faz_cli_system_logforward – Log forwarding.
Added in version 1.0.0.
Warning
Starting in version 2.0.0, all variables will be named in the underscore naming convention.
Possible variable names before 2.0.0:
variable-name,variable name,variable.nameCorresponding variable names since 2.0.0:
variable_name
FortiAnalyzer Ansible v1.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.
Synopsis
This module is able to configure a FortiAnalyzer device.
Examples include all parameters and values need to be adjusted to data sources before usage.
This module supports check mode and diff mode.
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.16.0
FortiAnalyzer Version Compatibility
Supported Version Ranges: v6.2.1 -> latest
Parameters
- access_token The token to access FortiAnalyzer without using ansible_username and ansible_password. type: str
- bypass_validation Only set to True when module schema diffs with FortiAnalyzer API structure, module continues to execute without validating parameters type: bool default: False
- enable_log Enable/Disable logging for task type: bool default: False
- forticloud_access_token Access token of forticloud analyzer API users. type: str
- log_path The path to save log. Used if enable_log is true. Please use absolute path instead of relative path. If the log_path setting is incorrect, the log will be saved in /tmp/fortianalyzer.ansible.logtype: str default: "/tmp/fortianalyzer.ansible.log"
- proposed_method The overridden method for the underlying Json RPC request type: str choices: set, update, add
- version_check If set to True, it will check whether the parameters used are supported by the corresponding version of FortiAnazlyer locally based on FNDN data. A warning will be returned in version_check_warning if there is a mismatch. This warning is only a suggestion and may not be accurate. type: bool default: False
- rc_succeeded The rc codes list with which the conditions to succeed will be overriden type: list
- rc_failed The rc codes list with which the conditions to fail will be overriden type: list
- state The directive to create, update or delete an object type: str required: true choices: present, absent
- cli_system_logforward Log forwarding. type: dict
- agg_archive_types Archive types. type: list elements: str choices: [Web_Archive, Secure_Web_Archive, Email_Archive, File_Transfer_Archive, IM_Archive, MMS_Archive, AV_Quarantine, IPS_Packets, CDR_Archive] more...
- agg_logtypes Log types. type: list elements: str choices: [none, app-ctrl, attack, content, dlp, emailfilter, event, generic, history, traffic, virus, webfilter, netscan, fct-event, fct-traffic, fct-netscan, waf, gtp, dns, ssh, ssl, file-filter, asset, protocol, siem, ztna, security] more...
- agg_password Log aggregation access password for server. type: str elements: str more...
- agg_time Daily at. type: int default: 0 more...
- agg_user Log aggregation access user name for server. type: str more...
- device_filter type: list of dict
more...
- action Include or exclude the specified device. type: str choices: [include, exclude, include-like, exclude-like] default: include more...
- device Device ID of log client device, or a wildcard expression matching log client device(s) if action is a like action. type: str more...
- id Device filter ID. type: int default: 0 more...
- adom Adom name or (null) for all adoms, or a wildcard expression matching adom(s) if action is a like action. type: str more...
- fwd_archive_types forwarding archive types. type: list elements: str choices: [Web_Archive, Email_Archive, IM_Archive, File_Transfer_Archive, MMS_Archive, AV_Quarantine, IPS_Packets, EDISC_Archive, CDR_Archive] more...
- fwd_archives Enable/disable forwarding archives. type: str choices: [disable, enable] default: enable more...
- fwd_facility Facility for remote syslog. type: str choices: [kernel, user, mail, daemon, auth, syslog, lpr, news, uucp, clock, authpriv, ftp, ntp, audit, alert, cron, local0, local1, local2, local3, local4, local5, local6, local7] default: local7 more...
- fwd_log_source_ip Logs source IP address (no effect for reliable forwarding). type: str choices: [local_ip, original_ip] default: local_ip more...
- fwd_max_delay Max delay for near realtime log forwarding. type: str choices: [realtime, 1min, 5min] default: 5min more...
- fwd_reliable Enable/disable reliable logging. type: str choices: [disable, enable] default: disable more...
- fwd_secure Enable/disable TLS/SSL secured reliable logging. type: str choices: [disable, enable] default: disable more...
- fwd_server_type Forwarding all logs to syslog server or FortiAnalyzer. type: str choices: [syslog, fortianalyzer, cef, syslog-pack, fwd-via-output-plugin, elite-service] default: fortianalyzer more...
- id Log forwarding ID. type: int default: 0 more...
- log_field_exclusion type: list of dict
more...
- dev_type Device type. type: str choices: [FortiGate, FortiManager, Syslog, FortiMail, FortiWeb, FortiCache, FortiAnalyzer, FortiSandbox, FortiDDoS, FortiNAC, FortiDeceptor, FortiFirewall, FortiADC, FortiClient, FortiAuthenticator, FortiProxy, FortiIsolator, FortiEDR, FortiPAM, FortiCASB, FortiToken] default: FortiGate more...
- field_list List of fields to be excluded. type: str more...
- id Log field exclusion ID. type: int default: 0 more...
- log_type Log type. type: str choices: [app-ctrl, appevent, attack, content, dlp, emailfilter, event, generic, history, traffic, virus, voip, webfilter, netscan, waf, gtp, dns, ssh, ssl, file-filter, Asset, protocol, ANY-TYPE, fct-event, fct-traffic, fct-netscan, ztna, security] default: traffic more...
- log_field_exclusion_status Enable or disable log field exclusion. type: str choices: [disable, enable] default: disable more...
- log_filter type: list of dict
more...
- field Field name. type: str choices: [type, logid, level, devid, vd, srcip, srcintf, dstip, dstintf, dstport, user, group, free-text] default: type more...
- id Log filter ID. type: int default: 0 more...
- oper Field filter operator. type: str choices: [=, !=, <, >, <=, >=, contain, not-contain, match] default: = more...
- value Field filter operand or free-text matching expression. type: str more...
- log_filter_logic Logic operator used to connect filters. type: str choices: [and, or] default: or more...
- log_filter_status Enable or disable log filtering. type: str choices: [disable, enable] default: disable more...
- mode Log forwarding mode. type: str choices: [forwarding, aggregation, disable] default: disable more...
- proxy_service Enable/disable proxy service under collector mode. type: str choices: [disable, enable] default: enable more...
- proxy_service_priority Proxy service priority from 1 (lowest) to 20 (highest). type: int default: 10 more...
- server_device Log forwarding server device ID. type: str more...
- server_ip Remote server IP address. type: str more...
- server_name Log forwarding server name. type: str more...
- server_port Server listen port (1 - 65535). type: int default: 514 more...
- signature Aggregation cfg hash token. type: int default: 0 more...
- sync_metadata Synchronizing meta data types. type: list elements: str choices: [sf-topology, interface-role, device, endusr-avatar, fgt-policy, interface-info] more...
- fwd_syslog_format Forwarding format for syslog. type: str choices: [fgt, rfc-5424] default: fgt more...
- fwd_ha_bind_vip When HA is enabled, always use vip as forwarding port type: str choices: [disable, enable] default: enable more...
- server_addr Remote server address. type: str more...
- fwd_compression Enable/disable compression for better bandwidth efficiency. type: str choices: [disable, enable] default: disable more...
- log_masking_custom type: list of dict more...
- log_masking_custom_priority Prioritize custom fields. type: str choices: [disable, , enable] default: disable more...
- log_masking_fields Log field masking fields. type: list elements: str choices: [user, srcip, srcname, srcmac, dstip, dstname, email, message, domain] more...
- log_masking_key Log field masking key. type: str elements: str more...
- log_masking_status Enable or disable log field masking. type: str choices: [disable, enable] default: disable more...
- agg_data_end_time End date and time of the data-range <hh:mm yyyy/mm/dd>. type: str elements: str more...
- agg_data_start_time Start date and time of the data-range <hh:mm yyyy/mm/dd>. type: str elements: str more...
- agg_schedule Schedule log aggregation mode. type: str choices: [daily, on-demand] default: daily more...
- pcapurl_domain_ip The domain name or ip for forming a pcapurl. This pcapurl will be appended to applicable forwarded logs for downloading a pcap file. type: str more...
- pcapurl_enrich Enable/disable enriching pcapurl. type: str choices: [disable, enable] default: disable more...
- peer_cert_cn Certificate common name of log-forward server. type: str more...
- fwd_output_plugin_id Name of the output plugin profile type: str more...
- fwd_syslog_transparent Enable/disable transparently forwarding logs from syslog devices to syslog server. type: str choices: [disable, enable, faz-enrich] default: enable more...
- fwd_syslog_enrich_cve type: str choices: [disable, enable] default: disable more...
- fwd_syslog_decode_b64 type: str choices: [disable, enable] default: disable more...
Notes
Note
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook
gather_facts: false
connection: httpapi
hosts: fortianalyzers
tasks:
- name: Log forwarding.
fortinet.fortianalyzer.faz_cli_system_logforward:
cli_system_logforward:
id: 1
server_name: "fooname"
server_addr: 12.3.4.5
# server_device: ''
# server_port: 514
fwd_server_type: fortianalyzer
mode: forwarding
# server_ip: "23.231.1.1"
log_filter_status: enable
log_filter_logic: and
log_field_exclusion_status: enable
fwd_reliable: disable
fwd_max_delay: 5min
log_masking_status: enable
state: present
vars:
ansible_network_os: fortinet.fortianalyzer.fortianalyzer
ansible_httpapi_port: 443
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- meta The result of the request. returned: always type: dict
- request_url The full url requested. returned: always type: str sample: /sys/login/user
- response_code The status of api request. returned: always type: int sample: 0
- response_data The data body of the api response. returned: optional type: list or dict
- response_message The descriptive message of the api response. returned: always type: str sample: OK
- system_information The information of the target system. returned: always type: dict
- rc The status the request. returned: always type: int sample: 0
- version_check_warning Warning if the parameters used in the playbook are not supported by the current fortianalyzer version. returned: if params are not supported in the current version type: list
Status
This module is not guaranteed to have a backwards compatible interface.