New in version 2.8.
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| host string | FortiOS or FortiGate IP address. | ||
| https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | |
| log_disk_filter dictionary | Default: null | Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type. | |
| admin string |
| Enable/disable admin login/logout logging. | |
| anomaly string |
| Enable/disable anomaly logging. | |
| auth string |
| Enable/disable firewall authentication logging. | |
| cpu_memory_usage string |
| Enable/disable CPU & memory usage logging every 5 minutes. | |
| dhcp string |
| Enable/disable DHCP service messages logging. | |
| dlp_archive string |
| Enable/disable DLP archive logging. | |
| dns string |
| Enable/disable detailed DNS event logging. | |
| event string |
| Enable/disable event logging. | |
| filter string | Disk log filter. | ||
| filter_type string |
| Include/exclude logs that match the filter. | |
| forward_traffic string |
| Enable/disable forward traffic logging. | |
| gtp string |
| Enable/disable GTP messages logging. | |
| ha string |
| Enable/disable HA logging. | |
| ipsec string |
| Enable/disable IPsec negotiation messages logging. | |
| ldb_monitor string |
| Enable/disable VIP real server health monitoring logging. | |
| local_traffic string |
| Enable/disable local in or out traffic logging. | |
| multicast_traffic string |
| Enable/disable multicast traffic logging. | |
| netscan_discovery string | Enable/disable netscan discovery event logging. | ||
| netscan_vulnerability string | Enable/disable netscan vulnerability event logging. | ||
| pattern string |
| Enable/disable pattern update logging. | |
| ppp string |
| Enable/disable L2TP/PPTP/PPPoE logging. | |
| radius string |
| Enable/disable RADIUS messages logging. | |
| severity string |
| Log to disk every message above and including this severity level. | |
| sniffer_traffic string |
| Enable/disable sniffer traffic logging. | |
| ssh string |
| Enable/disable SSH logging. | |
| sslvpn_log_adm string |
| Enable/disable SSL administrator login logging. | |
| sslvpn_log_auth string |
| Enable/disable SSL user authentication logging. | |
| sslvpn_log_session string |
| Enable/disable SSL session logging. | |
| system string |
| Enable/disable system activity logging. | |
| vip_ssl string |
| Enable/disable VIP SSL logging. | |
| voip string |
| Enable/disable VoIP logging. | |
| wan_opt string |
| Enable/disable WAN optimization event logging. | |
| wireless_activity string |
| Enable/disable wireless activity event logging. | |
| password string | Default: "" | FortiOS or FortiGate password. | |
| ssl_verify boolean added in 2.9 |
| Ensures FortiGate certificate must be verified by a proper CA. | |
| username string | FortiOS or FortiGate username. | ||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | |
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Configure filters for local disk logging. Use these filters to determine the log messages to record according to severity and type.
fortios_log_disk_filter:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
log_disk_filter:
admin: "enable"
anomaly: "enable"
auth: "enable"
cpu_memory_usage: "enable"
dhcp: "enable"
dlp_archive: "enable"
dns: "enable"
event: "enable"
filter: "<your_own_value>"
filter_type: "include"
forward_traffic: "enable"
gtp: "enable"
ha: "enable"
ipsec: "enable"
ldb_monitor: "enable"
local_traffic: "enable"
multicast_traffic: "enable"
netscan_discovery: "<your_own_value>"
netscan_vulnerability: "<your_own_value>"
pattern: "enable"
ppp: "enable"
radius: "enable"
severity: "emergency"
sniffer_traffic: "enable"
ssh: "enable"
sslvpn_log_adm: "enable"
sslvpn_log_auth: "enable"
sslvpn_log_session: "enable"
system: "enable"
vip_ssl: "enable"
voip: "enable"
wan_opt: "enable"
wireless_activity: "enable"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/fortios_log_disk_filter_module.html