fortinet.fortios.fortios_log_fact – Retrieve log data of fortios log objects.

Note

This plugin is part of the fortinet.fortios collection (version 2.1.2).

To install it use: ansible-galaxy collection install fortinet.fortios.

To use it in a playbook, specify: fortinet.fortios.fortios_log_fact.

New in version 2.10: of fortinet.fortios

Synopsis

  • Retrieve log related to disk, memory, fortianalyzer and forticloud.

Requirements

The below requirements are needed on the host that executes this module.

  • install galaxy collection fortinet.fortios >= 2.1.0.

Parameters

Parameter Choices/Defaults Comments
access_token
string
Token-based authentication. Generated from GUI of Fortigate.
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task.
filters
list / elements=string
A list of expressions to filter the returned results.
The items of the list are combined as LOGICAL AND with operator ampersand.
One item itself could be concatenated with a comma as LOGICAL OR.
formatters
list / elements=string
A list of fields to display for returned results.
params
dictionary
the parameter for each selector, see definition in above list.
selector
string / required
    Choices:
  • memory_event_connector
  • memory_virus_archive
  • forticloud_event_router
  • forticloud_app-ctrl_raw
  • memory_cifs_raw
  • disk_waf_raw
  • forticloud_emailfilter_raw
  • disk_traffic_sniffer
  • memory_traffic_multicast
  • fortianalyzer_event_vpn
  • disk_ips_archive-download
  • disk_gtp_raw
  • memory_app-ctrl_archive
  • forticloud_webfilter_raw
  • fortianalyzer_ips_archive
  • disk_app-ctrl_archive-download
  • memory_emailfilter_raw
  • fortianalyzer_traffic_fortiview
  • forticloud_event_security-rating
  • disk_event_security-rating
  • memory_event_user
  • fortianalyzer_event_router
  • fortianalyzer_event_compliance-check
  • disk_ips_raw
  • fortianalyzer_app-ctrl_archive
  • disk_event_router
  • disk_event_wireless
  • fortianalyzer_traffic_threat
  • forticloud_event_user
  • forticloud_ips_archive
  • forticloud_dns_raw
  • fortianalyzer_event_system
  • forticloud_event_wireless
  • forticloud_event_connector
  • forticloud_traffic_local
  • fortianalyzer_app-ctrl_archive-download
  • memory_virus_raw
  • fortianalyzer_event_connector
  • forticloud_app-ctrl_archive-download
  • memory_event_endpoint
  • disk_traffic_forward
  • disk_dlp_raw
  • memory_waf_raw
  • disk_app-ctrl_archive
  • disk_event_fortiextender
  • memory_ssl_raw
  • memory_event_vpn
  • memory_voip_raw
  • forticloud_traffic_sniffer
  • memory_event_fortiextender
  • forticloud_traffic_threat
  • disk_ips_archive
  • fortianalyzer_event_wireless
  • memory_traffic_forward
  • memory_event_system
  • disk_traffic_local
  • fortianalyzer_cifs_raw
  • memory_traffic_local
  • memory_anomaly_raw
  • disk_webfilter_raw
  • forticloud_dlp_raw
  • fortianalyzer_voip_raw
  • fortianalyzer_traffic_multicast
  • forticloud_cifs_raw
  • disk_voip_raw
  • fortianalyzer_file-filter_raw
  • disk_app-ctrl_raw
  • disk_event_ha
  • disk_event_vpn
  • memory_event_router
  • memory_event_ha
  • forticloud_traffic_fortiview
  • forticloud_virus_archive
  • fortianalyzer_app-ctrl_raw
  • fortianalyzer_traffic_forward
  • fortianalyzer_dns_raw
  • forticloud_ips_raw
  • disk_ssh_raw
  • fortianalyzer_ips_archive-download
  • disk_anomaly_raw
  • disk_ssl_raw
  • memory_event_compliance-check
  • forticloud_event_wad
  • fortianalyzer_gtp_raw
  • memory_ssh_raw
  • disk_virus_archive
  • forticloud_traffic_forward
  • forticloud_ssh_raw
  • forticloud_ssl_raw
  • memory_ips_archive
  • forticloud_event_fortiextender
  • forticloud_waf_raw
  • disk_traffic_fortiview
  • memory_traffic_sniffer
  • forticloud_gtp_raw
  • fortianalyzer_emailfilter_raw
  • forticloud_file-filter_raw
  • fortianalyzer_event_wad
  • disk_virus_raw
  • disk_dns_raw
  • memory_ips_raw
  • forticloud_anomaly_raw
  • forticloud_app-ctrl_archive
  • memory_app-ctrl_raw
  • fortianalyzer_event_user
  • disk_traffic_multicast
  • fortianalyzer_anomaly_raw
  • memory_traffic_threat
  • fortianalyzer_virus_archive
  • memory_event_wireless
  • memory_webfilter_raw
  • forticloud_virus_raw
  • memory_event_security-rating
  • fortianalyzer_dlp_raw
  • forticloud_voip_raw
  • memory_file-filter_raw
  • forticloud_event_compliance-check
  • fortianalyzer_webfilter_raw
  • disk_file-filter_raw
  • disk_event_wad
  • fortianalyzer_virus_raw
  • fortianalyzer_ssh_raw
  • forticloud_event_ha
  • memory_gtp_raw
  • forticloud_event_vpn
  • memory_event_wad
  • fortianalyzer_ips_raw
  • disk_event_endpoint
  • disk_event_system
  • memory_dlp_raw
  • forticloud_event_system
  • disk_event_connector
  • fortianalyzer_event_ha
  • forticloud_ips_archive-download
  • fortianalyzer_ssl_raw
  • fortianalyzer_traffic_local
  • disk_emailfilter_raw
  • memory_traffic_fortiview
  • forticloud_traffic_multicast
  • fortianalyzer_event_security-rating
  • disk_event_compliance-check
  • fortianalyzer_event_fortiextender
  • disk_event_user
  • disk_traffic_threat
  • forticloud_event_endpoint
  • fortianalyzer_traffic_sniffer
  • fortianalyzer_event_endpoint
  • memory_dns_raw
  • memory_ips_archive-download
  • fortianalyzer_waf_raw
  • disk_cifs_raw
  • memory_app-ctrl_archive-download
selector of the retrieved log type
sorters
list / elements=string
A list of expressions to sort the returned results.
The items of the list are in ascending order with operator ampersand.
One item itself could be in decending order with a comma inside.
vdom
string
Default:
"root"
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Notes

Note

  • Different selector may have different parameters, users are expected to look up them for a specific selector.

  • For some selectors, the objects are global, no params are allowed to appear

  • Not all parameters are required for a slector.

  • This module is exclusivly for FortiOS Log API.

Examples

- hosts: fortigate03
  connection: httpapi
  collections:
  - fortinet.fortios
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:

  - name: Get system event log with logid==0100032038
    fortios_log_fact:
       filters:
         - logid==0100032038
       selector: "disk_event_system"
       params:
         rows: 100

  - name: Get a description of the quarantined virus file
    fortios_log_fact:
       selector: "forticloud_virus_archive"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
build
string
always
Build number of the fortigate image

Sample:
1547
rows
integer
always
Number of rows to return

Sample:
400
serial
string
always
Serial number of the unit

Sample:
FGVMEVYYQT3AB5352
session_id
integer
always
session id for the request

Sample:
7
start
integer
always
Row number for the first row to return

status
string
always
Indication of the operation's result

Sample:
success
subcategory
string
always
Type of log that can be retrieved

Sample:
system
total_lines
integer
always
Total lines returned from the result

Sample:
510
vdom
string
always
Virtual domain used

Sample:
root
version
string
always
Version of the FortiGate

Sample:
v5.6.3


Authors

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Hongbin Lu (@fgtdev-hblu)

  • Frank Shen (@fshen01)