lix_fortinet / lix_fortinet.fortios / 102.2.120 / module / fortios_log_fact Retrieve log data of fortios log objects. | "added in version" 2.1.0 of lix_fortinet.fortios" Authors: Jie Xue (@JieX19), Link Zheng (@chillancezen), Hongbin Lu (@fgtdev-hblu), Frank Shen (@fshen01) preview | supported by communitylix_fortinet.fortios.fortios_log_fact (102.2.120) — module
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections: - name: lix_fortinet.fortios version: 102.2.120
Retrieve log related to disk, memory, fortianalyzer and forticloud.
- hosts: fortigate03 connection: httpapi collections: - fortinet.fortios vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: get disk event user and memory event user at once. fortios_log_fact: enable_log: True access_token: "" selectors: - selector: disk_event_user filters: - log_id==41000 - selector: memory_event_user - name: Get system event log with logid==0100032038 fortios_log_fact: filters: - logid==0100032038 selector: "disk_event_system" params: rows: 100 - name: Get a description of the quarantined virus file fortios_log_fact: selector: "forticloud_virus_archive"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. required: false type: str params: description: - the parameter for each selector, see definition in above list. required: false type: dict filters: description: - A list of expressions to filter the returned results. - The items of the list are combined as LOGICAL AND with operator ampersand. - One item itself could be concatenated with a comma as LOGICAL OR. elements: str required: false type: list sorters: description: - A list of expressions to sort the returned results. - The items of the list are in ascending order with operator ampersand. - One item itself could be in decending order with a comma inside. elements: str required: false type: list selector: choices: - disk_virus_archive - memory_virus_archive - fortianalyzer_virus_archive - forticloud_virus_archive - disk_ips_archive - disk_app-ctrl_archive - memory_ips_archive - memory_app-ctrl_archive - fortianalyzer_ips_archive - fortianalyzer_app-ctrl_archive - forticloud_ips_archive - forticloud_app-ctrl_archive - disk_ips_archive-download - disk_app-ctrl_archive-download - memory_ips_archive-download - memory_app-ctrl_archive-download - fortianalyzer_ips_archive-download - fortianalyzer_app-ctrl_archive-download - forticloud_ips_archive-download - forticloud_app-ctrl_archive-download - disk_virus_raw - disk_webfilter_raw - disk_waf_raw - disk_ips_raw - disk_anomaly_raw - disk_app-ctrl_raw - disk_cifs_raw - disk_emailfilter_raw - disk_dlp_raw - disk_voip_raw - disk_gtp_raw - disk_dns_raw - disk_ssh_raw - disk_ssl_raw - disk_file-filter_raw - memory_virus_raw - memory_webfilter_raw - memory_waf_raw - memory_ips_raw - memory_anomaly_raw - memory_app-ctrl_raw - memory_cifs_raw - memory_emailfilter_raw - memory_dlp_raw - memory_voip_raw - memory_gtp_raw - memory_dns_raw - memory_ssh_raw - memory_ssl_raw - memory_file-filter_raw - fortianalyzer_virus_raw - fortianalyzer_webfilter_raw - fortianalyzer_waf_raw - fortianalyzer_ips_raw - fortianalyzer_anomaly_raw - fortianalyzer_app-ctrl_raw - fortianalyzer_cifs_raw - fortianalyzer_emailfilter_raw - fortianalyzer_dlp_raw - fortianalyzer_voip_raw - fortianalyzer_gtp_raw - fortianalyzer_dns_raw - fortianalyzer_ssh_raw - fortianalyzer_ssl_raw - fortianalyzer_file-filter_raw - forticloud_virus_raw - forticloud_webfilter_raw - forticloud_waf_raw - forticloud_ips_raw - forticloud_anomaly_raw - forticloud_app-ctrl_raw - forticloud_cifs_raw - forticloud_emailfilter_raw - forticloud_dlp_raw - forticloud_voip_raw - forticloud_gtp_raw - forticloud_dns_raw - forticloud_ssh_raw - forticloud_ssl_raw - forticloud_file-filter_raw - disk_event_vpn - disk_event_user - disk_event_router - disk_event_wireless - disk_event_wad - disk_event_endpoint - disk_event_ha - disk_event_compliance-check - disk_event_system - disk_event_connector - disk_event_security-rating - disk_event_fortiextender - disk_traffic_forward - disk_traffic_local - disk_traffic_multicast - disk_traffic_sniffer - disk_traffic_fortiview - disk_traffic_threat - memory_event_vpn - memory_event_user - memory_event_router - memory_event_wireless - memory_event_wad - memory_event_endpoint - memory_event_ha - memory_event_compliance-check - memory_event_system - memory_event_connector - memory_event_security-rating - memory_event_fortiextender - memory_traffic_forward - memory_traffic_local - memory_traffic_multicast - memory_traffic_sniffer - memory_traffic_fortiview - memory_traffic_threat - fortianalyzer_event_vpn - fortianalyzer_event_user - fortianalyzer_event_router - fortianalyzer_event_wireless - fortianalyzer_event_wad - fortianalyzer_event_endpoint - fortianalyzer_event_ha - fortianalyzer_event_compliance-check - fortianalyzer_event_system - fortianalyzer_event_connector - fortianalyzer_event_security-rating - fortianalyzer_event_fortiextender - fortianalyzer_traffic_forward - fortianalyzer_traffic_local - fortianalyzer_traffic_multicast - fortianalyzer_traffic_sniffer - fortianalyzer_traffic_fortiview - fortianalyzer_traffic_threat - forticloud_event_vpn - forticloud_event_user - forticloud_event_router - forticloud_event_wireless - forticloud_event_wad - forticloud_event_endpoint - forticloud_event_ha - forticloud_event_compliance-check - forticloud_event_system - forticloud_event_connector - forticloud_event_security-rating - forticloud_event_fortiextender - forticloud_traffic_forward - forticloud_traffic_local - forticloud_traffic_multicast - forticloud_traffic_sniffer - forticloud_traffic_fortiview - forticloud_traffic_threat description: - selector of the retrieved log type required: false type: str selectors: description: - A list of selectors for retrieving the log type. elements: dict required: false suboptions: filters: description: - A list of expressions to filter the returned results. - The items of the list are combined as LOGICAL AND with operator ampersand. - One item itself could be concatenated with a comma as LOGICAL OR. elements: str required: false type: list formatters: description: - A list of fields to display for returned results. elements: str required: false type: list params: description: - the parameter for each selector, see definition in above list. required: false type: dict selector: choices: - disk_virus_archive - memory_virus_archive - fortianalyzer_virus_archive - forticloud_virus_archive - disk_ips_archive - disk_app-ctrl_archive - memory_ips_archive - memory_app-ctrl_archive - fortianalyzer_ips_archive - fortianalyzer_app-ctrl_archive - forticloud_ips_archive - forticloud_app-ctrl_archive - disk_ips_archive-download - disk_app-ctrl_archive-download - memory_ips_archive-download - memory_app-ctrl_archive-download - fortianalyzer_ips_archive-download - fortianalyzer_app-ctrl_archive-download - forticloud_ips_archive-download - forticloud_app-ctrl_archive-download - disk_virus_raw - disk_webfilter_raw - disk_waf_raw - disk_ips_raw - disk_anomaly_raw - disk_app-ctrl_raw - disk_cifs_raw - disk_emailfilter_raw - disk_dlp_raw - disk_voip_raw - disk_gtp_raw - disk_dns_raw - disk_ssh_raw - disk_ssl_raw - disk_file-filter_raw - memory_virus_raw - memory_webfilter_raw - memory_waf_raw - memory_ips_raw - memory_anomaly_raw - memory_app-ctrl_raw - memory_cifs_raw - memory_emailfilter_raw - memory_dlp_raw - memory_voip_raw - memory_gtp_raw - memory_dns_raw - memory_ssh_raw - memory_ssl_raw - memory_file-filter_raw - fortianalyzer_virus_raw - fortianalyzer_webfilter_raw - fortianalyzer_waf_raw - fortianalyzer_ips_raw - fortianalyzer_anomaly_raw - fortianalyzer_app-ctrl_raw - fortianalyzer_cifs_raw - fortianalyzer_emailfilter_raw - fortianalyzer_dlp_raw - fortianalyzer_voip_raw - fortianalyzer_gtp_raw - fortianalyzer_dns_raw - fortianalyzer_ssh_raw - fortianalyzer_ssl_raw - fortianalyzer_file-filter_raw - forticloud_virus_raw - forticloud_webfilter_raw - forticloud_waf_raw - forticloud_ips_raw - forticloud_anomaly_raw - forticloud_app-ctrl_raw - forticloud_cifs_raw - forticloud_emailfilter_raw - forticloud_dlp_raw - forticloud_voip_raw - forticloud_gtp_raw - forticloud_dns_raw - forticloud_ssh_raw - forticloud_ssl_raw - forticloud_file-filter_raw - disk_event_vpn - disk_event_user - disk_event_router - disk_event_wireless - disk_event_wad - disk_event_endpoint - disk_event_ha - disk_event_compliance-check - disk_event_system - disk_event_connector - disk_event_security-rating - disk_event_fortiextender - disk_traffic_forward - disk_traffic_local - disk_traffic_multicast - disk_traffic_sniffer - disk_traffic_fortiview - disk_traffic_threat - memory_event_vpn - memory_event_user - memory_event_router - memory_event_wireless - memory_event_wad - memory_event_endpoint - memory_event_ha - memory_event_compliance-check - memory_event_system - memory_event_connector - memory_event_security-rating - memory_event_fortiextender - memory_traffic_forward - memory_traffic_local - memory_traffic_multicast - memory_traffic_sniffer - memory_traffic_fortiview - memory_traffic_threat - fortianalyzer_event_vpn - fortianalyzer_event_user - fortianalyzer_event_router - fortianalyzer_event_wireless - fortianalyzer_event_wad - fortianalyzer_event_endpoint - fortianalyzer_event_ha - fortianalyzer_event_compliance-check - fortianalyzer_event_system - fortianalyzer_event_connector - fortianalyzer_event_security-rating - fortianalyzer_event_fortiextender - fortianalyzer_traffic_forward - fortianalyzer_traffic_local - fortianalyzer_traffic_multicast - fortianalyzer_traffic_sniffer - fortianalyzer_traffic_fortiview - fortianalyzer_traffic_threat - forticloud_event_vpn - forticloud_event_user - forticloud_event_router - forticloud_event_wireless - forticloud_event_wad - forticloud_event_endpoint - forticloud_event_ha - forticloud_event_compliance-check - forticloud_event_system - forticloud_event_connector - forticloud_event_security-rating - forticloud_event_fortiextender - forticloud_traffic_forward - forticloud_traffic_local - forticloud_traffic_multicast - forticloud_traffic_sniffer - forticloud_traffic_fortiview - forticloud_traffic_threat description: - selector of the retrieved log type required: true type: str sorters: description: - A list of expressions to sort the returned results. - The items of the list are in ascending order with operator ampersand. - One item itself could be in decending order with a comma inside. elements: str required: false type: list type: list enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool formatters: description: - A list of fields to display for returned results. elements: str required: false type: list access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str
build: description: Build number of the fortigate image returned: always sample: '1547' type: str rows: description: Number of rows to return returned: always sample: 400 type: int serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str session_id: description: session id for the request returned: always sample: 7 type: int start: description: Row number for the first row to return returned: always sample: 0 type: int status: description: Indication of the operation's result returned: always sample: success type: str subcategory: description: Type of log that can be retrieved returned: always sample: system type: str total_lines: description: Total lines returned from the result returned: always sample: 510 type: int vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str