Try SpotterManage security log profiles on a BIG-IP
| "added in version" 1.13.0 of f5networks.f5_bigip"
Authors: Wojciech Wypior (@wojtek0806)
Install with ansible-galaxy collection install f5networks.f5_bigip:==3.4.0
collections:
- name: f5networks.f5_bigip
version: 3.4.0Manage security log profiles on a BIG-IP.
- name: Create a security log profile
bigip_security_log_profile:
name: "test_log_profile"
description: "this is a log profile test"
auto_discovery: "local-db-publisher"
dos_protection:
application: "local-db-publisher"
network: "local-db-publisher"
protocol_inspection:
log_packet: "yes"
publisher: "local-db-publisher"
packet_filter:
rate: 300
publisher: "local-db-publisher"
bot_defense:
publisher: "local-db-publisher"
log_alarm: "yes"
log_browser: "yes"
- name: Modify a security log profile
bigip_security_log_profile:
name: "test_log_profile"
packet_filter:
rate: 100
bot_defense:
log_alarm: "no"
- name: Delete a security log profile
bigip_security_log_profile:
name: "test_log_profile"
state: absent
- name: Create a security log profile with network security
bigip_security_log_profile:
name: "test_log_profile"
description: "this is a log profile test"
auto_discovery: "local-db-publisher"
dos_protection:
application: "local-db-publisher"
network: "local-db-publisher"
protocol_inspection:
log_packet: "yes"
publisher: "local-db-publisher"
packet_filter:
rate: 300
publisher: "local-db-publisher"
bot_defense:
publisher: "local-db-publisher"
log_alarm: "yes"
log_browser: "yes"
network_security:
publisher: "local-db-publisher"
log_acl_match_accept: "yes"
log_acl_match_drop: "yes"
rate_limit_acl_match_accept: "1000"
rate_limit_acl_match_drop: "indefinite"
storage_format:
type: "field-list"
delimiter: "-"
fields:
- "acl_policy_name"
- "acl_rule_name"
- "date_time"
- "action"
- "src_ip"
- name: Modify a security log profile sip security
bigip_security_log_profile:
name: "test_log_profile"
packet_filter:
rate: 100
sip_security:
log_sip_drop: "yes"
log_sip_server_errors: "yes"
storage_format:
type: "field-list"
delimiter: ";"
fields:
- "date_time"
- "dest_ip"
- "sip_callee"
- "sip_caller"
nat:
description:
- Configures the system to log firewall NAT events.
suboptions:
end_inbound_session:
description:
- Configuration of log entries generated at the end of the incoming connection
event for a translated endpoint.
suboptions:
action:
choices:
- enabled
- disabled
- backup-allocation-only
description:
- When set to C(enabled), sets system to log entries for the end of the incoming
connection event for a translated endpoint.
- When set to C(disabled), disables logging of the end of the incoming connection
event for a translated endpoint.
- When set to C(backup-allocation-only), sets the system to generate the associated
type of log entries only when the translation address for the client is
chosen from the backup pool.
type: str
storage_format:
description:
- Configures the custom formatting of NAT events log messages.
suboptions:
delimiter:
description:
- Specifies the delimiter string, when C(type) is set to C(field-list).
type: str
fields:
description:
- Lists the items the server logs, and the order in which the server logs
them. The order in which items are specified in the list matters. The
server displays the items in the log sequentially from top down.
- 'The valid elements that can be specified in the list are: context_name,
dest_ip, dest_port, event_name, protocol, route_domain, src_ip, src_port,
sub_id, timestamp, translated_dest_ip, translated_dest_port, translated_route_domain,
translated_src_ip, translated_src_port.'
elements: str
type: list
type:
choices:
- field-list
- user-defined
- none
description:
- Specifies the format type for log messages.
- When set to C(none) the system uses default format type to log the messages
to a Remote Syslog server.
- When set to C(field-list) the system uses a set of fields, set in a
specific order, to log messages.
- When set to C(user-defined) the system uses a user-defined string to
log messages.
- When set to C(none) the C(fields) and C(user_string) parameters are
ignored.
type: str
user_string:
description:
- Specifies the format the system uses to log messages is in the form
of a user-defined string.
type: str
type: dict
type: dict
end_outbound_session:
description:
- Configuration of log entries generated at end of translation event for a NAT
client.
suboptions:
action:
choices:
- enabled
- disabled
- backup-allocation-only
description:
- When set to C(enabled), sets system to log entries for end of translation
events for a NAT client.
- When set to C(disabled), disables logging of end of translation events for
a NAT client.
- When set to C(backup-allocation-only), sets the system to generate the associated
type of log entries only when the translation address for the client is
chosen from the backup pool.
type: str
include_dest_addr_port:
description:
- Enable or disable logging of destination IP address and port information.
type: bool
storage_format:
description:
- Configures the custom formatting of NAT events log messages.
suboptions:
delimiter:
description:
- Specifies the delimiter string, when C(type) is set to C(field-list).
type: str
fields:
description:
- Lists the items the server logs, and the order in which the server logs
them. The order in which items are specified in the list matters. The
server displays the items in the log sequentially from top down.
- 'The valid elements that can be specified in the list are: context_name,
dest_ip, dest_port, event_name, protocol, route_domain, src_ip, src_port,
sub_id, timestamp, translated_dest_ip, translated_dest_port, translated_route_domain,
translated_src_ip, translated_src_port.'
elements: str
type: list
type:
choices:
- field-list
- user-defined
- none
description:
- Specifies the format type for log messages.
- When set to C(none), the system uses the default format type to log
the messages to a Remote Syslog server.
- When set to C(field-list), the system uses a set of fields, set in a
specific order, to log messages.
- When set to C(user-defined), the system uses a user-defined string to
log messages.
- When set to C(none), the C(fields) and C(user_string) parameters are
ignored.
type: str
user_string:
description:
- Specifies the format the system uses to log messages is in the form
of a user-defined string.
type: str
type: dict
type: dict
errors:
description:
- Configuration of log entries generated when a NAT translation errors occur.
suboptions:
action:
choices:
- enabled
- disabled
description:
- When set to C(enabled), sets the system to log entries generated when a
NAT translation errors occur.
- When set to C(disabled), disables logging of entries generated when a NAT
translation errors occur.
type: str
storage_format:
description:
- Configures the custom formatting of NAT events log messages.
suboptions:
delimiter:
description:
- Specifies the delimiter string, when C(type) is set to C(field-list).
type: str
fields:
description:
- Lists the items the server logs, and the order in which the server logs
them. The order in which items are specified in the list matters. The
server displays the items in the log sequentially from top down.
- 'The valid elements that can be specified in the list are: context_name,
dest_ip, dest_port, event_name, protocol, route_domain, src_ip, src_port,
sub_id, timestamp, translated_dest_ip, translated_dest_port, translated_route_domain,
translated_src_ip, translated_src_port.'
elements: str
type: list
type:
choices:
- field-list
- user-defined
- none
description:
- Specifies the format type for log messages.
- When set to C(none) the system uses default format type to log the messages
to a Remote Syslog server.
- When set to C(field-list) the system uses a set of fields, set in a
specific order, to log messages.
- When set to C(user-defined) the system uses a user-defined string to
log messages.
- When set to C(none) the C(fields) and C(user_string) parameters are
ignored.
type: str
user_string:
description:
- Specifies the format the system uses to log messages is in the form
of a user-defined string.
type: str
type: dict
type: dict
log_subscriber_id:
description:
- Enable or disable logging of the subscriber ID associated with a subscriber
IP address.
type: bool
lsn_legacy_mode:
description:
- Enable or disable use of legacy CGNAT/LSN logging facility instead of the new
Firewall NAT logging capability.
- When set to C(true), the C(start_outbound_session), C(start_inbound_session),
C(end_inbound_session), C(end_outbound_session), C(quota_exceeded) and C(errors),
must not be enabled. Specifying C(action) to be either C(enabled) or C(backup-allocation-only)
while C(lsn_legacy_mode) is C(true) will result in API errors.
type: bool
publisher:
description:
- Specifies the name of the log publisher used for logging Network Address Translation
events.
- If the desired log publisher is configured on a different partition to where
log profile is created a publisher name must be specified in full_path format
e.g. /Foo/my-publisher.
type: str
quota_exceeded:
description:
- Configuration of log entries generated when a NAT client exceeds allocated resources.
suboptions:
action:
choices:
- enabled
- disabled
description:
- When set to C(enabled), sets the system to log entries generated when a
NAT client exceeds allocated resources.
- When set to C(disabled), disables logging of events when a NAT client exceeds
allocated resources.
type: str
storage_format:
description:
- Configures the custom formatting of NAT events log messages.
suboptions:
delimiter:
description:
- Specifies the delimiter string, when C(type) is set to C(field-list).
type: str
fields:
description:
- Lists the items the server logs, and the order in which the server logs
them. The order in which items are specified in the list matters. The
server displays the items in the log sequentially from top down.
- 'The valid elements that can be specified in the list are: context_name,
dest_ip, dest_port, event_name, protocol, route_domain, src_ip, src_port,
sub_id, timestamp, translated_dest_ip, translated_dest_port, translated_route_domain,
translated_src_ip, translated_src_port.'
elements: str
type: list
type:
choices:
- field-list
- user-defined
- none
description:
- Specifies the format type for log messages.
- When set to C(none) the system uses default format type to log the messages
to a Remote Syslog server.
- When set to C(field-list), the system uses a set of fields, set in a
specific order, to log messages.
- When set to C(user-defined) the system uses a user-defined string to
log messages.
- When set to C(none) the C(fields) and C(user_string) parameters are
ignored.
type: str
user_string:
description:
- Specifies the format the system uses to log messages is in the form
of a user-defined string.
type: str
type: dict
type: dict
rate_limit_aggregate_rate:
description:
- Defines a rate limit for all combined NAT log messages per second. Beyond this
rate limit, log messages are not logged.
- Valid values are C(0 - 4294967295) messages/sec, or C(indefinite). With values
C(4294967295) and C(indefinite) being synonymous.
type: str
rate_limit_end_inbound_session:
description:
- Sets a rate limit for logging of log entries at the end of the incoming connection
event for a translated endpoint.
- If this rate limit is exceeded, log messages of this type are not logged until
the threshold drops below the specified rate.
- Valid values are C(0 - 4294967295) messages/sec, or C(indefinite). With values
C(4294967295) and C(indefinite) being synonymous.
type: str
rate_limit_end_outbound_session:
description:
- Sets a rate limit for logging of log entries at the end of translation event
for a NAT client.
- If this rate limit is exceeded, log messages of this type are not logged until
the threshold drops below the specified rate.
- Valid values are C(0 - 4294967295) messages/sec, or C(indefinite). With values
C(4294967295) and C(indefinite) being synonymous.
type: str
rate_limit_errors:
description:
- Sets a rate limit for logging of events when NAT translation errors occur.
- If this rate limit is exceeded, log messages of this type are not logged until
the threshold drops below the specified rate.
- Valid values are C(0 - 4294967295) messages/sec, or C(indefinite). With values
C(4294967295) and C(indefinite) being synonymous.
type: str
rate_limit_quota_exceeded:
description:
- Sets a rate limit for logging of log entries when a NAT client exceeds allocated
resources.
- If this rate limit is exceeded, log messages of this type are not logged until
the threshold drops below the specified rate.
- Valid values are C(0 - 4294967295) messages/sec, or C(indefinite). With values
C(4294967295) and C(indefinite) being synonymous.
type: str
rate_limit_start_inbound_session:
description:
- Sets a rate limit for logging of log entries at the start of the incoming connection
event for a translated endpoint.
- If this rate limit is exceeded, log messages of this type are not logged until
the threshold drops below the specified rate.
- Valid values are C(0 - 4294967295) messages/sec, or C(indefinite). With values
C(4294967295) and C(indefinite) being synonymous.
type: str
rate_limit_start_outbound_session:
description:
- Sets a rate limit for logging of log entries at the start of the translation
event for a NAT client.
- If this rate limit is exceeded, log messages of this type are not logged until
the threshold drops below the specified rate.
- Valid values are C(0 - 4294967295) messages/sec, or C(indefinite). With values
C(4294967295) and C(indefinite) being synonymous.
type: str
start_inbound_session:
description:
- Configuration of log entries generated at the start of the incoming connection
event for a translated endpoint.
suboptions:
action:
choices:
- enabled
- disabled
- backup-allocation-only
description:
- When set to C(enabled), sets the system to log entries for start of the
incoming connection event for a translated endpoint.
- When set to C(disabled), disables logging of the start of the incoming connection
event for a translated endpoint.
- When set to C(backup-allocation-only), sets the system to generate the associated
type of log entries only when the translation address for the client is
chosen from the backup pool.
type: str
storage_format:
description:
- Configures the custom formatting of NAT events log messages.
suboptions:
delimiter:
description:
- Specifies the delimiter string, when C(type) is set to C(field-list).
type: str
fields:
description:
- Lists the items the server logs, and the order in which the server logs
them. The order in which items are specified in the list matters. The
server displays the items in the log sequentially from top down.
- 'The valid elements that can be specified in the list are: context_name,
dest_ip, dest_port, event_name, protocol, route_domain, src_ip, src_port,
sub_id, timestamp, translated_dest_ip, translated_dest_port, translated_route_domain,
translated_src_ip, translated_src_port.'
elements: str
type: list
type:
choices:
- field-list
- user-defined
- none
description:
- Specifies the format type for log messages.
- When set to C(none), the system uses default format type to log the
messages to a Remote Syslog server.
- When set to C(field-list), the system uses a set of fields, set in a
specific order, to log messages.
- When set to C(user-defined), the system uses a user-defined string to
log messages.
- When set to C(none) the C(fields) and C(user_string) parameters are
ignored.
type: str
user_string:
description:
- Specifies the format the system uses to log messages is in the form
of a user-defined string.
type: str
type: dict
type: dict
start_outbound_session:
description:
- Configuration of log entries generated at the start of the incoming connection
event for a translated endpoint.
suboptions:
action:
choices:
- enabled
- disabled
- backup-allocation-only
description:
- When set to C(enabled), sets the system to log entries for the start of
the incoming connection event for a translated endpoint.
- When set to C(disabled), disables logging of the start of the incoming connection
event for a translated endpoint.
- When set to C(backup-allocation-only), sets the system to generate the associated
type of log entries only when the translation address for the client is
chosen from the backup pool.
type: str
include_dest_addr_port:
description:
- Enable or disable logging of destination IP address and port information.
type: bool
storage_format:
description:
- Configures custom formatting of NAT events log messages.
suboptions:
delimiter:
description:
- Specifies the delimiter string, when C(type) is set to C(field-list).
type: str
fields:
description:
- Lists the items the server logs, and the order in which the server logs
them. The order in which items are specified in the list matters. The
server displays the items in the log sequentially from top down.
- 'The valid elements that can be specified in the list are: context_name,
dest_ip, dest_port, event_name, protocol, route_domain, src_ip, src_port,
sub_id, timestamp, translated_dest_ip, translated_dest_port, translated_route_domain,
translated_src_ip, translated_src_port.'
elements: str
type: list
type:
choices:
- field-list
- user-defined
- none
description:
- Specifies the format type for log messages.
- When set to C(none), the system uses the default format type to log
the messages to a Remote Syslog server.
- When set to C(field-list), the system uses a set of fields, set in a
specific order, to log messages.
- When set to C(user-defined), the system uses a user-defined string to
log messages.
- When set to C(none) the C(fields) and C(user_string) parameters are
ignored.
type: str
user_string:
description:
- Specifies the format the system uses to log messages is in the form
of a user-defined string.
type: str
type: dict
type: dict
type: dict
name:
description:
- Specifies the name of the security log profile to manage.
required: true
type: str
state:
choices:
- absent
- present
default: present
description:
- When C(present), ensures the security log profile is created.
- When C(absent), ensures the security log profile is removed.
type: str
partition:
default: Common
description:
- Device partition to manage resources on.
type: str
bot_defense:
description:
- Configures system logging of events from the Bot Defense mechanism.
- When configuring a new profile with C(bot_defense) both C(publisher) and one of
C(log_*) options must be specified.
- When modifying a profile's C(bot_defense) settings at least one C(log_*) options
must remain set to C(yes) on the device. In case when during modify operation the
device returns an API errors user must consult device configuration to determine
if the selected option can be set to C(no).
suboptions:
log_alarm:
description:
- Enable/Disable logging of requests triggering ALARM mitigation action of the
Bot Defense logging profile.
type: bool
log_block:
description:
- Enable/Disable logging of requests triggering Block mitigation action of the
Bot Defense logging profile.
type: bool
log_browser:
description:
- TBD
type: bool
log_browser_verification_action:
description:
- TBD
type: bool
log_captcha:
description:
- TBD
type: bool
log_challenge_failure_request:
description:
- TBD
type: bool
log_device_id_collection_request:
description:
- TBD
type: bool
log_honeypot_page:
description:
- TBD
type: bool
log_mobile_application:
description:
- TBD
type: bool
log_none:
description:
- TBD
type: bool
log_rate_limit:
description:
- TBD
type: bool
log_redirect_to_pool:
description:
- TBD
type: bool
log_suspicious_browser:
description:
- TBD
type: bool
log_tcp_reset:
description:
- TBD
type: bool
log_trusted_bot:
description:
- TBD
type: bool
log_unknown:
description:
- TBD
type: bool
log_untrusted_bot:
description:
- TBD
type: bool
publisher:
description:
- Specifies the name of the local log publisher used for Bot Defense log messages.
- If desired log publisher is configured on a different partition to where log
profile is created a publisher name must be specified in full_path format e.g.
/Foo/my-publisher.
type: str
send_remote_challenge_failure_messages:
description:
- to be determined
type: bool
type: dict
description:
description:
- Specifies descriptive text that identifies security log profile.
type: str
dns_security:
description:
- Configures the system to log dropped, malformed, or rejected requests for DNS Security.
suboptions:
log_dns_drop:
description:
- Enable/Disable logging of dropped DNS requests.
type: bool
log_dns_filtered_drop:
description:
- Enable/Disable logging of DNS requests dropped due to DNS query/header-opcode
filtering.
- The system does not log DNS requests that are dropped due to errors in the way
the system processes DNS packets.
type: bool
log_dns_malformed:
description:
- Enable/Disable logging of malformed DNS requests.
type: bool
log_dns_malicious:
description:
- Enable/Disable logging of malicious DNS requests.
type: bool
log_dns_reject:
description:
- Enable/Disable logging of rejected DNS requests.
type: bool
publisher:
description:
- Specifies the name of the log publisher used for logging DNS security events.
- If desired log publisher is configured on a different partition to where log
profile is created a publisher name must be specified in full_path format e.g.
/Foo/my-publisher.
type: str
storage_format:
description:
- Configures custom formatting of DNS security log messages.
suboptions:
delimiter:
description:
- Specifies the delimiter string, when C(type) is set to C(field-list).
type: str
fields:
description:
- Lists the items the server logs, and the order in which the server logs
them due to that the order of in which items are specified on the list matters.
The server displays the items in the log sequentially from top down.
- 'The valid elements that can be specified in the list are: action, attack_type,
context_name, date_time, dest_ip, dest_port, dns_query_name, dns_query_type,
route_domain, src_ip, src_port, vlan.'
elements: str
type: list
type:
choices:
- field-list
- user-defined
- none
description:
- Specifies the format type for log messages.
- When set to C(none) the system uses default format type to log the messages
to a Remote Syslog server.
- When set to C(field-list) the system uses a set of fields, set in a specific
order, to log messages.
- When set to C(user-defined) the system uses to log messages is in the form
of a user-defined string.
- When set to C(none) the C(fields) and C(user_string) parameters are ignored.
type: str
user_string:
description:
- Specifies that the format the system uses to log messages is in the form
of a user-defined string.
type: str
type: dict
type: dict
sip_security:
description:
- Configure the system to log dropped and malformed malicious SIP requests, global
and request failures, redirected responses, and server errors for SIP Security.
suboptions:
log_sip_drop:
description:
- Enable/Disable logging of dropped SIP requests.
type: bool
log_sip_global_failures:
description:
- Enable/Disable logging of SIP global failures.
- The system does not log DNS requests that are dropped due to errors in the way
the system processes DNS packets.
type: bool
log_sip_malformed:
description:
- Enable/Disable logging of malformed SIP requests.
type: bool
log_sip_redirect_responses:
description:
- Enable/Disable logging of SIP redirection responses.
type: bool
log_sip_request_failures:
description:
- Enable/Disable logging of SIP request failures.
type: bool
log_sip_server_errors:
description:
- Enable/Disable logging of SIP server errors.
type: bool
publisher:
description:
- Specifies the name of the log publisher used for logging SIP protocol security
events.
- If desired log publisher is configured on a different partition to where log
profile is created a publisher name must be specified in full_path format e.g.
/Foo/my-publisher.
type: str
storage_format:
description:
- Configures custom formatting of SIP security log messages.
suboptions:
delimiter:
description:
- Specifies the delimiter string, when C(type) is set to C(field-list).
type: str
fields:
description:
- Lists the items the server logs, and the order in which the server logs
them due to that the order of in which items are specified on the list matters.
The server displays the items in the log sequentially from top down.
- 'The valid elements that can be specified in the list are: action, context_name,
date_time, dest_ip, dest_port, route_domain, sip_callee, sip_caller, sip_method_type,
src_ip, src_port, vlan.'
elements: str
type: list
type:
choices:
- field-list
- user-defined
- none
description:
- Specifies the format type for log messages.
- When set to C(none) the system uses default format type to log the messages
to a Remote Syslog server.
- When set to C(field-list) the system uses a set of fields, set in a specific
order, to log messages.
- When set to C(user-defined) the system uses to log messages is in the form
of a user-defined string.
- When set to C(none) the C(fields) and C(user_string) parameters are ignored.
type: str
user_string:
description:
- Specifies that the format the system uses to log messages is in the form
of a user-defined string.
type: str
type: dict
type: dict
packet_filter:
description:
- Configures logging of IPv6 Extension Header packet filter rule match events.
suboptions:
publisher:
description:
- Specifies the name of the log publisher used for logging of IPv6 Extension Header
Packet Filter rule match events.
- If desired log publisher is configured on a different partition to where log
profile is created a publisher name must be specified in full_path format e.g.
/Foo/my-publisher.
type: str
rate:
description:
- Configures a rate limit for all combined IPv6 Extension Header packet filter
log messages per second.
- Beyond this rate limit, log messages are not logged until the threshold drops
below the specified rate.
- Valid value range is C(1 - 1000) messages/sec
type: int
type: dict
auto_discovery:
description:
- Specifies log publisher that the system uses to log Auto Discovered Service/Server
events.
- Defines log publisher as configured on the BIG-IP.
- If desired log publisher is configured on a different partition to where log profile
is created a publisher name must be specified in full_path format e.g. /Foo/my-publisher.
type: str
classification:
description:
- Configures logging of events from the Classification engine.
suboptions:
log_matches:
description:
- Enables/Disable logging of all events from the Classification engine.
type: bool
publisher:
description:
- Specifies the name of the log publisher used for logging of Classification engine
events.
- If desired log publisher is configured on a different partition to where log
profile is created a publisher name must be specified in full_path format e.g.
/Foo/my-publisher.
type: str
type: dict
dos_protection:
description:
- Defines the log publishers used by the system to log detected DoS attacks.
suboptions:
application:
description:
- Defines the log publisher used for log Application DoS attacks.
- If desired log publisher is configured on a different partition to where log
profile is created a publisher name must be specified in full_path format e.g.
/Foo/my-publisher.
type: str
dns:
description:
- Specifies the name of the log publisher used for logging DNS DoS events.
- If desired log publisher is configured on a different partition to where log
profile is created a publisher name must be specified in full_path format e.g.
/Foo/my-publisher.
type: str
network:
description:
- Specifies the name of the log publisher used for logging Network DoS events.
- If desired log publisher is configured on a different partition to where log
profile is created a publisher name must be specified in full_path format e.g.
/Foo/my-publisher.
type: str
sip:
description:
- Specifies the name of the log publisher used for logging SIP DoS events.
- If desired log publisher is configured on a different partition to where log
profile is created a publisher name must be specified in full_path format e.g.
/Foo/my-publisher.
type: str
type: dict
network_security:
description:
- Configures the system to log network firewall events.
suboptions:
log_acl_match_accept:
description:
- Enable/Disable logging of packets that match ACL rules configured with action
= Accept.
type: bool
log_acl_match_drop:
description:
- Enable/Disable logging of packets that match ACL rules configured with action
= Drop."
type: bool
log_acl_match_reject:
description:
- Enable/Disable logging of packets that match ACL rules configured with action
= Reject."
type: bool
log_acl_to_box_deny:
description:
- Enable/Disable logging of any packet that is dropped or denied by management
port firewall rules.
- This option takes effect only when management port firewall rules are configured
on the device.
type: bool
log_geo_always:
description:
- Enable/Disable logging of Geo IP Location information.
type: bool
log_ip_errors:
description:
- Enable/Disable logging of IP errors.
type: bool
log_tcp_errors:
description:
- Enable/Disable logging of TCP errors.
type: bool
log_tcp_events:
description:
- Enable/Disable logging of TCP events (open and close of TCP sessions).
type: bool
log_translation_fields:
description:
- Enable/Disable logging of translation fields in ACL and TCP events.
type: bool
log_user_always:
description:
- Enable/Disable logging of certain subscriber information (e.g. subscriber ID
and/or subscriber group) if it is available.
- This option is in effect only when device has a provisioned and configured PEM
module in addition to AFM.
type: bool
log_uuid_field:
description:
- Enable/Disable logging of UUID of the specific rule that triggered the log message.
type: bool
publisher:
description:
- Specifies the name of the log publisher used for logging network events.
- If desired log publisher is configured on a different partition to where log
profile is created a publisher name must be specified in full_path format e.g.
/Foo/my-publisher.
type: str
rate_limit_acl_match_accept:
description:
- Sets a rate limit for all network firewall log messages with this acl match
accept action.
- If this rate limit is exceeded, log messages of this action type are not logged
until the threshold drops below the specified rate.
- Valid values are C(0 - 4294967295) messages/sec, or C(indefinite). With values
C(4294967295) and C(indefinite) being synonymous.
type: str
rate_limit_acl_match_drop:
description:
- Sets a rate limit for all network firewall log messages with this acl match
drop action.
- If this rate limit is exceeded, log messages of this action type are not logged
until the threshold drops below the specified rate.
- Valid values are C(0 - 4294967295) messages/sec, or C(indefinite). With values
C(4294967295) and C(indefinite) being synonymous.
type: str
rate_limit_aggregate_rate:
description:
- Defines a rate limit for all combined network firewall log messages per second.
Beyond this rate limit, log messages are not logged.
- Rate Limits are calculated per-second, per TMM, with each TMM throttling as
needed, independently of other TMMs.
- Valid values are C(0 - 4294967295) messages/sec, or C(indefinite). With values
C(4294967295) and C(indefinite) being synonymous.
type: str
rate_limit_ip_errors:
description:
- Sets a rate limit for logging of IP error packets.
- If this rate limit is exceeded, log messages of this type are not logged until
the threshold drops below the specified rate.
- Valid values are C(0 - 4294967295) messages/sec, or C(indefinite). With values
C(4294967295) and C(indefinite) being synonymous.
type: str
rate_limit_match_reject:
description:
- Sets a rate limit for all network firewall log messages with this acl match
reject action.
- If this rate limit is exceeded, log messages of this action type are not logged
until the threshold drops below the specified rate.
- Valid values are C(0 - 4294967295) messages/sec, or C(indefinite). With values
C(4294967295) and C(indefinite) being synonymous.
type: str
rate_limit_tcp_errors:
description:
- Sets a rate limit for logging of TCP error packets.
- If this rate limit is exceeded, log messages of this type are not logged until
the threshold drops below the specified rate.
- Valid values are C(0 - 4294967295) messages/sec, or C(indefinite). With values
C(4294967295) and C(indefinite) being synonymous.
type: str
rate_limit_tcp_events:
description:
- Sets a rate limit for logging of TCP events.
- If this rate limit is exceeded, log messages of this type are not logged until
the threshold drops below the specified rate.
- Valid values are C(0 - 4294967295) messages/sec, or C(indefinite). With values
C(4294967295) and C(indefinite) being synonymous.
type: str
storage_format:
description:
- Configures custom formatting of network events log messages.
suboptions:
delimiter:
description:
- Specifies the delimiter string, when C(type) is set to C(field-list).
type: str
fields:
description:
- Lists the items the server logs, and the order in which the server logs
them due to that the order of in which items are specified on the list matters.
The server displays the items in the log sequentially from top down.
- 'The valid elements that can be specified in the list are: acl_policy_name,
acl_policy_type, acl_rule_name, acl_rule_uuid, action, bigip_hostname, context_name,
context_type, date_time, dest_fqdn, dest_geo, dest_ip, dest_ipint_categories,
dest_port, drop_reason, management_ip_address, protocol, route_domain, sa_translation_pool,
sa_translation_type, source_fqdn, source_ipint_categories, source_user,
src_geo, src_ip, src_port, translated_dest_ip, translated_dest_port, translated_ip_protocol,
translated_route_domain, translated_src_ip, translated_src_port, translated_vlan,
vlan.'
elements: str
type: list
type:
choices:
- field-list
- user-defined
- none
description:
- Specifies the format type for log messages.
- When set to C(none) the system uses default format type to log the messages
to a Remote Syslog server.
- When set to C(field-list) the system uses a set of fields, set in a specific
order, to log messages.
- When set to C(user-defined) the system uses to log messages is in the form
of a user-defined string.
- When set to C(none) the C(fields) and C(user_string) parameters are ignored.
type: str
user_string:
description:
- Specifies that the format the system uses to log messages is in the form
of a user-defined string.
type: str
type: dict
type: dict
protocol_inspection:
description:
- Configures system logging of events from the Protocol Inspection engine.
suboptions:
log_packet:
description:
- Enables/Disable logging of packet payload for Protocol Inspection events.
type: bool
publisher:
description:
- Specifies the name of the log publisher used for logging of Protocol Inspection
events.
- If desired log publisher is configured on a different partition to where log
profile is created a publisher name must be specified in full_path format e.g.
/Foo/my-publisher.
type: str
type: dict
auto_discovery:
description:
- The log publisher the system uses to log Auto Discovered Service/Server events.
returned: changed
sample: /Common/foo-publisher
type: str
bot_defense:
contains:
log_alarm:
description:
- Enable/Disable logging of requests triggering ALARM mitigation action of the
Bot Defense logging profile.
returned: changed
sample: true
type: bool
log_block:
description:
- Enable/Disable logging of requests triggering Block mitigation action of the
Bot Defense logging profile.
returned: changed
sample: true
type: bool
log_browser:
description:
- TBD
returned: changed
sample: true
type: bool
log_browser_verification_action:
description:
- TBD
returned: changed
sample: true
type: bool
log_captcha:
description:
- TBD
returned: changed
sample: true
type: bool
log_challenge_failure_request:
description:
- TBD
returned: changed
sample: true
type: bool
log_device_id_collection_request:
description:
- TBD
returned: changed
sample: true
type: bool
log_honeypot_page:
description:
- TBD
returned: changed
sample: true
type: bool
log_mobile_application:
description:
- TBD
returned: changed
sample: true
type: bool
log_none:
description:
- TBD
returned: changed
sample: true
type: bool
log_rate_limit:
description:
- TBD
returned: changed
sample: true
type: bool
log_redirect_to_pool:
description:
- TBD
returned: changed
sample: true
type: bool
log_suspicious_browser:
description:
- TBD
returned: changed
sample: true
type: bool
log_tcp_reset:
description:
- TBD
returned: changed
sample: true
type: bool
log_trusted_bot:
description:
- TBD
returned: changed
sample: true
type: bool
log_unknown:
description:
- TBD
returned: changed
sample: true
type: bool
log_untrusted_bot:
description:
- TBD
returned: changed
sample: true
type: bool
publisher:
description:
- The name of the local log publisher used for Bot Defense log messages.
returned: changed
sample: /Common/foo-publisher
type: str
send_remote_challenge_failure_messages:
description:
- TBD
returned: changed
sample: true
type: bool
description:
- The system logging of events from the Bot Defense mechanism.
returned: changed
type: complex
classification:
contains:
log_matches:
description:
- Enables/Disable logging of all events from the Classification engine.
returned: changed
sample: true
type: bool
publisher:
description:
- The name of the log publisher used for logging of Classification engine events.
returned: changed
sample: /Common/foo-publisher
type: str
description:
- The system logging of events from the Classification engine.
returned: changed
type: complex
description:
description:
- Specifies descriptive text that identifies security log profile.
returned: changed
sample: this is a text
type: str
dns_security:
contains:
log_dns_drop:
description:
- Enable/Disable logging of dropped DNS requests.
returned: changed
sample: true
type: bool
log_dns_filtered_drop:
description:
- Enable/Disable logging of DNS requests dropped due to DNS query/header-opcode
filtering.
returned: changed
sample: true
type: bool
log_dns_malformed:
description:
- Enable/Disable logging of malformed DNS requests.
returned: changed
sample: true
type: bool
log_dns_malicious:
description:
- Enable/Disable logging of malicious DNS requests.
returned: changed
sample: true
type: bool
log_dns_reject:
description:
- Enable/Disable logging of rejected DNS requests.
returned: changed
sample: true
type: bool
publisher:
description:
- The name of the log publisher used for logging DNS security events.
returned: changed
sample: /Common/foo-publisher
type: str
storage_format:
contains:
delimiter:
description:
- The delimiter string.
returned: changed
sample: '-'
type: str
fields:
description:
- The items the server logs.
returned: changed
sample:
- action
- vlan
type: list
type:
description:
- The format type for log messages.
returned: changed
sample: user-defined
type: str
user_string:
description:
- User-defined string.
returned: changed
sample: $action
type: str
description:
- The formatting of DNS security log messages.
returned: changed
type: complex
description:
- Configures the system to log dropped, malformed, or rejected requests for DNS
Security.
returned: changed
type: complex
dos_protection:
contains:
application:
description:
- The log publisher used for log Application DoS attacks.
returned: changed
sample: /Common/foo-publisher
type: str
dns:
description:
- The log publisher used for logging DNS DoS events.
returned: changed
sample: /Common/foo-publisher
type: str
network:
description:
- The log publisher used for logging Network DoS events.
returned: changed
sample: /Common/foo-publisher
type: str
sip:
description:
- The log publisher the system uses to log SIP DoS events.
returned: changed
sample: /Common/foo-publisher
type: str
description:
- The log publishers used by the system to log detected DoS attacks.
returned: changed
type: complex
nat:
contains:
end_inbound_session:
contains:
action:
description:
- Configures system to log entries for the end of the incoming connection
event for a translated endpoint.
returned: changed
sample: enabled
type: str
storage_format:
contains:
delimiter:
description:
- The delimiter string.
returned: changed
sample: '-'
type: str
fields:
description:
- The items the server logs.
returned: changed
sample:
- dest_ip
- dest_port
type: list
type:
description:
- The format type for log messages.
returned: changed
sample: user-defined
type: str
user_string:
description:
- User-defined string.
returned: changed
sample: $dest_ip
type: str
description:
- The formatting of NAT events log messages.
returned: changed
type: complex
description:
- Configuration of log entries generated the end of the incoming connection
event for a translated endpoint.
returned: changed
type: complex
end_outbound_session:
contains:
action:
description:
- Configures system to log entries for the end of translation event for
a NAT client.
returned: changed
sample: enabled
type: str
include_dest_addr_port:
description:
- Enable/Disable logging of destination IP address and port information.
returned: changed
sample: true
type: bool
storage_format:
contains:
delimiter:
description:
- The delimiter string.
returned: changed
sample: '-'
type: str
fields:
description:
- The items the server logs.
returned: changed
sample:
- dest_ip
- dest_port
type: list
type:
description:
- The format type for log messages.
returned: changed
sample: user-defined
type: str
user_string:
description:
- User-defined string.
returned: changed
sample: $dest_ip
type: str
description:
- The formatting of NAT events log messages.
returned: changed
type: complex
description:
- Configuration of log entries generated at end of translation event for a NAT
client.
returned: changed
type: complex
errors:
contains:
action:
description:
- Configures system to log entries generated when a NAT translation errors
occur.
returned: changed
sample: enabled
type: str
storage_format:
contains:
delimiter:
description:
- The delimiter string.
returned: changed
sample: '-'
type: str
fields:
description:
- The items the server logs.
returned: changed
sample:
- dest_ip
- dest_port
type: list
type:
description:
- The format type for log messages.
returned: changed
sample: user-defined
type: str
user_string:
description:
- User-defined string.
returned: changed
sample: $dest_ip
type: str
description:
- The formatting of NAT events log messages.
returned: changed
type: complex
description:
- Configuration of log entries generated when a NAT translation errors occur.
returned: changed
type: complex
log_subscriber_id:
description:
- Enable/Disable logging of the subscriber ID associated with a subscriber IP
address.
returned: changed
sample: true
type: bool
lsn_legacy_mode:
description:
- Enable/Disable use of legacy CGNAT/LSN logging facility instead of the new
Firewall NAT logging capability.
returned: changed
sample: true
type: bool
publisher:
description:
- The name of the log publisher used for logging Network Address Translation
events.
returned: changed
sample: /Common/foo-publisher
type: str
quota_exceeded:
contains:
action:
description:
- Configures system to log entries generated when a NAT client exceeds allocated
resources.
returned: changed
sample: enabled
type: str
storage_format:
contains:
delimiter:
description:
- The delimiter string.
returned: changed
sample: '-'
type: str
fields:
description:
- The items the server logs.
returned: changed
sample:
- dest_ip
- dest_port
type: list
type:
description:
- The format type for log messages.
returned: changed
sample: user-defined
type: str
user_string:
description:
- User-defined string.
returned: changed
sample: $dest_ip
type: str
description:
- The formatting of NAT events log messages.
returned: changed
type: complex
description:
- Configuration of log entries generated when a NAT client exceeds allocated
resources.
returned: changed
type: complex
rate_limit_aggregate_rate:
description:
- The rate limit for all combined NAT log messages per second.
returned: changed
sample: indefinite
type: str
rate_limit_end_inbound_session:
description:
- The rate limit for logging of log entries at the end of the incoming connection
event for a translated endpoint.
returned: changed
sample: indefinite
type: str
rate_limit_end_outbound_session:
description:
- The rate limit for logging of log entries at end of translation event for
a NAT client.
returned: changed
sample: indefinite
type: str
rate_limit_errors:
description:
- The rate limit for logging of events when NAT translation errors occur.
returned: changed
sample: indefinite
type: str
rate_limit_quota_exceeded:
description:
- The rate limit for logging of log entries when a NAT client exceeds allocated
resources.
returned: changed
sample: indefinite
type: str
rate_limit_start_inbound_session:
description:
- The rate limit for logging of log entries at the start of the incoming connection
event for a translated endpoint.
returned: changed
sample: indefinite
type: str
rate_limit_start_outbound_session:
description:
- The rate limit for logging of log entries at start of the translation event
for a NAT client.
returned: changed
sample: indefinite
type: str
start_inbound_session:
contains:
action:
description:
- Configures system to log entries for start of the incoming connection
event for a translated endpoint.
returned: changed
sample: enabled
type: str
storage_format:
contains:
delimiter:
description:
- The delimiter string.
returned: changed
sample: '-'
type: str
fields:
description:
- The items the server logs.
returned: changed
sample:
- dest_ip
- dest_port
type: list
type:
description:
- The format type for log messages.
returned: changed
sample: user-defined
type: str
user_string:
description:
- User-defined string.
returned: changed
sample: $dest_ip
type: str
description:
- The formatting of NAT events log messages.
returned: changed
type: complex
description:
- Configuration of log entries generated at the start of the incoming connection
event for a translated endpoint.
returned: changed
type: complex
start_outbound_session:
contains:
action:
description:
- Configures system to log entries for the start of the incoming connection
event for a translated endpoint.
returned: changed
sample: enabled
type: str
include_dest_addr_port:
description:
- Enable/Disable logging of destination IP address and port information.
returned: changed
sample: true
type: bool
storage_format:
contains:
delimiter:
description:
- The delimiter string.
returned: changed
sample: '-'
type: str
fields:
description:
- The items the server logs.
returned: changed
sample:
- dest_ip
- dest_port
type: list
type:
description:
- The format type for log messages.
returned: changed
sample: user-defined
type: str
user_string:
description:
- User-defined string.
returned: changed
sample: $dest_ip
type: str
description:
- The formatting of NAT events log messages.
returned: changed
type: complex
description:
- Configuration of log entries generated at the start of the incoming connection
event for a translated endpoint.
returned: changed
type: complex
description:
- Configures the system to log firewall NAT events.
returned: changed
type: complex
network_security:
contains:
log_acl_match_accept:
description:
- Enable/Disable logging of packets that match ACL rules action accept.
returned: changed
sample: true
type: bool
log_acl_match_drop:
description:
- Enable/Disable logging of packets that match ACL rules action drop.
returned: changed
sample: true
type: bool
log_acl_match_reject:
description:
- Enable/Disable logging of packets that match ACL rules action reject.
returned: changed
sample: true
type: bool
log_acl_to_box_deny:
description:
- nable/Disable logging of any packet that is dropped or denied by management
port firewall rules.
returned: changed
sample: true
type: bool
log_geo_always:
description:
- Enable/Disable logging of Geo IP Location information.
returned: changed
sample: true
type: bool
log_ip_errors:
description:
- Enable/Disable logging of IP errors.
returned: changed
sample: true
type: bool
log_tcp_errors:
description:
- Enable/Disable logging of TCP errors.
returned: changed
sample: true
type: bool
log_tcp_events:
description:
- Enable/Disable logging of TCP events.
returned: changed
sample: true
type: bool
log_translation_fields:
description:
- Enable/Disable logging of translation fields in ACL and TCP events.
returned: changed
sample: true
type: bool
log_user_always:
description:
- Enable/Disable logging of certain subscriber information.
returned: changed
sample: true
type: bool
log_uuid_field:
description:
- Enable/Disable logging of UUID of the specific rule that triggered the log
message.
returned: changed
sample: true
type: bool
publisher:
description:
- The name of the log publisher used for logging network events.
returned: changed
sample: /Common/foo-publisher
type: str
rate_limit_acl_match_accept:
description:
- The rate limit for all network firewall log messages with this acl match accept
action.
returned: changed
sample: indefinite
type: str
rate_limit_acl_match_drop:
description:
- The rate limit for all network firewall log messages with this acl match drop
action.
returned: changed
sample: indefinite
type: str
rate_limit_aggregate_rate:
description:
- The rate limit for all combined network firewall log messages per second.
returned: changed
sample: indefinite
type: str
rate_limit_ip_errors:
description:
- The rate limit for logging of IP error packet.
returned: changed
sample: indefinite
type: str
rate_limit_match_reject:
description:
- The rate limit for all network firewall log messages with this acl match reject
action.
returned: changed
sample: indefinite
type: str
rate_limit_tcp_errors:
description:
- The rate limit for logging of TCP error packets.
returned: changed
sample: indefinite
type: str
rate_limit_tcp_events:
description:
- The rate limit for logging of TCP events.
returned: changed
sample: indefinite
type: str
storage_format:
contains:
delimiter:
description:
- The delimiter string.
returned: changed
sample: '-'
type: str
fields:
description:
- The items the server logs.
returned: changed
sample:
- action
- vlan
type: list
type:
description:
- The format type for log messages.
returned: changed
sample: user-defined
type: str
user_string:
description:
- User-defined string.
returned: changed
sample: $action
type: str
description:
- The formatting of network events log messages.
returned: changed
type: complex
description:
- Configures the system to log network firewall events.
returned: changed
type: complex
packet_filter:
contains:
publisher:
description:
- The name of the log publisher used for logging of IPv6 Extension Header Packet
Filter rule match events.
returned: changed
sample: /Common/foo-publisher
type: str
rate:
description:
- The rate limit for all combined IPv6 Extension Header packet filter log messages
per second.
returned: changed
sample: 400
type: int
description:
- Configures logging of IPv6 Extension Header packet filter rule match events.
returned: changed
type: complex
protocol_inspection:
contains:
publisher:
description:
- The name of the log publisher used for logging of Protocol Inspection events.
returned: changed
sample: /Common/foo-publisher
type: str
rate:
description:
- Enables/Disable logging of packet payload for Protocol Inspection events.
returned: changed
sample: true
type: bool
description:
- Configures logging of events from the Protocol Inspection engine.
returned: changed
type: complex
sip_security:
contains:
log_sip_drop:
description:
- Enable/Disable logging of dropped SIP requests.
returned: changed
sample: true
type: bool
log_sip_global_failures:
description:
- Enable/Disable logging of SIP global failures.
returned: changed
sample: true
type: bool
log_sip_malformed:
description:
- Enable/Disable logging of malformed SIP requests.
returned: changed
sample: true
type: bool
log_sip_redirect_responses:
description:
- Enable/Disable logging of SIP redirection responses.
returned: changed
sample: true
type: bool
log_sip_request_failures:
description:
- Enable/Disable logging of SIP request failures.
returned: changed
sample: true
type: bool
log_sip_server_errors:
description:
- Enable/Disable logging of SIP server errors.
returned: changed
sample: true
type: bool
publisher:
description:
- The name of the log publisher used for logging SIP protocol security events.
returned: changed
sample: /Common/foo-publisher
type: str
storage_format:
contains:
delimiter:
description:
- The delimiter string.
returned: changed
sample: '-'
type: str
fields:
description:
- The items the server logs.
returned: changed
sample:
- action
- vlan
type: list
type:
description:
- The format type for log messages.
returned: changed
sample: user-defined
type: str
user_string:
description:
- User-defined string.
returned: changed
sample: $action
type: str
description:
- The formatting of SIP security log messages.
returned: changed
type: complex
description:
- Configures the system to log dropped and malformed malicious SIP requests, global
and request failures, redirected responses, and server errors for SIP Security.
returned: changed
type: complex