fortios_log_memory_filter – Filters for memory buffer in Fortinet’s FortiOS and FortiGate
fortios_log_memory_filter – Filters for memory buffer in Fortinet’s FortiOS and FortiGate
New in version 2.8.
Synopsis
- This module is able to configure a FortiGate or FortiOS by allowing the user to set and modify log_memory feature and filter category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.2
Requirements
The below requirements are needed on the host that executes this module.
- fortiosapi>=0.9.8
Parameters
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
host - / required |
FortiOS or FortiGate ip address. | ||
https boolean |
|
Indicates if the requests towards FortiGate must use HTTPS protocol | |
log_memory_filter - |
Default: null |
Filters for memory buffer. | |
admin - |
|
Enable/disable admin login/logout logging. | |
anomaly - |
|
Enable/disable anomaly logging. | |
auth - |
|
Enable/disable firewall authentication logging. | |
cpu-memory-usage - |
|
Enable/disable CPU & memory usage logging every 5 minutes. | |
dhcp - |
|
Enable/disable DHCP service messages logging. | |
dns - |
|
Enable/disable detailed DNS event logging. | |
event - |
|
Enable/disable event logging. | |
filter - |
Memory log filter. | ||
filter-type - |
|
Include/exclude logs that match the filter. | |
forward-traffic - |
|
Enable/disable forward traffic logging. | |
gtp - |
|
Enable/disable GTP messages logging. | |
ha - |
|
Enable/disable HA logging. | |
ipsec - |
|
Enable/disable IPsec negotiation messages logging. | |
ldb-monitor - |
|
Enable/disable VIP real server health monitoring logging. | |
local-traffic - |
|
Enable/disable local in or out traffic logging. | |
multicast-traffic - |
|
Enable/disable multicast traffic logging. | |
netscan-discovery - |
Enable/disable netscan discovery event logging. | ||
netscan-vulnerability - |
Enable/disable netscan vulnerability event logging. | ||
pattern - |
|
Enable/disable pattern update logging. | |
ppp - |
|
Enable/disable L2TP/PPTP/PPPoE logging. | |
radius - |
|
Enable/disable RADIUS messages logging. | |
severity - |
|
Log every message above and including this severity level. | |
sniffer-traffic - |
|
Enable/disable sniffer traffic logging. | |
ssh - |
|
Enable/disable SSH logging. | |
sslvpn-log-adm - |
|
Enable/disable SSL administrator login logging. | |
sslvpn-log-auth - |
|
Enable/disable SSL user authentication logging. | |
sslvpn-log-session - |
|
Enable/disable SSL session logging. | |
system - |
|
Enable/disable system activity logging. | |
vip-ssl - |
|
Enable/disable VIP SSL logging. | |
voip - |
|
Enable/disable VoIP logging. | |
wan-opt - |
|
Enable/disable WAN optimization event logging. | |
wireless-activity - |
|
Enable/disable wireless activity event logging. | |
password - |
Default: "" |
FortiOS or FortiGate password. | |
username - / required |
FortiOS or FortiGate username. | ||
vdom - |
Default: "root" |
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. |
Notes
Note
- Requires fortiosapi library developed by Fortinet
- Run as a local_action in your playbook
Examples
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Filters for memory buffer.
fortios_log_memory_filter:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
log_memory_filter:
admin: "enable"
anomaly: "enable"
auth: "enable"
cpu-memory-usage: "enable"
dhcp: "enable"
dns: "enable"
event: "enable"
filter: "<your_own_value>"
filter-type: "include"
forward-traffic: "enable"
gtp: "enable"
ha: "enable"
ipsec: "enable"
ldb-monitor: "enable"
local-traffic: "enable"
multicast-traffic: "enable"
netscan-discovery: "<your_own_value>"
netscan-vulnerability: "<your_own_value>"
pattern: "enable"
ppp: "enable"
radius: "enable"
severity: "emergency"
sniffer-traffic: "enable"
ssh: "enable"
sslvpn-log-adm: "enable"
sslvpn-log-auth: "enable"
sslvpn-log-session: "enable"
system: "enable"
vip-ssl: "enable"
voip: "enable"
wan-opt: "enable"
wireless-activity: "enable"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build string |
always |
Build number of the fortigate image
Sample: 1547 |
http_method string |
always |
Last method used to provision the content into FortiGate
Sample: PUT |
http_status string |
always |
Last result given by FortiGate on last operation applied
Sample: 200 |
mkey string |
success |
Master key (id) used in the last call to FortiGate
Sample: id |
name string |
always |
Name of the table used to fulfill the request
Sample: urlfilter |
path string |
always |
Path of the table used to fulfill the request
Sample: webfilter |
revision string |
always |
Internal revision number
Sample: 17.0.2.10658 |
serial string |
always |
Serial number of the unit
Sample: FGVMEVYYQT3AB5352 |
status string |
always |
Indication of the operation's result
Sample: success |
vdom string |
always |
Virtual domain used
Sample: root |
version string |
always |
Version of the FortiGate
Sample: v5.6.3 |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/fortios_log_memory_filter_module.html