Try SpotterRetrieve log data of fortios log objects.
| "added in version" 2.1.0 of fortinet.fortios"
Authors: Jie Xue (@JieX19), Link Zheng (@chillancezen), Hongbin Lu (@fgtdev-hblu), Frank Shen (@fshen01)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections:
- name: fortinet.fortios
version: 2.3.6Retrieve log related to disk, memory, fortianalyzer and forticloud.
- name: get disk event user and memory event user at once.
fortinet.fortios.fortios_log_fact:
access_token: "you_own_value"
selectors:
- selector: disk_event_user
filters:
- log_id==41000
- selector: memory_event_user
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
required: false
type: str
params:
description:
- the parameter for each selector, see definition in above list.
required: false
type: dict
filters:
description:
- A list of expressions to filter the returned results.
- The items of the list are combined as LOGICAL AND with operator ampersand.
- One item itself could be concatenated with a comma as LOGICAL OR.
elements: str
required: false
type: list
sorters:
description:
- A list of expressions to sort the returned results.
- The items of the list are in ascending order with operator ampersand.
- One item itself could be in decending order with a comma inside.
elements: str
required: false
type: list
selector:
choices:
- disk_virus_archive
- memory_virus_archive
- fortianalyzer_virus_archive
- forticloud_virus_archive
- disk_ips_archive
- disk_app-ctrl_archive
- memory_ips_archive
- memory_app-ctrl_archive
- fortianalyzer_ips_archive
- fortianalyzer_app-ctrl_archive
- forticloud_ips_archive
- forticloud_app-ctrl_archive
- disk_ips_archive-download
- disk_app-ctrl_archive-download
- memory_ips_archive-download
- memory_app-ctrl_archive-download
- fortianalyzer_ips_archive-download
- fortianalyzer_app-ctrl_archive-download
- forticloud_ips_archive-download
- forticloud_app-ctrl_archive-download
- disk_virus_raw
- disk_webfilter_raw
- disk_waf_raw
- disk_ips_raw
- disk_anomaly_raw
- disk_app-ctrl_raw
- disk_cifs_raw
- disk_emailfilter_raw
- disk_dlp_raw
- disk_voip_raw
- disk_gtp_raw
- disk_dns_raw
- disk_ssh_raw
- disk_ssl_raw
- disk_file-filter_raw
- memory_virus_raw
- memory_webfilter_raw
- memory_waf_raw
- memory_ips_raw
- memory_anomaly_raw
- memory_app-ctrl_raw
- memory_cifs_raw
- memory_emailfilter_raw
- memory_dlp_raw
- memory_voip_raw
- memory_gtp_raw
- memory_dns_raw
- memory_ssh_raw
- memory_ssl_raw
- memory_file-filter_raw
- fortianalyzer_virus_raw
- fortianalyzer_webfilter_raw
- fortianalyzer_waf_raw
- fortianalyzer_ips_raw
- fortianalyzer_anomaly_raw
- fortianalyzer_app-ctrl_raw
- fortianalyzer_cifs_raw
- fortianalyzer_emailfilter_raw
- fortianalyzer_dlp_raw
- fortianalyzer_voip_raw
- fortianalyzer_gtp_raw
- fortianalyzer_dns_raw
- fortianalyzer_ssh_raw
- fortianalyzer_ssl_raw
- fortianalyzer_file-filter_raw
- forticloud_virus_raw
- forticloud_webfilter_raw
- forticloud_waf_raw
- forticloud_ips_raw
- forticloud_anomaly_raw
- forticloud_app-ctrl_raw
- forticloud_cifs_raw
- forticloud_emailfilter_raw
- forticloud_dlp_raw
- forticloud_voip_raw
- forticloud_gtp_raw
- forticloud_dns_raw
- forticloud_ssh_raw
- forticloud_ssl_raw
- forticloud_file-filter_raw
- disk_event_vpn
- disk_event_user
- disk_event_router
- disk_event_wireless
- disk_event_wad
- disk_event_endpoint
- disk_event_ha
- disk_event_compliance-check
- disk_event_system
- disk_event_connector
- disk_event_security-rating
- disk_event_fortiextender
- disk_traffic_forward
- disk_traffic_local
- disk_traffic_multicast
- disk_traffic_sniffer
- disk_traffic_fortiview
- disk_traffic_threat
- memory_event_vpn
- memory_event_user
- memory_event_router
- memory_event_wireless
- memory_event_wad
- memory_event_endpoint
- memory_event_ha
- memory_event_compliance-check
- memory_event_system
- memory_event_connector
- memory_event_security-rating
- memory_event_fortiextender
- memory_traffic_forward
- memory_traffic_local
- memory_traffic_multicast
- memory_traffic_sniffer
- memory_traffic_fortiview
- memory_traffic_threat
- fortianalyzer_event_vpn
- fortianalyzer_event_user
- fortianalyzer_event_router
- fortianalyzer_event_wireless
- fortianalyzer_event_wad
- fortianalyzer_event_endpoint
- fortianalyzer_event_ha
- fortianalyzer_event_compliance-check
- fortianalyzer_event_system
- fortianalyzer_event_connector
- fortianalyzer_event_security-rating
- fortianalyzer_event_fortiextender
- fortianalyzer_traffic_forward
- fortianalyzer_traffic_local
- fortianalyzer_traffic_multicast
- fortianalyzer_traffic_sniffer
- fortianalyzer_traffic_fortiview
- fortianalyzer_traffic_threat
- forticloud_event_vpn
- forticloud_event_user
- forticloud_event_router
- forticloud_event_wireless
- forticloud_event_wad
- forticloud_event_endpoint
- forticloud_event_ha
- forticloud_event_compliance-check
- forticloud_event_system
- forticloud_event_connector
- forticloud_event_security-rating
- forticloud_event_fortiextender
- forticloud_traffic_forward
- forticloud_traffic_local
- forticloud_traffic_multicast
- forticloud_traffic_sniffer
- forticloud_traffic_fortiview
- forticloud_traffic_threat
description:
- selector of the retrieved log type
required: false
type: str
selectors:
description:
- A list of selectors for retrieving the log type.
elements: dict
required: false
suboptions:
filters:
description:
- A list of expressions to filter the returned results.
- The items of the list are combined as LOGICAL AND with operator ampersand.
- One item itself could be concatenated with a comma as LOGICAL OR.
elements: str
required: false
type: list
formatters:
description:
- A list of fields to display for returned results.
elements: str
required: false
type: list
params:
description:
- the parameter for each selector, see definition in above list.
required: false
type: dict
selector:
choices:
- disk_virus_archive
- memory_virus_archive
- fortianalyzer_virus_archive
- forticloud_virus_archive
- disk_ips_archive
- disk_app-ctrl_archive
- memory_ips_archive
- memory_app-ctrl_archive
- fortianalyzer_ips_archive
- fortianalyzer_app-ctrl_archive
- forticloud_ips_archive
- forticloud_app-ctrl_archive
- disk_ips_archive-download
- disk_app-ctrl_archive-download
- memory_ips_archive-download
- memory_app-ctrl_archive-download
- fortianalyzer_ips_archive-download
- fortianalyzer_app-ctrl_archive-download
- forticloud_ips_archive-download
- forticloud_app-ctrl_archive-download
- disk_virus_raw
- disk_webfilter_raw
- disk_waf_raw
- disk_ips_raw
- disk_anomaly_raw
- disk_app-ctrl_raw
- disk_cifs_raw
- disk_emailfilter_raw
- disk_dlp_raw
- disk_voip_raw
- disk_gtp_raw
- disk_dns_raw
- disk_ssh_raw
- disk_ssl_raw
- disk_file-filter_raw
- memory_virus_raw
- memory_webfilter_raw
- memory_waf_raw
- memory_ips_raw
- memory_anomaly_raw
- memory_app-ctrl_raw
- memory_cifs_raw
- memory_emailfilter_raw
- memory_dlp_raw
- memory_voip_raw
- memory_gtp_raw
- memory_dns_raw
- memory_ssh_raw
- memory_ssl_raw
- memory_file-filter_raw
- fortianalyzer_virus_raw
- fortianalyzer_webfilter_raw
- fortianalyzer_waf_raw
- fortianalyzer_ips_raw
- fortianalyzer_anomaly_raw
- fortianalyzer_app-ctrl_raw
- fortianalyzer_cifs_raw
- fortianalyzer_emailfilter_raw
- fortianalyzer_dlp_raw
- fortianalyzer_voip_raw
- fortianalyzer_gtp_raw
- fortianalyzer_dns_raw
- fortianalyzer_ssh_raw
- fortianalyzer_ssl_raw
- fortianalyzer_file-filter_raw
- forticloud_virus_raw
- forticloud_webfilter_raw
- forticloud_waf_raw
- forticloud_ips_raw
- forticloud_anomaly_raw
- forticloud_app-ctrl_raw
- forticloud_cifs_raw
- forticloud_emailfilter_raw
- forticloud_dlp_raw
- forticloud_voip_raw
- forticloud_gtp_raw
- forticloud_dns_raw
- forticloud_ssh_raw
- forticloud_ssl_raw
- forticloud_file-filter_raw
- disk_event_vpn
- disk_event_user
- disk_event_router
- disk_event_wireless
- disk_event_wad
- disk_event_endpoint
- disk_event_ha
- disk_event_compliance-check
- disk_event_system
- disk_event_connector
- disk_event_security-rating
- disk_event_fortiextender
- disk_traffic_forward
- disk_traffic_local
- disk_traffic_multicast
- disk_traffic_sniffer
- disk_traffic_fortiview
- disk_traffic_threat
- memory_event_vpn
- memory_event_user
- memory_event_router
- memory_event_wireless
- memory_event_wad
- memory_event_endpoint
- memory_event_ha
- memory_event_compliance-check
- memory_event_system
- memory_event_connector
- memory_event_security-rating
- memory_event_fortiextender
- memory_traffic_forward
- memory_traffic_local
- memory_traffic_multicast
- memory_traffic_sniffer
- memory_traffic_fortiview
- memory_traffic_threat
- fortianalyzer_event_vpn
- fortianalyzer_event_user
- fortianalyzer_event_router
- fortianalyzer_event_wireless
- fortianalyzer_event_wad
- fortianalyzer_event_endpoint
- fortianalyzer_event_ha
- fortianalyzer_event_compliance-check
- fortianalyzer_event_system
- fortianalyzer_event_connector
- fortianalyzer_event_security-rating
- fortianalyzer_event_fortiextender
- fortianalyzer_traffic_forward
- fortianalyzer_traffic_local
- fortianalyzer_traffic_multicast
- fortianalyzer_traffic_sniffer
- fortianalyzer_traffic_fortiview
- fortianalyzer_traffic_threat
- forticloud_event_vpn
- forticloud_event_user
- forticloud_event_router
- forticloud_event_wireless
- forticloud_event_wad
- forticloud_event_endpoint
- forticloud_event_ha
- forticloud_event_compliance-check
- forticloud_event_system
- forticloud_event_connector
- forticloud_event_security-rating
- forticloud_event_fortiextender
- forticloud_traffic_forward
- forticloud_traffic_local
- forticloud_traffic_multicast
- forticloud_traffic_sniffer
- forticloud_traffic_fortiview
- forticloud_traffic_threat
description:
- selector of the retrieved log type
required: true
type: str
sorters:
description:
- A list of expressions to sort the returned results.
- The items of the list are in ascending order with operator ampersand.
- One item itself could be in decending order with a comma inside.
elements: str
required: false
type: list
type: list
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
formatters:
description:
- A list of fields to display for returned results.
elements: str
required: false
type: list
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
build: description: Build number of the fortigate image returned: always sample: '1547' type: str rows: description: Number of rows to return returned: always sample: 400 type: int serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str session_id: description: session id for the request returned: always sample: 7 type: int start: description: Row number for the first row to return returned: always sample: 0 type: int status: description: Indication of the operation's result returned: always sample: success type: str subcategory: description: Type of log that can be retrieved returned: always sample: system type: str total_lines: description: Total lines returned from the result returned: always sample: 510 type: int vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str