dux_fortinet / dux_fortinet.fortianalyzer_dev / 1.4.0 / module / faz_cli_system_logforward Log forwarding. | "added in version" 1.0.0 of dux_fortinet.fortianalyzer_dev" Authors: Xinwei Du (@dux-fortinet), Link Zheng (@chillancezen), Jie Xue (@JieX19), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydux_fortinet.fortianalyzer_dev.faz_cli_system_logforward (1.4.0) — module
Install with ansible-galaxy collection install dux_fortinet.fortianalyzer_dev:==1.4.0
collections: - name: dux_fortinet.fortianalyzer_dev version: 1.4.0
This module is able to configure a FortiAnalyzer device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook connection: httpapi hosts: fortianalyzers tasks: - name: Log forwarding. fortinet.fortianalyzer.faz_cli_system_logforward: cli_system_logforward: id: 1 server_name: "fooname" server_addr: 12.3.4.5 # server_device: '' # server_port: 514 fwd_server_type: fortianalyzer mode: forwarding # server_ip: "23.231.1.1" log_filter_status: enable log_filter_logic: and log_field_exclusion_status: enable fwd_reliable: disable fwd_max_delay: 5min log_masking_status: enable state: present vars: ansible_httpapi_port: 443 ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false
state: choices: - present - absent description: The directive to create, update or delete an object required: true type: str log_path: default: /tmp/fortianalyzer.ansible.log description: - The path to save log. Used if enable_log is true. - Please use absolute path instead of relative path. - If the log_path setting is incorrect, the log will be saved in /tmp/fortianalyzer.ansible.log required: false type: str rc_failed: description: the rc codes list with which the conditions to fail will be overriden elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: the rc codes list with which the conditions to succeed will be overriden elements: int required: false type: list proposed_method: choices: - set - update - add description: The overridden method for the underlying Json RPC request required: false type: str bypass_validation: default: false description: only set to True when module schema diffs with FortiAnalyzer API structure, module continues to execute without validating parameters required: false type: bool cli_system_logforward: description: The top level parameters set. required: false suboptions: agg-archive-types: choices: - Web_Archive - Secure_Web_Archive - Email_Archive - File_Transfer_Archive - IM_Archive - MMS_Archive - AV_Quarantine - IPS_Packets - CDR_Archive description: no description elements: str type: list agg-data-end-time: description: no description type: str agg-data-start-time: description: no description type: str agg-logtypes: choices: - none - app-ctrl - attack - content - dlp - emailfilter - event - generic - history - traffic - virus - webfilter - netscan - fct-event - fct-traffic - fct-netscan - waf - gtp - dns - ssh - ssl - file-filter - asset - protocol - siem - ztna - security description: no description elements: str type: list agg-password: description: no description type: str agg-schedule: choices: - daily - on-demand description: - Schedule log aggregation mode. - daily - Run daily log aggregation - on-demand - Run log aggregation on demand type: str agg-time: description: Daily at. type: int agg-user: description: Log aggregation access user name for server. type: str device-filter: description: no description elements: dict suboptions: action: choices: - include - exclude - include-like - exclude-like description: - Include or exclude the specified device. - include - Include specified device. - exclude - Exclude specified device. - include-like - Include specified device matching the given wildcard expression. - exclude-like - Exclude specified device matching the given wildcard expression. type: str adom: description: Adom name or (null) for all adoms, or a wildcard expression matching adom(s) if action is a like action. type: str device: description: Device ID of log client device, or a wildcard expression matching log client device(s) if action is a like action. type: str id: description: Device filter ID. type: int type: list fwd-archive-types: choices: - Web_Archive - Email_Archive - IM_Archive - File_Transfer_Archive - MMS_Archive - AV_Quarantine - IPS_Packets - EDISC_Archive - CDR_Archive description: no description elements: str type: list fwd-archives: choices: - disable - enable description: - Enable/disable forwarding archives. - disable - Disable forwarding archives. - enable - Enable forwarding archives. type: str fwd-compression: choices: - disable - enable description: - Enable/disable compression for better bandwidth efficiency. - disable - Disable compression of messages. - enable - Enable compression of messages. type: str fwd-facility: choices: - kernel - user - mail - daemon - auth - syslog - lpr - news - uucp - clock - authpriv - ftp - ntp - audit - alert - cron - local0 - local1 - local2 - local3 - local4 - local5 - local6 - local7 description: - Facility for remote syslog. - kernel - kernel messages - user - random user level messages - mail - Mail system. - daemon - System daemons. - auth - Security/authorization messages. - syslog - Messages generated internally by syslog daemon. - lpr - Line printer subsystem. - news - Network news subsystem. - uucp - Network news subsystem. - clock - Clock daemon. - authpriv - Security/authorization messages (private). - ftp - FTP daemon. - ntp - NTP daemon. - audit - Log audit. - alert - Log alert. - cron - Clock daemon. - local0 - Reserved for local use. - local1 - Reserved for local use. - local2 - Reserved for local use. - local3 - Reserved for local use. - local4 - Reserved for local use. - local5 - Reserved for local use. - local6 - Reserved for local use. - local7 - Reserved for local use. type: str fwd-ha-bind-vip: choices: - disable - enable description: - When HA is enabled, always use vip as forwarding port - disable - Disable bind forwarding to vip interface. - enable - Enable bind forwarding to vip interface. type: str fwd-log-source-ip: choices: - local_ip - original_ip description: - Logs source IP address (no effect for reliable forwarding). - local_ip - Use FAZVM64 local ip. - original_ip - Use original source ip. type: str fwd-max-delay: choices: - realtime - 1min - 5min description: - Max delay for near realtime log forwarding. - realtime - Realtime forwarding, no delay. - 1min - Near realtime forwarding with up to one miniute delay. - 5min - Near realtime forwarding with up to five miniutes delay. type: str fwd-output-plugin-id: description: Name of the output plugin profile type: str fwd-reliable: choices: - disable - enable description: - Enable/disable reliable logging. - disable - Disable reliable logging. - enable - Enable reliable logging. type: str fwd-secure: choices: - disable - enable description: - Enable/disable TLS/SSL secured reliable logging. - disable - Disable TLS/SSL secured reliable logging. - enable - Enable TLS/SSL secured reliable logging. type: str fwd-server-type: choices: - syslog - fortianalyzer - cef - syslog-pack - fwd-via-output-plugin - elite-service description: - Forwarding all logs to syslog server or FortiAnalyzer. - syslog - Forward logs to generic syslog server. - fortianalyzer - Forward logs to FortiAnalyzer. - cef - Forward logs to a CEF (Common Event Format) server. type: str fwd-syslog-format: choices: - fgt - rfc-5424 description: - Forwarding format for syslog. - fgt - fgt syslog format - rfc-5424 - rfc-5424 syslog format type: str id: description: Log forwarding ID. type: int log-field-exclusion: description: no description elements: dict suboptions: dev-type: choices: - FortiGate - FortiManager - Syslog - FortiMail - FortiWeb - FortiCache - FortiAnalyzer - FortiSandbox - FortiDDoS - FortiNAC - FortiDeceptor - FortiFirewall - FortiADC - FortiClient - FortiAuthenticator - FortiProxy - FortiIsolator - FortiEDR - FortiPAM - FortiCASB - FortiToken description: - Device type. - FortiGate - FortiGate Device - FortiManager - FortiManager Device - Syslog - Syslog Device - FortiMail - FortiMail Device - FortiWeb - FortiWeb Device - FortiCache - FortiCache Device - FortiAnalyzer - FortiAnalyzer Device - FortiSandbox - FortiSandbox Device - FortiDDoS - FortiDDoS Device - FortiNAC - FortiNAC Device - FortiDeceptor - FortiDeceptor Device type: str field-list: description: List of fields to be excluded. type: str id: description: Log field exclusion ID. type: int log-type: choices: - app-ctrl - appevent - attack - content - dlp - emailfilter - event - generic - history - traffic - virus - voip - webfilter - netscan - waf - gtp - dns - ssh - ssl - file-filter - Asset - protocol - ANY-TYPE - fct-event - fct-traffic - fct-netscan - ztna - security description: - Log type. - app-ctrl - Application Control - appevent - APPEVENT - attack - Attack - content - DLP Archive - dlp - Data Leak Prevention - emailfilter - Email Filter - event - Event - generic - Generic - history - Mail Statistics - traffic - Traffic - virus - Virus - voip - VoIP - webfilter - Web Filter - netscan - Network Scan - waf - WAF - gtp - GTP - dns - Domain Name System - ssh - SSH - ssl - SSL - file-filter - FFLT - Asset - Asset - protocol - PROTOCOL - ANY-TYPE - Any log type type: str type: list log-field-exclusion-status: choices: - disable - enable description: - Enable or disable log field exclusion. - disable - Disable log field exclusion. - enable - Enable log field exclusion. type: str log-filter: description: no description elements: dict suboptions: field: choices: - type - logid - level - devid - vd - srcip - srcintf - dstip - dstintf - dstport - user - group - free-text description: - Field name. - type - Log type - logid - Log ID - level - Level - devid - Device ID - vd - Vdom ID - srcip - Source IP - srcintf - Source Interface - dstip - Destination IP - dstintf - Destination Interface - dstport - Destination Port - user - User - group - Group - free-text - General free-text filter type: str id: description: Log filter ID. type: int oper: choices: - '=' - '!=' - < - '>' - <= - '>=' - contain - not-contain - match description: - Field filter operator. - '&lt; - =Less than or equal to' - '&gt; - =Greater than or equal to' - contain - Contain - not-contain - Not contain - match - Match (expression) type: str value: description: Field filter operand or free-text matching expression. type: str type: list log-filter-logic: choices: - and - or description: - Logic operator used to connect filters. - and - Conjunctive filters. - or - Disjunctive filters. type: str log-filter-status: choices: - disable - enable description: - Enable or disable log filtering. - disable - Disable log filtering. - enable - Enable log filtering. type: str log-masking-custom: description: no description elements: dict suboptions: field-name: description: Field name. type: str field-type: choices: - string - ip - mac - email - unknown description: - Field type. - string - String. - ip - IP. - mac - MAC address. - email - Email address. - unknown - Unknown. type: str id: description: Field masking id. type: int type: list log-masking-custom-priority: choices: - disable - '' - enable description: - Prioritize custom fields. - disable - Disable custom field search priority. - ' - Prioritize custom fields.' type: str log-masking-fields: choices: - user - srcip - srcname - srcmac - dstip - dstname - email - message - domain description: no description elements: str type: list log-masking-key: description: no description type: str log-masking-status: choices: - disable - enable description: - Enable or disable log field masking. - disable - Disable log field masking. - enable - Enable log field masking. type: str mode: choices: - forwarding - aggregation - disable description: - Log forwarding mode. - forwarding - Realtime or near realtime forwarding logs to servers. - aggregation - Aggregate logs and archives to Analyzer. - disable - Do not forward or aggregate logs. type: str pcapurl-domain-ip: description: The domain name or ip for forming a pcapurl. This pcapurl will be appended to applicable forwarded logs for downloading a pcap... type: str pcapurl-enrich: choices: - disable - enable description: - Enable/disable enriching pcapurl. - disable - Disable enriching pcapurl. - enable - Enable enriching pcapurl. It will append a pcapurl field to the forwarded syslogs. type: str peer-cert-cn: description: Certificate common name of log-forward server. type: str proxy-service: choices: - disable - enable description: - Enable/disable proxy service under collector mode. - disable - Disable proxy service. - enable - Enable proxy service. type: str proxy-service-priority: description: Proxy service priority from 1 (lowest) to 20 (highest). type: int server-addr: description: Remote server address. type: str server-device: description: Log forwarding server device ID. type: str server-ip: description: Remote server IP address. type: str server-name: description: Log forwarding server name. type: str server-port: description: Server listen port (1 - 65535). type: int signature: description: Aggregation cfg hash token. type: int sync-metadata: choices: - sf-topology - interface-role - device - endusr-avatar - fgt-policy - interface-info description: no description elements: str type: list type: dict forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str
meta: contains: request_url: description: The full url requested returned: always sample: /sys/login/user type: str response_code: description: The status of api request returned: always sample: 0 type: int response_data: description: The api response returned: always type: list response_message: description: The descriptive message of the api response returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current fortianalyzer version. returned: complex type: list