faz_cli_system_logforward – Log forwarding.
New in version 1.0.0.
Warning
Starting in version 2.0.0, all variables will be named in the underscore naming convention.
Possible variable names before 2.0.0:
variable-name,variable name,variable.nameCorresponding variable names since 2.0.0:
variable_name
FortiAnalyzer Ansible v1.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.
Synopsis
This module is able to configure a FortiAnalyzer device.
Examples include all parameters and values need to be adjusted to data sources before usage.
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.15.0
FortiAnalyzer Version Compatibility
6.2.0 |
6.2.1 |
6.2.2 |
6.2.3 |
6.2.4 |
6.2.5 |
6.2.6 |
6.2.7 |
6.2.8 |
6.2.9 |
6.2.10 |
6.2.11 |
6.2.12 |
||
| None | True | True | True | None | True | True | True | True | True | True | True | True | ||
6.4.0 |
6.4.1 |
6.4.2 |
6.4.3 |
6.4.4 |
6.4.5 |
6.4.6 |
6.4.7 |
6.4.8 |
6.4.9 |
6.4.10 |
6.4.11 |
6.4.12 |
6.4.13 |
6.4.14 |
| None | True | True | True | True | True | True | True | True | True | True | True | True | True | True |
7.0.0 |
7.0.1 |
7.0.2 |
7.0.3 |
7.0.4 |
7.0.5 |
7.0.6 |
7.0.7 |
7.0.8 |
7.0.9 |
7.0.10 |
7.0.11 |
|||
| True | True | True | True | True | True | True | True | True | True | True | True | |||
7.2.0 |
7.2.1 |
7.2.2 |
7.2.3 |
7.2.4 |
||||||||||
| True | True | True | True | True | ||||||||||
7.4.0 |
7.4.1 |
7.4.2 |
||||||||||||
| True | True | True |
Parameters
- access_token -The token to access FortiAnalyzer without using ansible_username and ansible_password. type: str required: false
- enable_log - Enable/Disable logging for task type: bool required: false default: False
- forticloud_access_token - Access token of forticloud analyzer API users. type: str required: false
- log_path - The path to save log. Used if enable_log is true. Please use absolute path instead of relative path. If the log_path setting is incorrect, the log will be saved in /tmp/fortianalyzer.ansible.logtype: str required: false default: "/tmp/fortianalyzer.ansible.log"
- proposed_method - The overridden method for the underlying Json RPC request type: str required: false choices: set, update, add
- bypass_validation - Only set to True when module schema diffs with FortiAnalyzer API structure, module continues to execute without validating parameters type: bool required: false default: False
- rc_succeeded - The rc codes list with which the conditions to succeed will be overriden type: list required: false
- rc_failed - The rc codes list with which the conditions to fail will be overriden type: list required: false
- state - The directive to create, update or delete an object type: str required: true choices: present, absent
- cli_system_logforward - Log forwarding. type: dict
- agg_archive_types - No description for the parameter type: array choices: [Web_Archive, Secure_Web_Archive, Email_Archive, File_Transfer_Archive, IM_Archive, MMS_Archive, AV_Quarantine, IPS_Packets, CDR_Archive] more...
- agg_logtypes - No description for the parameter type: array choices: [none, app-ctrl, attack, content, dlp, emailfilter, event, generic, history, traffic, virus, webfilter, netscan, fct-event, fct-traffic, fct-netscan, waf, gtp, dns, ssh, ssl, file-filter, asset, protocol, siem, ztna, security] more...
- agg_password - No description for the parameter type: str more...
- agg_time - Daily at. type: int default: 0 more...
- agg_user - Log aggregation access user name for server. type: str more...
- device_filter - No description for the parameter type: array
more...
- action - Include or exclude the specified device. type: str choices: [include, exclude, include-like, exclude-like] default: include more...
- device - Device ID of log client device, or a wildcard expression matching log client device(s) if action is a like action. type: str more...
- id - Device filter ID. type: int default: 0 more...
- adom - Adom name or (null) for all adoms, or a wildcard expression matching adom(s) if action is a like action. type: str more...
- fwd_archive_types - No description for the parameter type: array choices: [Web_Archive, Email_Archive, IM_Archive, File_Transfer_Archive, MMS_Archive, AV_Quarantine, IPS_Packets, EDISC_Archive, CDR_Archive] more...
- fwd_archives - Enable/disable forwarding archives. type: str choices: [disable, enable] default: enable more...
- fwd_facility - Facility for remote syslog. type: str choices: [kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, clock, authpriv, ftp, ntp, audit, alert, cron, local0, local1, local2, local3, local4, local5, local6, local7] default: local7 more...
- fwd_log_source_ip - Logs source IP address (no effect for reliable forwarding). type: str choices: [local_ip, original_ip] default: local_ip more...
- fwd_max_delay - Max delay for near realtime log forwarding. type: str choices: [realtime, 1min, 5min] default: 5min more...
- fwd_reliable - Enable/disable reliable logging. type: str choices: [disable, enable] default: disable more...
- fwd_secure - Enable/disable TLS/SSL secured reliable logging. type: str choices: [disable, enable] default: disable more...
- fwd_server_type - Forwarding all logs to syslog server or FortiAnalyzer. type: str choices: [syslog, fortianalyzer, cef, syslog-pack, fwd-via-output-plugin, elite-service] default: fortianalyzer more...
- id - Log forwarding ID. type: int default: 0 more...
- log_field_exclusion - No description for the parameter type: array
more...
- dev_type - Device type. type: str choices: [FortiGate, FortiManager, Syslog, FortiMail, FortiWeb, FortiCache, FortiAnalyzer, FortiSandbox, FortiDDoS, FortiNAC, FortiDeceptor, FortiFirewall, FortiADC, FortiClient, FortiAuthenticator, FortiProxy, FortiIsolator, FortiEDR, FortiPAM, FortiCASB, FortiToken] default: FortiGate more...
- field_list - List of fields to be excluded. type: str more...
- id - Log field exclusion ID. type: int default: 0 more...
- log_type - Log type. type: str choices: [app-ctrl, appevent, attack, content, dlp, emailfilter, event, generic, history, traffic, virus, voip, webfilter, netscan, waf, gtp, dns, ssh, ssl, file-filter, Asset, protocol, ANY-TYPE, fct-event, fct-traffic, fct-netscan, ztna, security] default: traffic more...
- log_field_exclusion_status - Enable or disable log field exclusion. type: str choices: [disable, enable] default: disable more...
- log_filter - No description for the parameter type: array
more...
- field - Field name. type: str choices: [type, logid, level, devid, vd, srcip, srcintf, dstip, dstintf, dstport, user, group, free-text] default: type more...
- id - Log filter ID. type: int default: 0 more...
- oper - Field filter operator. type: str choices: [=, !=, <, >, <=, >=, contain, not-contain, match] default: = more...
- value - Field filter operand or free-text matching expression. type: str more...
- log_filter_logic - Logic operator used to connect filters. type: str choices: [and, or] default: or more...
- log_filter_status - Enable or disable log filtering. type: str choices: [disable, enable] default: disable more...
- mode - Log forwarding mode. type: str choices: [forwarding, aggregation, disable] default: disable more...
- proxy_service - Enable/disable proxy service under collector mode. type: str choices: [disable, enable] default: enable more...
- proxy_service_priority - Proxy service priority from 1 (lowest) to 20 (highest). type: int default: 10 more...
- server_device - Log forwarding server device ID. type: str more...
- server_ip - Remote server IP address. type: str more...
- server_name - Log forwarding server name. type: str more...
- server_port - Server listen port (1 - 65535). type: int default: 514 more...
- signature - Aggregation cfg hash token. type: int default: 0 more...
- sync_metadata - No description for the parameter type: array choices: [sf-topology, interface-role, device, endusr-avatar, fgt-policy, interface-info] more...
- fwd_syslog_format - Forwarding format for syslog. type: str choices: [fgt, rfc-5424] default: fgt more...
- fwd_ha_bind_vip - When HA is enabled, always use vip as forwarding port type: str choices: [disable, enable] default: enable more...
- server_addr - Remote server address. type: str more...
- fwd_compression - Enable/disable compression for better bandwidth efficiency. type: str choices: [disable, enable] default: disable more...
- log_masking_custom - No description for the parameter type: array more...
- log_masking_custom_priority - Prioritize custom fields. type: str choices: [disable, , enable] default: disable more...
- log_masking_fields - No description for the parameter type: array choices: [user, srcip, srcname, srcmac, dstip, dstname, email, message, domain] more...
- log_masking_key - No description for the parameter type: str more...
- log_masking_status - Enable or disable log field masking. type: str choices: [disable, enable] default: disable more...
- agg_data_end_time - No description for the parameter type: str more...
- agg_data_start_time - No description for the parameter type: str more...
- agg_schedule - Schedule log aggregation mode. type: str choices: [daily, on-demand] default: daily more...
- pcapurl_domain_ip - The domain name or ip for forming a pcapurl. type: str more...
- pcapurl_enrich - Enable/disable enriching pcapurl. type: str choices: [disable, enable] default: disable more...
- peer_cert_cn - Certificate common name of log-forward server. type: str more...
- fwd_output_plugin_id - Name of the output plugin profile type: str more...
Notes
Note
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook
connection: httpapi
hosts: fortianalyzers
tasks:
- name: Log forwarding.
fortinet.fortianalyzer.faz_cli_system_logforward:
cli_system_logforward:
id: 1
server_name: "fooname"
server_addr: 12.3.4.5
# server_device: ''
# server_port: 514
fwd_server_type: fortianalyzer
mode: forwarding
# server_ip: "23.231.1.1"
log_filter_status: enable
log_filter_logic: and
log_field_exclusion_status: enable
fwd_reliable: disable
fwd_max_delay: 5min
log_masking_status: enable
state: present
vars:
ansible_httpapi_port: 443
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- meta - The result of the request. returned: always type: dict
- request_url - The full url requested. returned: always type: str sample: /sys/login/user
- response_code - The status of api request. returned: always type: int sample: 0
- response_data - The data body of the api response. returned: optional type: list or dict
- response_message - The descriptive message of the api response. returned: always type: str sample: OK
- system_information - The information of the target system. returned: always type: dict
- rc - The status the request. returned: always type: int sample: 0
- version_check_warning - Warning if the parameters used in the playbook are not supported by the current fortianalyzer version. returned: if params are not supported in the current version type: list
Status
This module is not guaranteed to have a backwards compatible interface.