sophos.sophos_firewall.sfos_syslog module – Manage Syslog servers (Configure > System services > Log settings)

Note

This module is part of the sophos.sophos_firewall collection (version 2.0.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install sophos.sophos_firewall. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: sophos.sophos_firewall.sfos_syslog.

New in sophos.sophos_firewall 1.2.0

Synopsis

• Manage Syslog Servers (Configure > System services > Log settings) on Sophos Firewall

Requirements

The below requirements are needed on the host that executes this module.

• sophosfirewall-python

• Beginning in version 2.0.0, this module requires use of an httpapi connection plugin. See the HTTPAPI example for details.

Parameters

Parameter	Comments
address string	IP address or hostname of syslog server
default_logging string	Indicates whether unspecified logging settings should be Enabled or Disabled by default Choices: "Enable" ← (default) "Disable"
facility string	Logging facility Choices: "DAEMON" "LOCAL0" "LOCAL1" "LOCAL2" "LOCAL3" "LOCAL4" "LOCAL5" "LOCAL6" "LOCAL7" "KERNEL" "USER"
format string	Syslog message format Choices: "Device standard" "Standard syslog"
log_settings dictionary	Logging settings
anti_spam dictionary	IPS log settings
imap string	Enable/Disable logging for IMAP Choices: "Enable" "Disable"
imaps string	Enable/Disable logging for IMAPS Choices: "Enable" "Disable"
pop3 string	Enable/Disable logging for POP3 Choices: "Enable" "Disable"
pops string	Enable/Disable logging for POPS Choices: "Enable" "Disable"
smtps string	Enable/Disable logging for SMTPS Choices: "Enable" "Disable"
anti_virus dictionary	IPS log settings
ftp string	Enable/Disable logging for FTP Choices: "Enable" "Disable"
http string	Enable/Disable logging for HTTP Choices: "Enable" "Disable"
https string	Enable/Disable logging for HTTPS Choices: "Enable" "Disable"
imap string	Enable/Disable logging for IMAP Choices: "Enable" "Disable"
imaps string	Enable/Disable logging for IMAPS Choices: "Enable" "Disable"
pop3 string	Enable/Disable logging for POP3 Choices: "Enable" "Disable"
pops string	Enable/Disable logging for POPS Choices: "Enable" "Disable"
smtp string	Enable/Disable logging for SMTP Choices: "Enable" "Disable"
smtps string	Enable/Disable logging for SMTPS Choices: "Enable" "Disable"
atp dictionary	Web server protection log settings
atp_events string	Enable/Disable logging for ATP events Choices: "Enable" "Disable"
content_filtering dictionary	Content filtering log settings
application_filter string	Enable/Disable logging for Application filter Choices: "Enable" "Disable"
ssl_tls string	Enable/Disable logging for SSL/TLS Choices: "Enable" "Disable"
web_content_policy string	Enable/Disable logging for Web content policy Choices: "Enable" "Disable"
web_filter string	Enable/Disable logging for web filter Choices: "Enable" "Disable"
events dictionary	Events log settings
admin string	Enable/Disable logging for admin events Choices: "Enable" "Disable"
authentication string	Enable/Disable logging for authentication events Choices: "Enable" "Disable"
system string	Enable/Disable logging for system events Choices: "Enable" "Disable"
heartbeat dictionary	Heartbeat log settings
endpoint_status string	Enable/Disable logging endpoint status events Choices: "Enable" "Disable"
ips dictionary	IPS log settings
anomaly string	Enable/Disable logging for anomaly detection Choices: "Enable" "Disable"
signatures string	Enable/Disable logging for IPS signatures Choices: "Enable" "Disable"
sdwan dictionary	SDWAN log settings
profile string	Enable/Disable logging profile events Choices: "Enable" "Disable"
route string	Enable/Disable logging route events Choices: "Enable" "Disable"
sla string	Enable/Disable logging SLA events Choices: "Enable" "Disable"
security_policy dictionary	Security policy log settings
bridge_acls string	Enable/Disable logging for bridge ACLs Choices: "Enable" "Disable"
dos_attack string	Enable/Disable logging for DoS Attack Choices: "Enable" "Disable"
dropped_fragment string	Enable/Disable logging for dropped fragmented traffic Choices: "Enable" "Disable"
dropped_icmpredirect string	Enable/Disable logging for dropped ICMP redirect Choices: "Enable" "Disable"
dropped_sourceroute string	Enable/Disable logging for dropped Source Routed packet Choices: "Enable" "Disable"
heartbeat string	Enable/Disable logging for heartbeat Choices: "Enable" "Disable"
icmp_errormessage string	Enable/Disable logging for ICMP error message Choices: "Enable" "Disable"
invalid_traffic string	Enable/Disable logging for invalid traffic Choices: "Enable" "Disable"
ipmacpair_filtering string	Enable/Disable logging for IP-MAC pair filtering Choices: "Enable" "Disable"
ipspoof_prevention string	Enable/Disable logging for IP spoof prevention Choices: "Enable" "Disable"
local_acls string	Enable/Disable logging for local ACLs Choices: "Enable" "Disable"
mac_filtering string	Enable/Disable logging for MAC filtering Choices: "Enable" "Disable"
policy_rules string	Enable/Disable logging for policy rules Choices: "Enable" "Disable"
protected_application_server string	Enable/Disable logging for Protected application server Choices: "Enable" "Disable"
ssl_vpntunnel string	Enable/Disable logging for SSL VPN Tunnel Choices: "Enable" "Disable"
system_health dictionary	System health log settings
usage string	Enable/Disable logging usage events Choices: "Enable" "Disable"
web_server_protection dictionary	Web server protection log settings
waf_events string	Enable/Disable logging for WAF events Choices: "Enable" "Disable"
wireless dictionary	Wireless log settings
access_points_ssid string	Enable/Disable logging Access Point SSID events Choices: "Enable" "Disable"
zeroday_protection dictionary	Zero day protection log settings
zeroday_protection_events string	Enable/Disable logging zeroday protection events Choices: "Enable" "Disable"
name string / required	Name of syslog server configuration
secure_connection string	Enable or Disable secure connection Default: "Disable"
severity string	Logging severity Choices: "Emergency" "Alert" "Critical" "Error" "Warning" "Notification" "Information" "Debug"
state string / required	Use query to retrieve or updated to modify Choices: "updated" "query"
udp_port integer	UDP port of syslog server. Default=514. Default: 514

Examples

- name: Create syslog server, all logging enabled
  sophos.sophos_firewall.sfos_syslog:
    name: TestSyslog
    address: 10.10.1.100
    udp_port: 514
    secure_connection: Disable
    facility: DAEMON
    severity: Emergency
    format: Device standard
    default_logging: Enable
    state: present

- name: Create syslog server, disable selected logs
  sophos.sophos_firewall.sfos_syslog:
    name: TestSyslog
    address: 10.10.1.100
    udp_port: 514
    secure_connection: Disable
    facility: DAEMON
    severity: Emergency
    format: Device standard
    default_logging: Enable
    log_settings:
      security_policy:
        invalid_traffic: Disable
        icmp_errormessage: Disable
      content_filtering:
        ssl_tls: Disable
    state: present


- name: Query syslog server
  sophos.sophos_firewall.sfos_syslog:
    name: TestSyslog
    state: query

- name: Remove syslog server
  sophos.sophos_firewall.sfos_syslog:
    name: TestSyslog
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
api_response dictionary	Serialized object containing the API response. Returned: always

Authors

• Matt Mullen (@mamullen13316)

Collection links

• Issue Tracker
• Repository (Sources)

Warning

If the firewall is a member of a group in Central, the changes made by Ansible will override the settings of the group. The actual configuration on the firewall may then differ from what is displayed for the same setting in the Central group.