Unable to create a new log source in QRadar version 7.5 using ibm.qradar collection for Snort and CheckPoint NGFW. Fails with list index out of range error.
---
- name: Configure Check Point to send logs to QRadar
hosts: checkpoint
tasks:
- include_role:
name: ansible_security.log_manager
tasks_from: forward_logs_to_syslog
vars:
syslog_server: "{{ hostvars['qradar']['private_ip'] }}"
checkpoint_server_name: "xxx"
firewall_provider: checkpoint
- name: Add Check Point log source to QRadar
hosts: qradar
collections:
- ibm.qradar
tasks:
- name: Add Check Point remote logging to QRadar
qradar_log_source_management:
name: "Check Point source - {{ hostvars['checkpoint']['private_ip'] }}"
type_name: "Check Point FireWall-1"
state: present
description: "Check Point log source"
identifier: "{{ hostvars['checkpoint']['private_ip'] }}"
- name: deploy the new log sources
qradar_deploy:
type: INCREMENTAL
failed_when: false
EXPECTED RESULTS
A new CheckPoint NGFW log source is created in IBM QRadar
ACTUAL RESULTS
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: IndexError: list index out of range
fatal: [qradar]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/opt/app-root/src/.ansible/tmp/ansible-local-6426ffl6rcqa/ansible-tmp-1663782051.3863535-6555-216441584574909/AnsiballZ_qradar_log_source_management.py\", line 102, in <module>\n _ansiballz_main()\n File \"/opt/app-root/src/.ansible/tmp/ansible-local-6426ffl6rcqa/ansible-tmp-1663782051.3863535-6555-216441584574909/AnsiballZ_qradar_log_source_management.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/opt/app-root/src/.ansible/tmp/ansible-local-6426ffl6rcqa/ansible-tmp-1663782051.3863535-6555-216441584574909/AnsiballZ_qradar_log_source_management.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible_collections.ibm.qradar.plugins.modules.qradar_log_source_management', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n mod_name, mod_spec, pkg_name, script_name)\n File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_qradar_log_source_management_payload_n7a3fhsn/ansible_qradar_log_source_management_payload.zip/ansible_collections/ibm/qradar/plugins/modules/qradar_log_source_management.py\", line 263, in <module>\n File \"/tmp/ansible_qradar_log_source_management_payload_n7a3fhsn/ansible_qradar_log_source_management_payload.zip/ansible_collections/ibm/qradar/plugins/modules/qradar_log_source_management.py\", line 239, in main\n File \"/tmp/ansible_qradar_log_source_management_payload_n7a3fhsn/ansible_qradar_log_source_management_payload.zip/ansible_collections/ibm/qradar/plugins/modules/qradar_log_source_management.py\", line 95, in set_log_source_values\nIndexError: list index out of range\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}
craig-br
commented
2 years ago
SUMMARY
ibm.qradarcollection for Snort and CheckPoint NGFW. Fails withlist index out of rangeerror.ISSUE TYPE
COMPONENT NAME
plugins/modules/qradar_log_source_management.pyANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
No output
OS / ENVIRONMENT
IBM QRadar Version 7.5
Inventory host config qradar ansible_connection=httpapi ansible_httpapi_use_ssl=yes ansible_httpapi_validate_certs=False ansible_network_os=ibm.qradar.qradar
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS