Try SpotterManages AFM logging profiles configured in the system
| "added in version" 1.0.0 of f5networks.f5_modules"
Authors: Wojciech Wypior (@wojtek0806)
Install with ansible-galaxy collection install f5networks.f5_modules:==1.28.0
collections:
- name: f5networks.f5_modules
version: 1.28.0Manages AFM (Advanced Firewall Manager) logging profiles configured in the system along with basic information about each profile.
- name: Create a basic log profile with port misuse
bigip_firewall_log_profile:
name: barbaz
port_misuse:
rate_limit: 30000
log_publisher: local-db-pub
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Change ip_intelligence settings, publisher on different partition, remove port misuse
bigip_firewall_log_profile:
name: barbaz
ip_intelligence:
rate_limit: 400000
log_translation_fields: true
log_rtbh: true
log_publisher: "/foobar/non-local-db"
port_misuse:
log_publisher: ""
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Create a log profile with dos protection, different partition
bigip_firewall_log_profile:
name: foobar
partition: foobar
dos_protection:
dns_publisher: "/Common/local-db-pub"
sip_publisher: "non-local-db"
network_publisher: "/Common/local-db-pub"
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Remove log profile
bigip_firewall_log_profile:
name: barbaz
partition: Common
state: absent
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
name:
description:
- Specifies the name of the log profile.
required: true
type: str
state:
choices:
- present
- absent
default: present
description:
- When C(state) is C(present), ensures the resource exists.
- When C(state) is C(absent), ensures the resource is removed. Attempts to remove
built-in system profiles are ignored and no change is returned.
type: str
provider:
description:
- A dict object containing connection details.
suboptions:
auth_provider:
description:
- Configures the auth provider for to obtain authentication tokens from the remote
device.
- This option is really used when working with BIG-IQ devices.
type: str
no_f5_teem:
default: false
description:
- If C(yes), TEEM telemetry data is not sent to F5.
- You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF).
- Previously used variable C(F5_TEEM) is deprecated as its name was confusing.
type: bool
password:
aliases:
- pass
- pwd
description:
- The password for the user account used to connect to the BIG-IP or the BIG-IQ.
- You may omit this option by setting the environment variable C(F5_PASSWORD).
required: true
type: str
server:
description:
- The BIG-IP host or the BIG-IQ host.
- You may omit this option by setting the environment variable C(F5_SERVER).
required: true
type: str
server_port:
default: 443
description:
- The BIG-IP server port.
- You may omit this option by setting the environment variable C(F5_SERVER_PORT).
type: int
timeout:
description:
- Specifies the timeout in seconds for communicating with the network device for
either connecting or sending commands. If the timeout is exceeded before the
operation is completed, the module will error.
type: int
transport:
choices:
- rest
default: rest
description:
- Configures the transport connection to use when connecting to the remote device.
type: str
user:
description:
- The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative
privileges on the device.
- You may omit this option by setting the environment variable C(F5_USER).
required: true
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates are not validated. Use this only on personally controlled
sites using self-signed certificates.
- You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
type: bool
type: dict
version_added: 1.0.0
version_added_collection: f5networks.f5_modules
partition:
default: Common
description:
- Device partition to create log profile on.
- Parameter also used when specifying names for log publishers, unless log publisher
names are in fullpath format.
type: str
description:
description:
- Description of the log profile.
type: str
port_misuse:
description:
- Port Misuse log configuration.
suboptions:
log_publisher:
description:
- Specifies the name of the log publisher used for Port Misuse events.
- To specify the log_publisher on a different partition from the AFM log profile,
specify the name in fullpath format, e.g. C(/Foobar/log-publisher), otherwise
the partition for the log publisher is inferred from the C(partition) module
parameter.
type: str
rate_limit:
description:
- Defines a rate limit for all combined port misuse log messages per second. Beyond
this rate limit, log messages are not logged until the threshold drops below
the specified rate.
- To specify an indefinite rate, use the value C(indefinite).
- If specifying a numeric rate, the value must be between C(1) and C(4294967295).
type: str
type: dict
dos_protection:
description:
- Configures DoS related settings of the log profile.
suboptions:
dns_publisher:
description:
- Specifies the name of the log publisher used for DNS DoS events.
- To specify the log_publisher on a different partition from the AFM log profile,
specify the name in fullpath format, e.g. C(/Foobar/log-publisher), otherwise
the partition for the log publisher is inferred from the C(partition) module
parameter.
type: str
network_publisher:
description:
- Specifies the name of the log publisher used for DoS Network events.
- To specify the log_publisher on a different partition from the AFM log profile,
specify the name in fullpath format, e.g. C(/Foobar/log-publisher), otherwise
the partition for the log publisher is inferred from the C(partition) module
parameter.
type: str
sip_publisher:
description:
- Specifies the name of the log publisher used for SIP DoS events.
- To specify the log_publisher on a different partition from the AFM log profile,
specify the name in fullpath format, e.g. C(/Foobar/log-publisher), otherwise
the partition for the log publisher is inferred from the C(partition) module
parameter.
type: str
type: dict
ip_intelligence:
description:
- Configures IP Intelligence related settings of the log profile.
suboptions:
log_publisher:
description:
- Specifies the name of the log publisher used for IP Intelligence events.
- To specify the log_publisher on a different partition from the AFM log profile,
specify the name in fullpath format, e.g. C(/Foobar/log-publisher), otherwise
the partition for the log publisher is inferred the from C(partition) module
parameter.
type: str
log_rtbh:
description:
- When C(true), specifies remotely triggered blackholing events are logged.
type: bool
log_shun:
description:
- When C(true), specifies IP Intelligence shun list events are logged.
- This option can only be set on the C(global-network) built-in profile.
type: bool
log_translation_fields:
description:
- This option is used to enable or disable the logging of translated (i.e server
side) fields in IP Intelligence log messages.
- Translated fields include (but are not limited to) source address/port, destination
address/port, IP protocol, route domain, and VLAN.
type: bool
rate_limit:
description:
- Defines a rate limit for all combined IP intelligence log messages per second.
Beyond this rate limit, log messages are not logged until the threshold drops
below the specified rate.
- To specify an indefinite rate, use the value C(indefinite).
- If specifying a numeric rate, the value must be between C(1) and C(4294967295).
type: str
type: dict
description:
description: New description of the AFM log profile.
returned: changed
sample: This is my description
type: str
dos_protection:
contains:
dns_publisher:
description: The name of the log publisher used for DNS DoS events.
returned: changed
sample: /Common/local-db-publisher
type: str
network_publisher:
description: The name of the log publisher used for DoS Network events.
returned: changed
sample: /Common/local-db-publisher
type: str
sip_publisher:
description: The name of the log publisher used for SIP DoS events.
returned: changed
sample: /Common/local-db-publisher
type: str
description: Log publishers used in DoS related settings of the log profile.
returned: changed
sample: hash/dictionary of values
type: complex
ip_intelligence:
contains:
log_publisher:
description: The name of the log publisher used for IP Intelligence events.
returned: changed
sample: /Common/local-db-publisher
type: str
log_rtbh:
description: Logging of remotely triggered blackholing events.
returned: changed
sample: true
type: bool
log_shun:
description: Logging of IP Intelligence shun list events.
returned: changed
sample: false
type: bool
log_translation_fields:
description: Logging of translated fields in IP Intelligence log messages.
returned: changed
sample: false
type: bool
rate_limit:
description: The rate limit for all combined IP intelligence log messages per
second.
returned: changed
sample: indefinite
type: str
description: IP Intelligence related settings of the log profile.
returned: changed
sample: hash/dictionary of values
type: complex
port_misuse:
contains:
log_publisher:
description: The name of the log publisher used for Port Misuse events.
returned: changed
sample: /Common/local-db-publisher
type: str
rate_limit:
description: The rate limit for all combined Port Misuse log messages per second.
returned: changed
sample: indefinite
type: str
description: Port Misuse related settings of the log profile.
returned: changed
sample: hash/dictionary of values
type: complex