1#!/usr/local/bin/python3.8 2from __future__ import (absolute_import, division, print_function) 3# Copyright 2019-2020 Fortinet, Inc. 4# 5# This program is free software: you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation, either version 3 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program. If not, see <https://www.gnu.org/licenses/>. 17 18__metaclass__ = type 19 20ANSIBLE_METADATA = {'status': ['preview'], 21 'supported_by': 'community', 22 'metadata_version': '1.1'} 23 24DOCUMENTATION = ''' 25--- 26module: fortios_log_fortianalyzer2_filter 27short_description: Filters for FortiAnalyzer in Fortinet's FortiOS and FortiGate. 28description: 29 - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the 30 user to set and modify log_fortianalyzer2 feature and filter category. 31 Examples include all parameters and values need to be adjusted to datasources before usage. 32 Tested with FOS v6.0.0 33version_added: "2.10" 34author: 35 - Link Zheng (@chillancezen) 36 - Jie Xue (@JieX19) 37 - Hongbin Lu (@fgtdev-hblu) 38 - Frank Shen (@frankshen01) 39 - Miguel Angel Munoz (@mamunozgonzalez) 40 - Nicolas Thomas (@thomnico) 41notes: 42 - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks 43 44requirements: 45 - ansible>=2.9.0 46options: 47 access_token: 48 description: 49 - Token-based authentication. 50 Generated from GUI of Fortigate. 51 type: str 52 required: false 53 enable_log: 54 description: 55 - Enable/Disable logging for task. 56 type: bool 57 required: false 58 default: false 59 vdom: 60 description: 61 - Virtual domain, among those defined previously. A vdom is a 62 virtual instance of the FortiGate that can be configured and 63 used as a different unit. 64 type: str 65 default: root 66 67 log_fortianalyzer2_filter: 68 description: 69 - Filters for FortiAnalyzer. 70 default: null 71 type: dict 72 suboptions: 73 anomaly: 74 description: 75 - Enable/disable anomaly logging. 76 type: str 77 choices: 78 - enable 79 - disable 80 dlp_archive: 81 description: 82 - Enable/disable DLP archive logging. 83 type: str 84 choices: 85 - enable 86 - disable 87 dns: 88 description: 89 - Enable/disable detailed DNS event logging. 90 type: str 91 choices: 92 - enable 93 - disable 94 filter: 95 description: 96 - FortiAnalyzer 2 log filter. 97 type: str 98 filter_type: 99 description: 100 - Include/exclude logs that match the filter. 101 type: str 102 choices: 103 - include 104 - exclude 105 forward_traffic: 106 description: 107 - Enable/disable forward traffic logging. 108 type: str 109 choices: 110 - enable 111 - disable 112 free_style: 113 description: 114 - Free Style Filters 115 type: list 116 suboptions: 117 category: 118 description: 119 - Log category. 120 type: str 121 choices: 122 - traffic 123 - event 124 - virus 125 - webfilter 126 - attack 127 - spam 128 - anomaly 129 - voip 130 - dlp 131 - app-ctrl 132 - waf 133 - gtp 134 - dns 135 - ssh 136 - ssl 137 - file-filter 138 - icap 139 filter: 140 description: 141 - Free style filter string. 142 type: str 143 filter_type: 144 description: 145 - Include/exclude logs that match the filter. 146 type: str 147 choices: 148 - include 149 - exclude 150 id: 151 description: 152 - Entry ID. 153 required: true 154 type: int 155 gtp: 156 description: 157 - Enable/disable GTP messages logging. 158 type: str 159 choices: 160 - enable 161 - disable 162 local_traffic: 163 description: 164 - Enable/disable local in or out traffic logging. 165 type: str 166 choices: 167 - enable 168 - disable 169 multicast_traffic: 170 description: 171 - Enable/disable multicast traffic logging. 172 type: str 173 choices: 174 - enable 175 - disable 176 netscan_discovery: 177 description: 178 - Enable/disable netscan discovery event logging. 179 type: str 180 netscan_vulnerability: 181 description: 182 - Enable/disable netscan vulnerability event logging. 183 type: str 184 severity: 185 description: 186 - Log every message above and including this severity level. 187 type: str 188 choices: 189 - emergency 190 - alert 191 - critical 192 - error 193 - warning 194 - notification 195 - information 196 - debug 197 sniffer_traffic: 198 description: 199 - Enable/disable sniffer traffic logging. 200 type: str 201 choices: 202 - enable 203 - disable 204 ssh: 205 description: 206 - Enable/disable SSH logging. 207 type: str 208 choices: 209 - enable 210 - disable 211 voip: 212 description: 213 - Enable/disable VoIP logging. 214 type: str 215 choices: 216 - enable 217 - disable 218''' 219 220EXAMPLES = ''' 221- hosts: fortigates 222 collections: 223 - fortinet.fortios 224 connection: httpapi 225 vars: 226 vdom: "root" 227 ansible_httpapi_use_ssl: yes 228 ansible_httpapi_validate_certs: no 229 ansible_httpapi_port: 443 230 tasks: 231 - name: Filters for FortiAnalyzer. 232 fortios_log_fortianalyzer2_filter: 233 vdom: "{{ vdom }}" 234 log_fortianalyzer2_filter: 235 anomaly: "enable" 236 dlp_archive: "enable" 237 dns: "enable" 238 filter: "<your_own_value>" 239 filter_type: "include" 240 forward_traffic: "enable" 241 free_style: 242 - 243 category: "traffic" 244 filter: "<your_own_value>" 245 filter_type: "include" 246 id: "13" 247 gtp: "enable" 248 local_traffic: "enable" 249 multicast_traffic: "enable" 250 netscan_discovery: "<your_own_value>" 251 netscan_vulnerability: "<your_own_value>" 252 severity: "emergency" 253 sniffer_traffic: "enable" 254 ssh: "enable" 255 voip: "enable" 256 257''' 258 259RETURN = ''' 260build: 261 description: Build number of the fortigate image 262 returned: always 263 type: str 264 sample: '1547' 265http_method: 266 description: Last method used to provision the content into FortiGate 267 returned: always 268 type: str 269 sample: 'PUT' 270http_status: 271 description: Last result given by FortiGate on last operation applied 272 returned: always 273 type: str 274 sample: "200" 275mkey: 276 description: Master key (id) used in the last call to FortiGate 277 returned: success 278 type: str 279 sample: "id" 280name: 281 description: Name of the table used to fulfill the request 282 returned: always 283 type: str 284 sample: "urlfilter" 285path: 286 description: Path of the table used to fulfill the request 287 returned: always 288 type: str 289 sample: "webfilter" 290revision: 291 description: Internal revision number 292 returned: always 293 type: str 294 sample: "17.0.2.10658" 295serial: 296 description: Serial number of the unit 297 returned: always 298 type: str 299 sample: "FGVMEVYYQT3AB5352" 300status: 301 description: Indication of the operation's result 302 returned: always 303 type: str 304 sample: "success" 305vdom: 306 description: Virtual domain used 307 returned: always 308 type: str 309 sample: "root" 310version: 311 description: Version of the FortiGate 312 returned: always 313 type: str 314 sample: "v5.6.3" 315 316''' 317from ansible.module_utils.basic import AnsibleModule 318from ansible.module_utils.connection import Connection 319from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import FortiOSHandler 320from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_legacy_fortiosapi 321from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import schema_to_module_spec 322from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.fortios import check_schema_versioning 323from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG 324from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import is_same_comparison 325from ansible_collections.fortinet.fortios.plugins.module_utils.fortios.comparison import serialize 326 327 328def filter_log_fortianalyzer2_filter_data(json): 329 option_list = ['anomaly', 'dlp_archive', 'dns', 330 'filter', 'filter_type', 'forward_traffic', 331 'free_style', 'gtp', 'local_traffic', 332 'multicast_traffic', 'netscan_discovery', 'netscan_vulnerability', 333 'severity', 'sniffer_traffic', 'ssh', 334 'voip'] 335 dictionary = {} 336 337 for attribute in option_list: 338 if attribute in json and json[attribute] is not None: 339 dictionary[attribute] = json[attribute] 340 341 return dictionary 342 343 344def underscore_to_hyphen(data): 345 if isinstance(data, list): 346 for i, elem in enumerate(data): 347 data[i] = underscore_to_hyphen(elem) 348 elif isinstance(data, dict): 349 new_data = {} 350 for k, v in data.items(): 351 new_data[k.replace('_', '-')] = underscore_to_hyphen(v) 352 data = new_data 353 354 return data 355 356 357def log_fortianalyzer2_filter(data, fos): 358 vdom = data['vdom'] 359 log_fortianalyzer2_filter_data = data['log_fortianalyzer2_filter'] 360 filtered_data = underscore_to_hyphen(filter_log_fortianalyzer2_filter_data(log_fortianalyzer2_filter_data)) 361 362 return fos.set('log.fortianalyzer2', 363 'filter', 364 data=filtered_data, 365 vdom=vdom) 366 367 368def is_successful_status(status): 369 return status['status'] == "success" or \ 370 status['http_method'] == "DELETE" and status['http_status'] == 404 371 372 373def fortios_log_fortianalyzer2(data, fos): 374 375 if data['log_fortianalyzer2_filter']: 376 resp = log_fortianalyzer2_filter(data, fos) 377 else: 378 fos._module.fail_json(msg='missing task body: %s' % ('log_fortianalyzer2_filter')) 379 380 return not is_successful_status(resp), \ 381 resp['status'] == "success" and \ 382 (resp['revision_changed'] if 'revision_changed' in resp else True), \ 383 resp 384 385 386versioned_schema = { 387 "type": "dict", 388 "children": { 389 "filter": { 390 "type": "string", 391 "revisions": { 392 "v6.0.0": True, 393 "v7.0.0": False, 394 "v6.0.5": True, 395 "v6.4.4": True, 396 "v6.4.0": True, 397 "v6.4.1": True, 398 "v6.2.0": True, 399 "v6.2.3": True, 400 "v6.2.5": True, 401 "v6.2.7": True, 402 "v6.0.11": True 403 } 404 }, 405 "dns": { 406 "type": "string", 407 "options": [ 408 { 409 "value": "enable", 410 "revisions": { 411 "v6.0.11": True, 412 "v6.0.0": True, 413 "v6.0.5": True 414 } 415 }, 416 { 417 "value": "disable", 418 "revisions": { 419 "v6.0.11": True, 420 "v6.0.0": True, 421 "v6.0.5": True 422 } 423 } 424 ], 425 "revisions": { 426 "v6.0.0": True, 427 "v7.0.0": False, 428 "v6.0.5": True, 429 "v6.4.4": False, 430 "v6.4.0": False, 431 "v6.4.1": False, 432 "v6.2.0": False, 433 "v6.2.3": False, 434 "v6.2.5": False, 435 "v6.2.7": False, 436 "v6.0.11": True 437 } 438 }, 439 "netscan_discovery": { 440 "type": "string", 441 "revisions": { 442 "v6.0.0": True, 443 "v7.0.0": False, 444 "v6.0.5": True, 445 "v6.4.4": False, 446 "v6.4.0": False, 447 "v6.4.1": False, 448 "v6.2.0": False, 449 "v6.2.3": False, 450 "v6.2.5": False, 451 "v6.2.7": False, 452 "v6.0.11": True 453 } 454 }, 455 "severity": { 456 "type": "string", 457 "options": [ 458 { 459 "value": "emergency", 460 "revisions": { 461 "v6.0.0": True, 462 "v7.0.0": True, 463 "v6.0.5": True, 464 "v6.4.4": True, 465 "v6.4.0": True, 466 "v6.4.1": True, 467 "v6.2.0": True, 468 "v6.2.3": True, 469 "v6.2.5": True, 470 "v6.2.7": True, 471 "v6.0.11": True 472 } 473 }, 474 { 475 "value": "alert", 476 "revisions": { 477 "v6.0.0": True, 478 "v7.0.0": True, 479 "v6.0.5": True, 480 "v6.4.4": True, 481 "v6.4.0": True, 482 "v6.4.1": True, 483 "v6.2.0": True, 484 "v6.2.3": True, 485 "v6.2.5": True, 486 "v6.2.7": True, 487 "v6.0.11": True 488 } 489 }, 490 { 491 "value": "critical", 492 "revisions": { 493 "v6.0.0": True, 494 "v7.0.0": True, 495 "v6.0.5": True, 496 "v6.4.4": True, 497 "v6.4.0": True, 498 "v6.4.1": True, 499 "v6.2.0": True, 500 "v6.2.3": True, 501 "v6.2.5": True, 502 "v6.2.7": True, 503 "v6.0.11": True 504 } 505 }, 506 { 507 "value": "error", 508 "revisions": { 509 "v6.0.0": True, 510 "v7.0.0": True, 511 "v6.0.5": True, 512 "v6.4.4": True, 513 "v6.4.0": True, 514 "v6.4.1": True, 515 "v6.2.0": True, 516 "v6.2.3": True, 517 "v6.2.5": True, 518 "v6.2.7": True, 519 "v6.0.11": True 520 } 521 }, 522 { 523 "value": "warning", 524 "revisions": { 525 "v6.0.0": True, 526 "v7.0.0": True, 527 "v6.0.5": True, 528 "v6.4.4": True, 529 "v6.4.0": True, 530 "v6.4.1": True, 531 "v6.2.0": True, 532 "v6.2.3": True, 533 "v6.2.5": True, 534 "v6.2.7": True, 535 "v6.0.11": True 536 } 537 }, 538 { 539 "value": "notification", 540 "revisions": { 541 "v6.0.0": True, 542 "v7.0.0": True, 543 "v6.0.5": True, 544 "v6.4.4": True, 545 "v6.4.0": True, 546 "v6.4.1": True, 547 "v6.2.0": True, 548 "v6.2.3": True, 549 "v6.2.5": True, 550 "v6.2.7": True, 551 "v6.0.11": True 552 } 553 }, 554 { 555 "value": "information", 556 "revisions": { 557 "v6.0.0": True, 558 "v7.0.0": True, 559 "v6.0.5": True, 560 "v6.4.4": True, 561 "v6.4.0": True, 562 "v6.4.1": True, 563 "v6.2.0": True, 564 "v6.2.3": True, 565 "v6.2.5": True, 566 "v6.2.7": True, 567 "v6.0.11": True 568 } 569 }, 570 { 571 "value": "debug", 572 "revisions": { 573 "v6.0.0": True, 574 "v7.0.0": True, 575 "v6.0.5": True, 576 "v6.4.4": True, 577 "v6.4.0": True, 578 "v6.4.1": True, 579 "v6.2.0": True, 580 "v6.2.3": True, 581 "v6.2.5": True, 582 "v6.2.7": True, 583 "v6.0.11": True 584 } 585 } 586 ], 587 "revisions": { 588 "v6.0.0": True, 589 "v7.0.0": True, 590 "v6.0.5": True, 591 "v6.4.4": True, 592 "v6.4.0": True, 593 "v6.4.1": True, 594 "v6.2.0": True, 595 "v6.2.3": True, 596 "v6.2.5": True, 597 "v6.2.7": True, 598 "v6.0.11": True 599 } 600 }, 601 "multicast_traffic": { 602 "type": "string", 603 "options": [ 604 { 605 "value": "enable", 606 "revisions": { 607 "v6.0.0": True, 608 "v7.0.0": True, 609 "v6.0.5": True, 610 "v6.4.4": True, 611 "v6.4.0": True, 612 "v6.4.1": True, 613 "v6.2.0": True, 614 "v6.2.3": True, 615 "v6.2.5": True, 616 "v6.2.7": True, 617 "v6.0.11": True 618 } 619 }, 620 { 621 "value": "disable", 622 "revisions": { 623 "v6.0.0": True, 624 "v7.0.0": True, 625 "v6.0.5": True, 626 "v6.4.4": True, 627 "v6.4.0": True, 628 "v6.4.1": True, 629 "v6.2.0": True, 630 "v6.2.3": True, 631 "v6.2.5": True, 632 "v6.2.7": True, 633 "v6.0.11": True 634 } 635 } 636 ], 637 "revisions": { 638 "v6.0.0": True, 639 "v7.0.0": True, 640 "v6.0.5": True, 641 "v6.4.4": True, 642 "v6.4.0": True, 643 "v6.4.1": True, 644 "v6.2.0": True, 645 "v6.2.3": True, 646 "v6.2.5": True, 647 "v6.2.7": True, 648 "v6.0.11": True 649 } 650 }, 651 "local_traffic": { 652 "type": "string", 653 "options": [ 654 { 655 "value": "enable", 656 "revisions": { 657 "v6.0.0": True, 658 "v7.0.0": True, 659 "v6.0.5": True, 660 "v6.4.4": True, 661 "v6.4.0": True, 662 "v6.4.1": True, 663 "v6.2.0": True, 664 "v6.2.3": True, 665 "v6.2.5": True, 666 "v6.2.7": True, 667 "v6.0.11": True 668 } 669 }, 670 { 671 "value": "disable", 672 "revisions": { 673 "v6.0.0": True, 674 "v7.0.0": True, 675 "v6.0.5": True, 676 "v6.4.4": True, 677 "v6.4.0": True, 678 "v6.4.1": True, 679 "v6.2.0": True, 680 "v6.2.3": True, 681 "v6.2.5": True, 682 "v6.2.7": True, 683 "v6.0.11": True 684 } 685 } 686 ], 687 "revisions": { 688 "v6.0.0": True, 689 "v7.0.0": True, 690 "v6.0.5": True, 691 "v6.4.4": True, 692 "v6.4.0": True, 693 "v6.4.1": True, 694 "v6.2.0": True, 695 "v6.2.3": True, 696 "v6.2.5": True, 697 "v6.2.7": True, 698 "v6.0.11": True 699 } 700 }, 701 "voip": { 702 "type": "string", 703 "options": [ 704 { 705 "value": "enable", 706 "revisions": { 707 "v6.0.0": True, 708 "v7.0.0": True, 709 "v6.0.5": True, 710 "v6.4.4": True, 711 "v6.4.0": True, 712 "v6.4.1": True, 713 "v6.2.0": True, 714 "v6.2.3": True, 715 "v6.2.5": True, 716 "v6.2.7": True, 717 "v6.0.11": True 718 } 719 }, 720 { 721 "value": "disable", 722 "revisions": { 723 "v6.0.0": True, 724 "v7.0.0": True, 725 "v6.0.5": True, 726 "v6.4.4": True, 727 "v6.4.0": True, 728 "v6.4.1": True, 729 "v6.2.0": True, 730 "v6.2.3": True, 731 "v6.2.5": True, 732 "v6.2.7": True, 733 "v6.0.11": True 734 } 735 } 736 ], 737 "revisions": { 738 "v6.0.0": True, 739 "v7.0.0": True, 740 "v6.0.5": True, 741 "v6.4.4": True, 742 "v6.4.0": True, 743 "v6.4.1": True, 744 "v6.2.0": True, 745 "v6.2.3": True, 746 "v6.2.5": True, 747 "v6.2.7": True, 748 "v6.0.11": True 749 } 750 }, 751 "filter_type": { 752 "type": "string", 753 "options": [ 754 { 755 "value": "include", 756 "revisions": { 757 "v6.0.0": True, 758 "v6.0.5": True, 759 "v6.4.4": True, 760 "v6.4.0": True, 761 "v6.4.1": True, 762 "v6.2.0": True, 763 "v6.2.3": True, 764 "v6.2.5": True, 765 "v6.2.7": True, 766 "v6.0.11": True 767 } 768 }, 769 { 770 "value": "exclude", 771 "revisions": { 772 "v6.0.0": True, 773 "v6.0.5": True, 774 "v6.4.4": True, 775 "v6.4.0": True, 776 "v6.4.1": True, 777 "v6.2.0": True, 778 "v6.2.3": True, 779 "v6.2.5": True, 780 "v6.2.7": True, 781 "v6.0.11": True 782 } 783 } 784 ], 785 "revisions": { 786 "v6.0.0": True, 787 "v7.0.0": False, 788 "v6.0.5": True, 789 "v6.4.4": True, 790 "v6.4.0": True, 791 "v6.4.1": True, 792 "v6.2.0": True, 793 "v6.2.3": True, 794 "v6.2.5": True, 795 "v6.2.7": True, 796 "v6.0.11": True 797 } 798 }, 799 "gtp": { 800 "type": "string", 801 "options": [ 802 { 803 "value": "enable", 804 "revisions": { 805 "v6.0.0": True, 806 "v7.0.0": True, 807 "v6.0.5": True, 808 "v6.4.4": True, 809 "v6.4.0": True, 810 "v6.4.1": True, 811 "v6.2.0": True, 812 "v6.2.3": True, 813 "v6.2.5": True, 814 "v6.2.7": True, 815 "v6.0.11": True 816 } 817 }, 818 { 819 "value": "disable", 820 "revisions": { 821 "v6.0.0": True, 822 "v7.0.0": True, 823 "v6.0.5": True, 824 "v6.4.4": True, 825 "v6.4.0": True, 826 "v6.4.1": True, 827 "v6.2.0": True, 828 "v6.2.3": True, 829 "v6.2.5": True, 830 "v6.2.7": True, 831 "v6.0.11": True 832 } 833 } 834 ], 835 "revisions": { 836 "v6.0.0": True, 837 "v7.0.0": True, 838 "v6.0.5": True, 839 "v6.4.4": True, 840 "v6.4.0": True, 841 "v6.4.1": True, 842 "v6.2.0": True, 843 "v6.2.3": True, 844 "v6.2.5": True, 845 "v6.2.7": True, 846 "v6.0.11": True 847 } 848 }, 849 "sniffer_traffic": { 850 "type": "string", 851 "options": [ 852 { 853 "value": "enable", 854 "revisions": { 855 "v6.0.0": True, 856 "v7.0.0": True, 857 "v6.0.5": True, 858 "v6.4.4": True, 859 "v6.4.0": True, 860 "v6.4.1": True, 861 "v6.2.0": True, 862 "v6.2.3": True, 863 "v6.2.5": True, 864 "v6.2.7": True, 865 "v6.0.11": True 866 } 867 }, 868 { 869 "value": "disable", 870 "revisions": { 871 "v6.0.0": True, 872 "v7.0.0": True, 873 "v6.0.5": True, 874 "v6.4.4": True, 875 "v6.4.0": True, 876 "v6.4.1": True, 877 "v6.2.0": True, 878 "v6.2.3": True, 879 "v6.2.5": True, 880 "v6.2.7": True, 881 "v6.0.11": True 882 } 883 } 884 ], 885 "revisions": { 886 "v6.0.0": True, 887 "v7.0.0": True, 888 "v6.0.5": True, 889 "v6.4.4": True, 890 "v6.4.0": True, 891 "v6.4.1": True, 892 "v6.2.0": True, 893 "v6.2.3": True, 894 "v6.2.5": True, 895 "v6.2.7": True, 896 "v6.0.11": True 897 } 898 }, 899 "ssh": { 900 "type": "string", 901 "options": [ 902 { 903 "value": "enable", 904 "revisions": { 905 "v6.0.11": True, 906 "v6.0.0": True, 907 "v6.0.5": True 908 } 909 }, 910 { 911 "value": "disable", 912 "revisions": { 913 "v6.0.11": True, 914 "v6.0.0": True, 915 "v6.0.5": True 916 } 917 } 918 ], 919 "revisions": { 920 "v6.0.0": True, 921 "v7.0.0": False, 922 "v6.0.5": True, 923 "v6.4.4": False, 924 "v6.4.0": False, 925 "v6.4.1": False, 926 "v6.2.0": False, 927 "v6.2.3": False, 928 "v6.2.5": False, 929 "v6.2.7": False, 930 "v6.0.11": True 931 } 932 }, 933 "free_style": { 934 "type": "list", 935 "children": { 936 "category": { 937 "type": "string", 938 "options": [ 939 { 940 "value": "traffic", 941 "revisions": { 942 "v7.0.0": True 943 } 944 }, 945 { 946 "value": "event", 947 "revisions": { 948 "v7.0.0": True 949 } 950 }, 951 { 952 "value": "virus", 953 "revisions": { 954 "v7.0.0": True 955 } 956 }, 957 { 958 "value": "webfilter", 959 "revisions": { 960 "v7.0.0": True 961 } 962 }, 963 { 964 "value": "attack", 965 "revisions": { 966 "v7.0.0": True 967 } 968 }, 969 { 970 "value": "spam", 971 "revisions": { 972 "v7.0.0": True 973 } 974 }, 975 { 976 "value": "anomaly", 977 "revisions": { 978 "v7.0.0": True 979 } 980 }, 981 { 982 "value": "voip", 983 "revisions": { 984 "v7.0.0": True 985 } 986 }, 987 { 988 "value": "dlp", 989 "revisions": { 990 "v7.0.0": True 991 } 992 }, 993 { 994 "value": "app-ctrl", 995 "revisions": { 996 "v7.0.0": True 997 } 998 }, 999 { 1000 "value": "waf", 1001 "revisions": { 1002 "v7.0.0": True 1003 } 1004 }, 1005 { 1006 "value": "gtp", 1007 "revisions": { 1008 "v7.0.0": True 1009 } 1010 }, 1011 { 1012 "value": "dns", 1013 "revisions": { 1014 "v7.0.0": True 1015 } 1016 }, 1017 { 1018 "value": "ssh", 1019 "revisions": { 1020 "v7.0.0": True 1021 } 1022 }, 1023 { 1024 "value": "ssl", 1025 "revisions": { 1026 "v7.0.0": True 1027 } 1028 }, 1029 { 1030 "value": "file-filter", 1031 "revisions": { 1032 "v7.0.0": True 1033 } 1034 }, 1035 { 1036 "value": "icap", 1037 "revisions": { 1038 "v7.0.0": True 1039 } 1040 } 1041 ], 1042 "revisions": { 1043 "v7.0.0": True 1044 } 1045 }, 1046 "filter": { 1047 "type": "string", 1048 "revisions": { 1049 "v7.0.0": True 1050 } 1051 }, 1052 "id": { 1053 "type": "integer", 1054 "revisions": { 1055 "v7.0.0": True 1056 } 1057 }, 1058 "filter_type": { 1059 "type": "string", 1060 "options": [ 1061 { 1062 "value": "include", 1063 "revisions": { 1064 "v7.0.0": True 1065 } 1066 }, 1067 { 1068 "value": "exclude", 1069 "revisions": { 1070 "v7.0.0": True 1071 } 1072 } 1073 ], 1074 "revisions": { 1075 "v7.0.0": True 1076 } 1077 } 1078 }, 1079 "revisions": { 1080 "v7.0.0": True 1081 } 1082 }, 1083 "dlp_archive": { 1084 "type": "string", 1085 "options": [ 1086 { 1087 "value": "enable", 1088 "revisions": { 1089 "v6.0.0": True, 1090 "v7.0.0": True, 1091 "v6.0.5": True, 1092 "v6.4.4": True, 1093 "v6.4.0": True, 1094 "v6.4.1": True, 1095 "v6.2.0": True, 1096 "v6.2.3": True, 1097 "v6.2.5": True, 1098 "v6.2.7": True, 1099 "v6.0.11": True 1100 } 1101 }, 1102 { 1103 "value": "disable", 1104 "revisions": { 1105 "v6.0.0": True, 1106 "v7.0.0": True, 1107 "v6.0.5": True, 1108 "v6.4.4": True, 1109 "v6.4.0": True, 1110 "v6.4.1": True, 1111 "v6.2.0": True, 1112 "v6.2.3": True, 1113 "v6.2.5": True, 1114 "v6.2.7": True, 1115 "v6.0.11": True 1116 } 1117 } 1118 ], 1119 "revisions": { 1120 "v6.0.0": True, 1121 "v7.0.0": True, 1122 "v6.0.5": True, 1123 "v6.4.4": True, 1124 "v6.4.0": True, 1125 "v6.4.1": True, 1126 "v6.2.0": True, 1127 "v6.2.3": True, 1128 "v6.2.5": True, 1129 "v6.2.7": True, 1130 "v6.0.11": True 1131 } 1132 }, 1133 "netscan_vulnerability": { 1134 "type": "string", 1135 "revisions": { 1136 "v6.0.0": True, 1137 "v7.0.0": False, 1138 "v6.0.5": True, 1139 "v6.4.4": False, 1140 "v6.4.0": False, 1141 "v6.4.1": False, 1142 "v6.2.0": False, 1143 "v6.2.3": False, 1144 "v6.2.5": False, 1145 "v6.2.7": False, 1146 "v6.0.11": True 1147 } 1148 }, 1149 "anomaly": { 1150 "type": "string", 1151 "options": [ 1152 { 1153 "value": "enable", 1154 "revisions": { 1155 "v6.0.0": True, 1156 "v7.0.0": True, 1157 "v6.0.5": True, 1158 "v6.4.4": True, 1159 "v6.4.0": True, 1160 "v6.4.1": True, 1161 "v6.2.0": True, 1162 "v6.2.3": True, 1163 "v6.2.5": True, 1164 "v6.2.7": True, 1165 "v6.0.11": True 1166 } 1167 }, 1168 { 1169 "value": "disable", 1170 "revisions": { 1171 "v6.0.0": True, 1172 "v7.0.0": True, 1173 "v6.0.5": True, 1174 "v6.4.4": True, 1175 "v6.4.0": True, 1176 "v6.4.1": True, 1177 "v6.2.0": True, 1178 "v6.2.3": True, 1179 "v6.2.5": True, 1180 "v6.2.7": True, 1181 "v6.0.11": True 1182 } 1183 } 1184 ], 1185 "revisions": { 1186 "v6.0.0": True, 1187 "v7.0.0": True, 1188 "v6.0.5": True, 1189 "v6.4.4": True, 1190 "v6.4.0": True, 1191 "v6.4.1": True, 1192 "v6.2.0": True, 1193 "v6.2.3": True, 1194 "v6.2.5": True, 1195 "v6.2.7": True, 1196 "v6.0.11": True 1197 } 1198 }, 1199 "forward_traffic": { 1200 "type": "string", 1201 "options": [ 1202 { 1203 "value": "enable", 1204 "revisions": { 1205 "v6.0.0": True, 1206 "v7.0.0": True, 1207 "v6.0.5": True, 1208 "v6.4.4": True, 1209 "v6.4.0": True, 1210 "v6.4.1": True, 1211 "v6.2.0": True, 1212 "v6.2.3": True, 1213 "v6.2.5": True, 1214 "v6.2.7": True, 1215 "v6.0.11": True 1216 } 1217 }, 1218 { 1219 "value": "disable", 1220 "revisions": { 1221 "v6.0.0": True, 1222 "v7.0.0": True, 1223 "v6.0.5": True, 1224 "v6.4.4": True, 1225 "v6.4.0": True, 1226 "v6.4.1": True, 1227 "v6.2.0": True, 1228 "v6.2.3": True, 1229 "v6.2.5": True, 1230 "v6.2.7": True, 1231 "v6.0.11": True 1232 } 1233 } 1234 ], 1235 "revisions": { 1236 "v6.0.0": True, 1237 "v7.0.0": True, 1238 "v6.0.5": True, 1239 "v6.4.4": True, 1240 "v6.4.0": True, 1241 "v6.4.1": True, 1242 "v6.2.0": True, 1243 "v6.2.3": True, 1244 "v6.2.5": True, 1245 "v6.2.7": True, 1246 "v6.0.11": True 1247 } 1248 } 1249 }, 1250 "revisions": { 1251 "v6.0.0": True, 1252 "v7.0.0": True, 1253 "v6.0.5": True, 1254 "v6.4.4": True, 1255 "v6.4.0": True, 1256 "v6.4.1": True, 1257 "v6.2.0": True, 1258 "v6.2.3": True, 1259 "v6.2.5": True, 1260 "v6.2.7": True, 1261 "v6.0.11": True 1262 } 1263} 1264 1265 1266def main(): 1267 module_spec = schema_to_module_spec(versioned_schema) 1268 mkeyname = None 1269 fields = { 1270 "access_token": {"required": False, "type": "str", "no_log": True}, 1271 "enable_log": {"required": False, "type": bool}, 1272 "vdom": {"required": False, "type": "str", "default": "root"}, 1273 "log_fortianalyzer2_filter": { 1274 "required": False, "type": "dict", "default": None, 1275 "options": { 1276 } 1277 } 1278 } 1279 for attribute_name in module_spec['options']: 1280 fields["log_fortianalyzer2_filter"]['options'][attribute_name] = module_spec['options'][attribute_name] 1281 if mkeyname and mkeyname == attribute_name: 1282 fields["log_fortianalyzer2_filter"]['options'][attribute_name]['required'] = True 1283 1284 check_legacy_fortiosapi() 1285 module = AnsibleModule(argument_spec=fields, 1286 supports_check_mode=False) 1287 1288 versions_check_result = None 1289 if module._socket_path: 1290 connection = Connection(module._socket_path) 1291 if 'access_token' in module.params: 1292 connection.set_option('access_token', module.params['access_token']) 1293 1294 if 'enable_log' in module.params: 1295 connection.set_option('enable_log', module.params['enable_log']) 1296 else: 1297 connection.set_option('enable_log', False) 1298 fos = FortiOSHandler(connection, module, mkeyname) 1299 versions_check_result = check_schema_versioning(fos, versioned_schema, "log_fortianalyzer2_filter") 1300 1301 is_error, has_changed, result = fortios_log_fortianalyzer2(module.params, fos) 1302 1303 else: 1304 module.fail_json(**FAIL_SOCKET_MSG) 1305 1306 if versions_check_result and versions_check_result['matched'] is False: 1307 module.warn("Ansible has detected version mismatch between FortOS system and your playbook, see more details by specifying option -vvv") 1308 1309 if not is_error: 1310 if versions_check_result and versions_check_result['matched'] is False: 1311 module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result) 1312 else: 1313 module.exit_json(changed=has_changed, meta=result) 1314 else: 1315 if versions_check_result and versions_check_result['matched'] is False: 1316 module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result) 1317 else: 1318 module.fail_json(msg="Error in repo", meta=result) 1319 1320 1321if __name__ == '__main__': 1322 main() 1323