frankshen01
commented
3 years ago @freakinhippie , Thanks for reporting this! There are no errors in your code and steps. I have tested it on FortiOS 6.2.4/6.4.0/6.4.4/7.0.0 and it should be a bug of FortiAPI. We will contact the related team to find a solution, this may be a relatively long process. Can you please use the following workaround to complete your case:
provider "fortios" {
hostname = "192.168.52.177"
insecure = "true"
token = "GNH7r40H65GNb46kd4rG8rtrmn0fr1"
}
resource "fortios_logsyslogd_setting" "test" {
status = "enable"
server = "syslog.example.com"
mode = "reliable"
format = "cef"
enc_algorithm = "high"
ssl_min_proto_version = "TLSv1-2"
syslog_type = 1
}
resource "fortios_system_autoscript" "trname1" {
interval = 1
name = join("_", ["syslogd", "test"])
output_size = 10
repeat = 1
script = <<EOF
config log syslogd setting
set port 432
end
EOF
start = "auto"
depends_on = [
fortios_logsyslogd_setting.test
]
}
# terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# fortios_logsyslogd_setting.test will be created
+ resource "fortios_logsyslogd_setting" "test" {
+ certificate = (known after apply)
+ dynamic_sort_subtable = "false"
+ enc_algorithm = "high"
+ facility = (known after apply)
+ format = "cef"
+ id = (known after apply)
+ interface = (known after apply)
+ interface_select_method = (known after apply)
+ max_log_rate = (known after apply)
+ mode = "reliable"
+ port = (known after apply)
+ priority = (known after apply)
+ server = "syslog.example.com"
+ source_ip = (known after apply)
+ ssl_min_proto_version = "TLSv1-2"
+ status = "enable"
+ syslog_type = 1
}
# fortios_system_autoscript.trname1 will be created
+ resource "fortios_system_autoscript" "trname1" {
+ id = (known after apply)
+ interval = 1
+ name = "syslogd_test"
+ output_size = 10
+ repeat = 1
+ script = <<~EOT
config log syslogd setting
set port 432
end
EOT
+ start = "auto"
+ timeout = (known after apply)
}
Plan: 2 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
fortios_logsyslogd_setting.test: Creating...
fortios_logsyslogd_setting.test: Creation complete after 0s [id=LogSyslogdSetting]
fortios_system_autoscript.trname1: Creating...
fortios_system_autoscript.trname1: Creation complete after 0s [id=syslogd_test]
# terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
fortios_logsyslogd_setting.test: Refreshing state... [id=LogSyslogdSetting]
fortios_system_autoscript.trname1: Refreshing state... [id=syslogd_test]
------------------------------------------------------------------------
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.
root@sv:/work/zamba/03b-fos-gen-coverall/03Terraform/bin#
Validation:
labfirewall # config log syslogd setting
labfirewall (setting) # show
path=log.syslogd, objname=setting, tablename=(null), size=312
config log syslogd setting
set status enable
set server "syslog.example.com"
set mode reliable
set port 432
set format cef
set enc-algorithm high
set ssl-min-proto-version TLSv1-2
end
Thank you!
freakinhippie
pacrutchet
MaxxLiu22
When attempting to configure log forwarding to a remote syslog server I'm unable to set the port.
The plan shows the intended change, but the result does not match.
On the system, the configured port does not match the plan.
Initially I thought that the problem might be related to attempting to use the standard syslog port with encryption enabled. However, using any random port seems to have the same results.
Any ideas what I might be doing wrong?