Below is the full contents of an example playbook for editing log forwarding options, it will iterate over all policies for a given inventory_hostname and set the log forwarding policy to be "log_forwarding_foo".
##
# ansible-playbook log_forwarding_foo.yaml
#
---
- hosts: all
connection: local
gather_facts: false
##
# Prompt for username and pass so it doesnt need to be stored in plaintext
#
vars_prompt:
- name: username
prompt: "username"
private: no
- name: password
prompt: "password"
##
# Build provider dictionary to pass to module call
#
vars:
provider:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
tasks:
##
# the xpath will vary on your environment and fw usage
# go to https://<firewall_hostname>.<domain>.<tld>/api to find yours
#
- name: get a list of all security policies
paloaltonetworks.panos.panos_type_cmd:
provider: '{{ provider }}'
cmd: get
xpath: |
/config/devices/entry[@name='localhost.localdomain']
/vsys/entry[@name='vsys1']
/rulebase/security/rules
register: result
##
# this task was used to verify the loop was giving the data needed
#
- name: debug the list to be used for input
debug:
msg: "{{ item['@name'] }}"
loop: "{{ ( result.stdout | from_json ).rules.entry }}"
##
# substitute log_forwarding_foo with the log forwading policy desired
#
- name: set log forwarding policy for all rules
paloaltonetworks.panos.panos_type_cmd:
provider: '{{ provider }}'
cmd: set
xpath: |
/config/devices/entry[@name='localhost.localdomain']
/vsys/entry[@name='vsys1']
/rulebase/security/rules/entry[@name="{{ item['@name'] }}"]
element: |
<log-forwarding>log_forwarding_foo</log-forwarding>
register: resultconf
loop: "{{ ( result.stdout | from_json ).rules.entry }}"
If you followed the guide and have the playbook saved above as log_forwarding_foo.yaml run the following to edit log forwarding for your all hosts in ~/ansible-lab/hosts.ini