netapp.storagegrid.na_sg_grid_audit_destination module – Configure audit log destinations on StorageGRID.

Note

This module is part of the netapp.storagegrid collection (version 21.15.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install netapp.storagegrid.

To use it in a playbook, specify: netapp.storagegrid.na_sg_grid_audit_destination.

New in netapp.storagegrid 21.15.0

Synopsis

• Configure audit log destinations on NetApp StorageGRID.

Parameters

Parameter	Comments
api_url string / required	The url to the StorageGRID Admin Node REST API.
auth_token string / required	The authorization token for the API request
defaults dictionary	The defaults will be used to configure audit destinations on all nodes which are not in the nodes array.
admin_nodes dictionary	Configuration for traditional audit log export to admin nodes.
enabled boolean	If true, traditional audit log export to admin nodes is enabled. Choices: false true ← (default)
remote_syslog_server dictionary	Configuration for sending audit logs to an external syslog server.
application_logs_facility integer	Syslog facility to use for application logs sent to external syslog server, or -1 to preserve the local facility. Default: -1
application_logs_send boolean	If true, send application logs to the external syslog server. Choices: false true ← (default)
application_logs_severity integer	Syslog severity to use for application logs sent to external syslog server, or -1 to preserve the local severity. Default: -1
audit_logs_facility integer	Syslog facility to use for audit logs sent to external syslog server, or -1 to preserve the local facility. Default: 23
audit_logs_send boolean	If true, send audit logs to the external syslog server. Choices: false true ← (default)
audit_logs_severity integer	Syslog severity to use for audit logs sent to external syslog server, or -1 to preserve the local severity. Default: 6
auth_events_facility integer	Syslog facility to use for security events sent to external syslog server, or -1 to preserve the local facility. Default: -1
auth_events_send boolean	If true, send security events to the external syslog server. Choices: false true ← (default)
auth_events_severity integer	Syslog severity to use for security events sent to external syslog server, or -1 to preserve the local severity. Default: -1
client_cert string	Client certificate for authentication to external syslog server (in PEM encoding).
client_key string	Private key for the client certificate (in PEM encoding). If encrypted, must use traditional format (cannot use PKCS
client_key_passphrase string	Passphrase for decrypting the client private key; omit the passphrase if the private key is not encrypted.
enabled boolean	If true, the external syslog server destination is enabled. Choices: false ← (default) true
hostname string / required	The IP or DNS hostname to send syslog messages to.
insecure_TLS boolean	Flag to permit insecure Transport Layer Security (TLS) for external syslog server connections. Choices: false ← (default) true
port integer	The port number to send syslog messages to. Default: 514
protocol string	The IP protocol to use for sending to the external syslog server. Choices: "udp" ← (default) "tcp" "tls" "relp+tcp" "relp+tls"
server_ca_cert string	One or more trusted CA certificates for verifying the external syslog server (in PEM encoding). If omitted, the operating system CA certificates will be used.
tls_configuration_parameters string	OpenSSL configuration commands, only used when protocol is tls.
remote_syslog_server_test dictionary	Configuration for sending audit test messages to an external syslog server.
application_logs_facility integer	Syslog facility to use for application logs sent to external syslog server, or -1 to preserve the local facility. Default: -1
application_logs_send boolean	If true, send application logs to the external syslog server. Choices: false true ← (default)
application_logs_severity integer	Syslog severity to use for application logs sent to external syslog server, or -1 to preserve the local severity. Default: -1
audit_logs_facility integer	Syslog facility to use for audit logs sent to external syslog server, or -1 to preserve the local facility. Default: 23
audit_logs_send boolean	If true, send audit logs to the external syslog server. Choices: false true ← (default)
audit_logs_severity integer	Syslog severity to use for audit logs sent to external syslog server, or -1 to preserve the local severity. Default: 6
auth_events_facility integer	Syslog facility to use for security events sent to external syslog server, or -1 to preserve the local facility. Default: -1
auth_events_send boolean	If true, send security events to the external syslog server. Choices: false true ← (default)
auth_events_severity integer	Syslog severity to use for security events sent to external syslog server, or -1 to preserve the local severity. Default: -1
client_cert string	Client certificate for authentication to external syslog server (in PEM encoding).
client_key string	Private key for the client certificate (in PEM encoding). If encrypted, must use traditional format (cannot use PKCS
client_key_passphrase string	Passphrase for decrypting the client private key; omit the passphrase if the private key is not encrypted.
enabled boolean	If true, the external syslog server destination is enabled. Choices: false ← (default) true
hostname string / required	The IP or DNS hostname to send syslog messages to.
insecure_TLS boolean	Flag to permit insecure Transport Layer Security (TLS) for external syslog server connections. Choices: false ← (default) true
port integer	The port number to send syslog messages to. Default: 514
protocol string	The IP protocol to use for sending to the external syslog server. Choices: "udp" ← (default) "tcp" "tls" "relp+tcp" "relp+tls"
server_ca_cert string	One or more trusted CA certificates for verifying the external syslog server (in PEM encoding). If omitted, the operating system CA certificates will be used.
tls_configuration_parameters string	OpenSSL configuration commands, only used when protocol is tls.
nodes list / elements=dictionary	Optional per-node configuration stanzas in the nodes array override the default configuration.
admin_nodes dictionary	Configuration for traditional audit log export to admin nodes.
enabled boolean	If true, traditional audit log export to admin nodes is enabled. Choices: false true ← (default)
node_id string	An optional map of node UUIDs to their audit log destination configurations.
remote_syslog_server dictionary	Configuration for sending audit logs to an external syslog server.
application_logs_facility integer	Syslog facility to use for application logs sent to external syslog server, or -1 to preserve the local facility. Default: -1
application_logs_send boolean	If true, send application logs to the external syslog server. Choices: false true ← (default)
application_logs_severity integer	Syslog severity to use for application logs sent to external syslog server, or -1 to preserve the local severity. Default: -1
audit_logs_facility integer	Syslog facility to use for audit logs sent to external syslog server, or -1 to preserve the local facility. Default: 23
audit_logs_send boolean	If true, send audit logs to the external syslog server. Choices: false true ← (default)
audit_logs_severity integer	Syslog severity to use for audit logs sent to external syslog server, or -1 to preserve the local severity. Default: 6
auth_events_facility integer	Syslog facility to use for security events sent to external syslog server, or -1 to preserve the local facility. Default: -1
auth_events_send boolean	If true, send security events to the external syslog server. Choices: false true ← (default)
auth_events_severity integer	Syslog severity to use for security events sent to external syslog server, or -1 to preserve the local severity. Default: -1
client_cert string	Client certificate for authentication to external syslog server (in PEM encoding).
client_key string	Private key for the client certificate (in PEM encoding). If encrypted, must use traditional format (cannot use PKCS
client_key_passphrase string	Passphrase for decrypting the client private key; omit the passphrase if the private key is not encrypted.
enabled boolean	If true, the external syslog server destination is enabled. Choices: false ← (default) true
hostname string / required	The IP or DNS hostname to send syslog messages to.
insecure_TLS boolean	Flag to permit insecure Transport Layer Security (TLS) for external syslog server connections. Choices: false ← (default) true
port integer	The port number to send syslog messages to. Default: 514
protocol string	The IP protocol to use for sending to the external syslog server. Choices: "udp" ← (default) "tcp" "tls" "relp+tcp" "relp+tls"
server_ca_cert string	One or more trusted CA certificates for verifying the external syslog server (in PEM encoding). If omitted, the operating system CA certificates will be used.
tls_configuration_parameters string	OpenSSL configuration commands, only used when protocol is tls.
remote_syslog_server_test dictionary	Configuration for sending audit test messages to an external syslog server.
application_logs_facility integer	Syslog facility to use for application logs sent to external syslog server, or -1 to preserve the local facility. Default: -1
application_logs_send boolean	If true, send application logs to the external syslog server. Choices: false true ← (default)
application_logs_severity integer	Syslog severity to use for application logs sent to external syslog server, or -1 to preserve the local severity. Default: -1
audit_logs_facility integer	Syslog facility to use for audit logs sent to external syslog server, or -1 to preserve the local facility. Default: 23
audit_logs_send boolean	If true, send audit logs to the external syslog server. Choices: false true ← (default)
audit_logs_severity integer	Syslog severity to use for audit logs sent to external syslog server, or -1 to preserve the local severity. Default: 6
auth_events_facility integer	Syslog facility to use for security events sent to external syslog server, or -1 to preserve the local facility. Default: -1
auth_events_send boolean	If true, send security events to the external syslog server. Choices: false true ← (default)
auth_events_severity integer	Syslog severity to use for security events sent to external syslog server, or -1 to preserve the local severity. Default: -1
client_cert string	Client certificate for authentication to external syslog server (in PEM encoding).
client_key string	Private key for the client certificate (in PEM encoding). If encrypted, must use traditional format (cannot use PKCS
client_key_passphrase string	Passphrase for decrypting the client private key; omit the passphrase if the private key is not encrypted.
enabled boolean	If true, the external syslog server destination is enabled. Choices: false ← (default) true
hostname string / required	The IP or DNS hostname to send syslog messages to.
insecure_TLS boolean	Flag to permit insecure Transport Layer Security (TLS) for external syslog server connections. Choices: false ← (default) true
port integer	The port number to send syslog messages to. Default: 514
protocol string	The IP protocol to use for sending to the external syslog server. Choices: "udp" ← (default) "tcp" "tls" "relp+tcp" "relp+tls"
server_ca_cert string	One or more trusted CA certificates for verifying the external syslog server (in PEM encoding). If omitted, the operating system CA certificates will be used.
tls_configuration_parameters string	OpenSSL configuration commands, only used when protocol is tls.
state string	The audit destination should be present. Choices: "present" ← (default)
validate_certs boolean	Should https certificates be validated? Choices: false true ← (default)

Notes

Note

• The modules prefixed with na_sg are built to manage NetApp StorageGRID.

Examples

- name: Configure audit destination defaults
  na_sg_grid_audit_destination:
    state: present
    api_url: "https://gmi.example.com"
    auth_token: "01234567-5678-9abc-78de-9fgabc123def"
    validate_certs: false
    defaults:
      admin_nodes:
        enabled: true
      remote_syslog_server:
        enabled: true
        protocol: udp
        hostname: "syslog.example.com"
        port: 514
        auth_events_send: true
        auth_events_facility: -1
        auth_events_severity: -1
        audit_logs_send: true
        audit_logs_facility: 23
        audit_logs_severity: 6
        application_logs_send: true
        application_logs_facility: -1
        application_logs_severity: -1

- name: Configure audit destination for specific nodes
  na_sg_grid_audit_destination:
    state: present
    api_url: "https://gmi.example.com"
    auth_token: "01234567-5678-9abc-78de-9fgabc123def"
    validate_certs: false
    nodes:
      - node_id: "6562d5d8-f218-45ff-a466-5bb39e729288"
        admin_nodes:
          enabled: true
        remote_syslog_server:
          enabled: true
          protocol: udp
          hostname: "syslog.example.com"
          port: 514
          auth_events_send: true
          auth_events_facility: -1
          auth_events_severity: -1
          audit_logs_send: true
          audit_logs_facility: 23
          audit_logs_severity: 6
          application_logs_send: true
          application_logs_facility: -1
          application_logs_severity: -1

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

resp dictionary

Returns information about the StorageGRID Audit destination. Returned: If state is ‘present’. Sample: {"defaults": {"adminNodes": {"enabled": true}, "remoteSyslogServerA": {"applicationLogsFacility": -1, "applicationLogsSend": true, "applicationLogsSeverity": -1, "auditLogsFacility": 23, "auditLogsSend": true, "auditLogsSeverity": 6, "authEventsFacility": -1, "authEventsSend": true, "authEventsSeverity": -1, "clientCert": "<Client certificate in PEM-encoding>", "clientKey": "<Client private key in PEM-encoding>", "clientKeyPassphrase": "<Client private key passphrase>", "enabled": true, "hostname": "syslog.example.com", "insecureTLS": false, "port": 514, "protocol": "tls", "serverCaCert": "<CA bundle in PEM-encoding>", "tlsConfigurationParameters": "<OpenSSL configuration commands>"}, "remoteSyslogServerATest": {"applicationLogsFacility": -1, "applicationLogsSend": true, "applicationLogsSeverity": -1, "auditLogsFacility": 23, "auditLogsSend": true, "auditLogsSeverity": 6, "authEventsFacility": -1, "authEventsSend": true, "authEventsSeverity": -1, "clientCert": "<Client certificate in PEM-encoding>", "clientKey": "<Client private key in PEM-encoding>", "clientKeyPassphrase": "<Client private key passphrase>", "enabled": true, "hostname": "syslog.example.com", "insecureTLS": false, "port": 514, "protocol": "tls", "serverCaCert": "<CA bundle in PEM-encoding>", "tlsConfigurationParameters": "<OpenSSL configuration commands>"}}, "nodes": {"6562d5d8-f218-45ff-a466-5bb39e729288": {"adminNodes": {"enabled": true}, "remoteSyslogServerA": {"applicationLogsFacility": -1, "applicationLogsSend": true, "applicationLogsSeverity": -1, "auditLogsFacility": 23, "auditLogsSend": true, "auditLogsSeverity": 6, "authEventsFacility": -1, "authEventsSend": true, "authEventsSeverity": -1, "clientCert": "<Client certificate in PEM-encoding>", "clientKey": "<Client private key in PEM-encoding>", "clientKeyPassphrase": "<Client private key passphrase>", "enabled": true, "hostname": "syslog.example.com", "insecureTLS": false, "port": 514, "protocol": "tls", "serverCaCert": "<CA bundle in PEM-encoding>", "tlsConfigurationParameters": "<OpenSSL configuration commands>"}, "remoteSyslogServerATest": {"applicationLogsFacility": -1, "applicationLogsSend": true, "applicationLogsSeverity": -1, "auditLogsFacility": 23, "auditLogsSend": true, "auditLogsSeverity": 6, "authEventsFacility": -1, "authEventsSend": true, "authEventsSeverity": -1, "clientCert": "<Client certificate in PEM-encoding>", "clientKey": "<Client private key in PEM-encoding>", "clientKeyPassphrase": "<Client private key passphrase>", "enabled": true, "hostname": "syslog.example.com", "insecureTLS": false, "port": 514, "protocol": "tls", "serverCaCert": "<CA bundle in PEM-encoding>", "tlsConfigurationParameters": "<OpenSSL configuration commands>"}}}}

Authors

• NetApp Ansible Team (@vinaykus)

Collection links

• Homepage
• Repository (Sources)