True	True

• agg-user - Log aggregation access user name for server. type: str more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  agg-user	True	True	True	True	True	True	True	True	True	True	True	True

• device-filter - No description for the parameter type: array more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  device-filter	True	True	True	True	True	True	True	True	True	True	True	True

  • action - Include or exclude the specified device. type: str choices: [include, exclude, include-like, exclude-like] default: include more...

    	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
    action	True	True	True	True	True	True	True	True	True	True	True	True

  • device - Device ID of log client device, or a wildcard expression matching log client device(s) if action is a like action. type: str more...

    	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
    device	True	True	True	True	True	True	True	True	True	True	True	True

  • id - Device filter ID. type: int default: 0 more...

    	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
    id	True	True	True	True	True	True	True	True	True	True	True	True

  • adom - Adom name or (null) for all adoms, or a wildcard expression matching adom(s) if action is a like action. type: str more...

    	7.2.0
    adom	True

• fwd-archive-types - No description for the parameter type: array choices: [Web_Archive, Email_Archive, IM_Archive, File_Transfer_Archive, MMS_Archive, AV_Quarantine, IPS_Packets, EDISC_Archive] more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  fwd-archive-types	True	True	True	True	True	True	True	True	True	True	True	True

• fwd-archives - Enable/disable forwarding archives. type: str choices: [disable, enable] default: enable more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  fwd-archives	True	True	True	True	True	True	True	True	True	True	True	True

• fwd-facility - Facility for remote syslog. type: str choices: [kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, clock, authpriv, ftp, ntp, audit, alert, cron, local0, local1, local2, local3, local4, local5, local6, local7] default: local7 more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  fwd-facility	True	True	True	True	True	True	True	True	True	True	True	True

• fwd-log-source-ip - Logs source IP address (no effect for reliable forwarding). type: str choices: [local_ip, original_ip] default: local_ip more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  fwd-log-source-ip	True	True	True	True	True	True	True	True	True	True	True	True

• fwd-max-delay - Max delay for near realtime log forwarding. type: str choices: [realtime, 1min, 5min] default: 5min more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  fwd-max-delay	True	True	True	True	True	True	True	True	True	True	True	True

• fwd-reliable - Enable/disable reliable logging. type: str choices: [disable, enable] default: disable more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  fwd-reliable	True	True	True	True	True	True	True	True	True	True	True	True

• fwd-secure - Enable/disable TLS/SSL secured reliable logging. type: str choices: [disable, enable] default: disable more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  fwd-secure	True	True	True	True	True	True	True	True	True	True	True	True

• fwd-server-type - Forwarding all logs to syslog server or FortiAnalyzer. type: str choices: [syslog, fortianalyzer, cef, syslog-pack] default: fortianalyzer more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  fwd-server-type	True	True	True	True	True	True	True	True	True	True	True	True

• id - Log forwarding ID. type: int default: 0 more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  id	True	True	True	True	True	True	True	True	True	True	True	True

• log-field-exclusion - No description for the parameter type: array more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  log-field-exclusion	True	True	True	True	True	True	True	True	True	True	True	True

  • dev-type - Device type. type: str choices: [FortiGate, FortiManager, Syslog, FortiMail, FortiWeb, FortiCache, FortiAnalyzer, FortiSandbox, FortiDDoS, FortiNAC, FortiDeceptor, FortiADC, FortiFirewall] default: FortiGate more...

    	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
    dev-type	True	True	True	True	True	True	True	True	True	True	True	True

  • field-list - List of fields to be excluded. type: str more...

    	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
    field-list	True	True	True	True	True	True	True	True	True	True	True	True

  • id - Log field exclusion ID. type: int default: 0 more...

    	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
    id	True	True	True	True	True	True	True	True	True	True	True	True

  • log-type - Log type. type: str choices: [app-ctrl, appevent, attack, content, dlp, emailfilter, event, generic, history, traffic, virus, voip, webfilter, netscan, waf, gtp, dns, ssh, ssl, file-filter, Asset, protocol, ANY-TYPE, ztna] default: traffic more...

    	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
    log-type	True	True	True	True	True	True	True	True	True	True	True	True

• log-field-exclusion-status - Enable or disable log field exclusion. type: str choices: [disable, enable] default: disable more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  log-field-exclusion-status	True	True	True	True	True	True	True	True	True	True	True	True

• log-filter - No description for the parameter type: array more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  log-filter	True	True	True	True	True	True	True	True	True	True	True	True

  • field - Field name. type: str choices: [type, logid, level, devid, vd, srcip, srcintf, dstip, dstintf, dstport, user, group, free-text] default: type more...

    	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
    field	True	True	True	True	True	True	True	True	True	True	True	True

  • id - Log filter ID. type: int default: 0 more...

    	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
    id	True	True	True	True	True	True	True	True	True	True	True	True

  • oper - Field filter operator. type: str choices: [=, !=, <, >, <=, >=, contain, not-contain, match] default: = more...

    	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
    oper	True	True	True	True	True	True	True	True	True	True	True	True

  • value - Field filter operand or free-text matching expression. type: str more...

    	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
    value	True	True	True	True	True	True	True	True	True	True	True	True

• log-filter-logic - Logic operator used to connect filters. type: str choices: [and, or] default: or more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  log-filter-logic	True	True	True	True	True	True	True	True	True	True	True	True

• log-filter-status - Enable or disable log filtering. type: str choices: [disable, enable] default: disable more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  log-filter-status	True	True	True	True	True	True	True	True	True	True	True	True

• mode - Log forwarding mode. type: str choices: [forwarding, aggregation, disable] default: disable more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  mode	True	True	True	True	True	True	True	True	True	True	True	True

• proxy-service - Enable/disable proxy service under collector mode. type: str choices: [disable, enable] default: enable more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  proxy-service	True	True	True	True	True	True	True	True	True	True	True	True

• proxy-service-priority - Proxy service priority from 1 (lowest) to 20 (highest). type: int default: 10 more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  proxy-service-priority	True	True	True	True	True	True	True	True	True	True	True	True

• server-device - Log forwarding server device ID. type: str more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  server-device	True	True	True	True	True	True	True	True	True	True	True	True

• server-ip - Remote server IP address. type: str more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  server-ip	True	True	True	True	True	True	True	True	True	True	False	False

• server-name - Log forwarding server name. type: str more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  server-name	True	True	True	True	True	True	True	True	True	True	True	True

• server-port - Server listen port (1 - 65535). type: int default: 514 more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  server-port	True	True	True	True	True	True	True	True	True	True	True	True

• signature - Aggregation cfg hash token. type: int default: 0 more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  signature	True	True	True	True	True	True	True	True	True	True	True	True

• sync-metadata - No description for the parameter type: array choices: [sf-topology, interface-role, device, endusr-avatar, interface-info, fgt-policy] more...

  	6.2.1	6.2.2	6.2.3	6.2.5	6.2.6	6.4.1	6.4.2	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  sync-metadata	True	True	True	True	True	True	True	True	True	True	True	True

• fwd-syslog-format - Forwarding format for syslog. type: str choices: [fgt, rfc-5424] default: fgt more...

  	6.4.3	6.4.4	6.4.5	7.0.0	7.2.0
  fwd-syslog-format	True	True	True	True	True

• fwd-compression - Enable/disable compression for better bandwidth efficiency. type: str choices: [disable, enable] default: disable more...

  	7.0.0	7.2.0
  fwd-compression	True	True

• log-masking-custom - No description for the parameter type: array more...

  	7.0.0	7.2.0
  log-masking-custom	True	True

  • field-name - Field name. type: str more...

    	7.0.0	7.2.0
    field-name	True	True

  • field-type - Field type. type: str choices: [string, ip, mac, email, unknown] default: unknown more...

    	7.0.0	7.2.0
    field-type	True	True

  • id - Field masking id. type: int default: 0 more...

    	7.0.0	7.2.0
    id	True	True

• log-masking-custom-priority - Prioritize custom fields. type: str choices: [disable, ] default: disable more...

  	7.0.0	7.2.0
  log-masking-custom-priority	True	True

• log-masking-fields - No description for the parameter type: array choices: [user, srcip, srcname, srcmac, dstip, dstname, email, message, domain] more...

  	7.0.0	7.2.0
  log-masking-fields	True	True

• log-masking-key - No description for the parameter type: str more...

  	7.0.0	7.2.0
  log-masking-key	True	True

• log-masking-status - Enable or disable log field masking. type: str choices: [disable, enable] default: disable more...

  	7.0.0	7.2.0
  log-masking-status	True	True

• server-addr - Remote server address. type: str more...

  	7.0.0	7.2.0
  server-addr	True	True

• agg-data-end-time - No description for the parameter type: str more...

  	7.2.0
  agg-data-end-time	True

• agg-data-start-time - No description for the parameter type: str more...

  	7.2.0
  agg-data-start-time	True

• agg-schedule - Schedule log aggregation mode. type: str choices: [daily, on-demand] default: daily more...

  	7.2.0
  agg-schedule	True

• fwd-ha-bind-vip - When HA is enabled, always use vip as forwarding port type: str choices: [disable, enable] default: enable more...

  	7.2.0
  fwd-ha-bind-vip	True

• pcapurl-domain-ip - The domain name or ip for forming a pcapurl. type: str more...

  	7.2.0
  pcapurl-domain-ip	True

• pcapurl-enrich - Enable/disable enriching pcapurl. type: str choices: [disable, enable] default: disable more...

  	7.2.0
  pcapurl-enrich	True

• peer-cert-cn - Certificate common name of log-forward server. type: str more...

  	7.2.0
  peer-cert-cn	True

Notes

Note

• To create or update an object, use state: present directive.
• To delete an object, use state: absent directive
• Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- collections:
  - fortinet.fortianalyzer
  connection: httpapi
  hosts: fortianalyzer-inventory
  tasks:
  - faz_cli_system_logforward:
      cli_system_logforward:
        id: 1
        server-name: 'fooname'
        server-addr: 12.3.4.5
        #server-device: ''
        #server-port: 514
        fwd-server-type: fortianalyzer
        mode: forwarding
        #server-ip: "23.231.1.1"
        log-filter-status: enable
        log-filter-logic: and
        log-field-exclusion-status: enable
        fwd-reliable: disable
        fwd-max-delay: 5min
        log-masking-status: enable
      state: present
    name: Log forwarding.
  vars:
    ansible_httpapi_port: 443
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

• request_url - The full url requested returned: always type: str sample: /sys/login/user
• response_code - The status of api request returned: always type: int sample: 0
• response_message - The descriptive message of the api response returned: always type: str sample: OK
• response_data - The data body of the api response returned: optional type: list or dict

Status

• This module is not guaranteed to have a backwards compatible interface.

Authors

• Link Zheng (@chillancezen)
• Jie Xue (@JieX19)
• Frank Shen (@fshen01)
• Hongbin Lu (@fgtdev-hblu)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.