1#!/usr/bin/python 2from __future__ import (absolute_import, division, print_function) 3# Copyright 2019 Fortinet, Inc. 4# 5# This program is free software: you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation, either version 3 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program. If not, see <https://www.gnu.org/licenses/>. 17 18__metaclass__ = type 19 20ANSIBLE_METADATA = {'status': ['preview'], 21 'supported_by': 'community', 22 'metadata_version': '1.1'} 23 24DOCUMENTATION = ''' 25--- 26module: fortios_log_syslogd3_setting 27short_description: Global settings for remote syslog server in Fortinet's FortiOS and FortiGate. 28description: 29 - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the 30 user to set and modify log_syslogd3 feature and setting category. 31 Examples include all parameters and values need to be adjusted to datasources before usage. 32 Tested with FOS v6.0.5 33version_added: "2.8" 34author: 35 - Miguel Angel Munoz (@mamunozgonzalez) 36 - Nicolas Thomas (@thomnico) 37notes: 38 - Requires fortiosapi library developed by Fortinet 39 - Run as a local_action in your playbook 40requirements: 41 - fortiosapi>=0.9.8 42options: 43 host: 44 description: 45 - FortiOS or FortiGate IP address. 46 type: str 47 required: false 48 username: 49 description: 50 - FortiOS or FortiGate username. 51 type: str 52 required: false 53 password: 54 description: 55 - FortiOS or FortiGate password. 56 type: str 57 default: "" 58 vdom: 59 description: 60 - Virtual domain, among those defined previously. A vdom is a 61 virtual instance of the FortiGate that can be configured and 62 used as a different unit. 63 type: str 64 default: root 65 https: 66 description: 67 - Indicates if the requests towards FortiGate must use HTTPS protocol. 68 type: bool 69 default: true 70 ssl_verify: 71 description: 72 - Ensures FortiGate certificate must be verified by a proper CA. 73 type: bool 74 default: true 75 version_added: 2.9 76 log_syslogd3_setting: 77 description: 78 - Global settings for remote syslog server. 79 default: null 80 type: dict 81 suboptions: 82 certificate: 83 description: 84 - Certificate used to communicate with Syslog server. Source certificate.local.name. 85 type: str 86 custom_field_name: 87 description: 88 - Custom field name for CEF format logging. 89 type: list 90 suboptions: 91 custom: 92 description: 93 - Field custom name. 94 type: str 95 id: 96 description: 97 - Entry ID. 98 required: true 99 type: int 100 name: 101 description: 102 - Field name. 103 type: str 104 enc_algorithm: 105 description: 106 - Enable/disable reliable syslogging with TLS encryption. 107 type: str 108 choices: 109 - high-medium 110 - high 111 - low 112 - disable 113 facility: 114 description: 115 - Remote syslog facility. 116 type: str 117 choices: 118 - kernel 119 - user 120 - mail 121 - daemon 122 - auth 123 - syslog 124 - lpr 125 - news 126 - uucp 127 - cron 128 - authpriv 129 - ftp 130 - ntp 131 - audit 132 - alert 133 - clock 134 - local0 135 - local1 136 - local2 137 - local3 138 - local4 139 - local5 140 - local6 141 - local7 142 format: 143 description: 144 - Log format. 145 type: str 146 choices: 147 - default 148 - csv 149 - cef 150 mode: 151 description: 152 - Remote syslog logging over UDP/Reliable TCP. 153 type: str 154 choices: 155 - udp 156 - legacy-reliable 157 - reliable 158 port: 159 description: 160 - Server listen port. 161 type: int 162 server: 163 description: 164 - Address of remote syslog server. 165 type: str 166 source_ip: 167 description: 168 - Source IP address of syslog. 169 type: str 170 ssl_min_proto_version: 171 description: 172 - Minimum supported protocol version for SSL/TLS connections . 173 type: str 174 choices: 175 - default 176 - SSLv3 177 - TLSv1 178 - TLSv1-1 179 - TLSv1-2 180 status: 181 description: 182 - Enable/disable remote syslog logging. 183 type: str 184 choices: 185 - enable 186 - disable 187''' 188 189EXAMPLES = ''' 190- hosts: localhost 191 vars: 192 host: "192.168.122.40" 193 username: "admin" 194 password: "" 195 vdom: "root" 196 ssl_verify: "False" 197 tasks: 198 - name: Global settings for remote syslog server. 199 fortios_log_syslogd3_setting: 200 host: "{{ host }}" 201 username: "{{ username }}" 202 password: "{{ password }}" 203 vdom: "{{ vdom }}" 204 https: "False" 205 log_syslogd3_setting: 206 certificate: "<your_own_value> (source certificate.local.name)" 207 custom_field_name: 208 - 209 custom: "<your_own_value>" 210 id: "6" 211 name: "default_name_7" 212 enc_algorithm: "high-medium" 213 facility: "kernel" 214 format: "default" 215 mode: "udp" 216 port: "12" 217 server: "192.168.100.40" 218 source_ip: "84.230.14.43" 219 ssl_min_proto_version: "default" 220 status: "enable" 221''' 222 223RETURN = ''' 224build: 225 description: Build number of the fortigate image 226 returned: always 227 type: str 228 sample: '1547' 229http_method: 230 description: Last method used to provision the content into FortiGate 231 returned: always 232 type: str 233 sample: 'PUT' 234http_status: 235 description: Last result given by FortiGate on last operation applied 236 returned: always 237 type: str 238 sample: "200" 239mkey: 240 description: Master key (id) used in the last call to FortiGate 241 returned: success 242 type: str 243 sample: "id" 244name: 245 description: Name of the table used to fulfill the request 246 returned: always 247 type: str 248 sample: "urlfilter" 249path: 250 description: Path of the table used to fulfill the request 251 returned: always 252 type: str 253 sample: "webfilter" 254revision: 255 description: Internal revision number 256 returned: always 257 type: str 258 sample: "17.0.2.10658" 259serial: 260 description: Serial number of the unit 261 returned: always 262 type: str 263 sample: "FGVMEVYYQT3AB5352" 264status: 265 description: Indication of the operation's result 266 returned: always 267 type: str 268 sample: "success" 269vdom: 270 description: Virtual domain used 271 returned: always 272 type: str 273 sample: "root" 274version: 275 description: Version of the FortiGate 276 returned: always 277 type: str 278 sample: "v5.6.3" 279 280''' 281 282from ansible.module_utils.basic import AnsibleModule 283from ansible.module_utils.connection import Connection 284from ansible.module_utils.network.fortios.fortios import FortiOSHandler 285from ansible.module_utils.network.fortimanager.common import FAIL_SOCKET_MSG 286 287 288def login(data, fos): 289 host = data['host'] 290 username = data['username'] 291 password = data['password'] 292 ssl_verify = data['ssl_verify'] 293 294 fos.debug('on') 295 if 'https' in data and not data['https']: 296 fos.https('off') 297 else: 298 fos.https('on') 299 300 fos.login(host, username, password, verify=ssl_verify) 301 302 303def filter_log_syslogd3_setting_data(json): 304 option_list = ['certificate', 'custom_field_name', 'enc_algorithm', 305 'facility', 'format', 'mode', 306 'port', 'server', 'source_ip', 307 'ssl_min_proto_version', 'status'] 308 dictionary = {} 309 310 for attribute in option_list: 311 if attribute in json and json[attribute] is not None: 312 dictionary[attribute] = json[attribute] 313 314 return dictionary 315 316 317def underscore_to_hyphen(data): 318 if isinstance(data, list): 319 for elem in data: 320 elem = underscore_to_hyphen(elem) 321 elif isinstance(data, dict): 322 new_data = {} 323 for k, v in data.items(): 324 new_data[k.replace('_', '-')] = underscore_to_hyphen(v) 325 data = new_data 326 327 return data 328 329 330def log_syslogd3_setting(data, fos): 331 vdom = data['vdom'] 332 log_syslogd3_setting_data = data['log_syslogd3_setting'] 333 filtered_data = underscore_to_hyphen(filter_log_syslogd3_setting_data(log_syslogd3_setting_data)) 334 335 return fos.set('log.syslogd3', 336 'setting', 337 data=filtered_data, 338 vdom=vdom) 339 340 341def is_successful_status(status): 342 return status['status'] == "success" or \ 343 status['http_method'] == "DELETE" and status['http_status'] == 404 344 345 346def fortios_log_syslogd3(data, fos): 347 348 if data['log_syslogd3_setting']: 349 resp = log_syslogd3_setting(data, fos) 350 351 return not is_successful_status(resp), \ 352 resp['status'] == "success", \ 353 resp 354 355 356def main(): 357 fields = { 358 "host": {"required": False, "type": "str"}, 359 "username": {"required": False, "type": "str"}, 360 "password": {"required": False, "type": "str", "default": "", "no_log": True}, 361 "vdom": {"required": False, "type": "str", "default": "root"}, 362 "https": {"required": False, "type": "bool", "default": True}, 363 "ssl_verify": {"required": False, "type": "bool", "default": True}, 364 "log_syslogd3_setting": { 365 "required": False, "type": "dict", "default": None, 366 "options": { 367 "certificate": {"required": False, "type": "str"}, 368 "custom_field_name": {"required": False, "type": "list", 369 "options": { 370 "custom": {"required": False, "type": "str"}, 371 "id": {"required": True, "type": "int"}, 372 "name": {"required": False, "type": "str"} 373 }}, 374 "enc_algorithm": {"required": False, "type": "str", 375 "choices": ["high-medium", "high", "low", 376 "disable"]}, 377 "facility": {"required": False, "type": "str", 378 "choices": ["kernel", "user", "mail", 379 "daemon", "auth", "syslog", 380 "lpr", "news", "uucp", 381 "cron", "authpriv", "ftp", 382 "ntp", "audit", "alert", 383 "clock", "local0", "local1", 384 "local2", "local3", "local4", 385 "local5", "local6", "local7"]}, 386 "format": {"required": False, "type": "str", 387 "choices": ["default", "csv", "cef"]}, 388 "mode": {"required": False, "type": "str", 389 "choices": ["udp", "legacy-reliable", "reliable"]}, 390 "port": {"required": False, "type": "int"}, 391 "server": {"required": False, "type": "str"}, 392 "source_ip": {"required": False, "type": "str"}, 393 "ssl_min_proto_version": {"required": False, "type": "str", 394 "choices": ["default", "SSLv3", "TLSv1", 395 "TLSv1-1", "TLSv1-2"]}, 396 "status": {"required": False, "type": "str", 397 "choices": ["enable", "disable"]} 398 399 } 400 } 401 } 402 403 module = AnsibleModule(argument_spec=fields, 404 supports_check_mode=False) 405 406 # legacy_mode refers to using fortiosapi instead of HTTPAPI 407 legacy_mode = 'host' in module.params and module.params['host'] is not None and \ 408 'username' in module.params and module.params['username'] is not None and \ 409 'password' in module.params and module.params['password'] is not None 410 411 if not legacy_mode: 412 if module._socket_path: 413 connection = Connection(module._socket_path) 414 fos = FortiOSHandler(connection) 415 416 is_error, has_changed, result = fortios_log_syslogd3(module.params, fos) 417 else: 418 module.fail_json(**FAIL_SOCKET_MSG) 419 else: 420 try: 421 from fortiosapi import FortiOSAPI 422 except ImportError: 423 module.fail_json(msg="fortiosapi module is required") 424 425 fos = FortiOSAPI() 426 427 login(module.params, fos) 428 is_error, has_changed, result = fortios_log_syslogd3(module.params, fos) 429 fos.logout() 430 431 if not is_error: 432 module.exit_json(changed=has_changed, meta=result) 433 else: 434 module.fail_json(msg="Error in repo", meta=result) 435 436 437if __name__ == '__main__': 438 main() 439