Fix: Update log settings in sfos_syslog not working properly

CHANGELOG.md

@@ -2,11 +2,13 @@
 
 **Topics**
 
+- <a href="#v1-4-3">v1\.4\.3</a>
+    - <a href="#bugfixes">Bugfixes</a>
 - <a href="#v1-4-2">v1\.4\.2</a>
     - <a href="#release-summary">Release Summary</a>
-    - <a href="#bugfixes">Bugfixes</a>
-- <a href="#v1-4-1">v1\.4\.1</a>
     - <a href="#bugfixes-1">Bugfixes</a>
+- <a href="#v1-4-1">v1\.4\.1</a>
+    - <a href="#bugfixes-2">Bugfixes</a>
 - <a href="#v1-4-0">v1\.4\.0</a>
     - <a href="#release-summary-1">Release Summary</a>
     - <a href="#new-modules">New Modules</a>
@@ -15,7 +17,7 @@
     - <a href="#new-modules-1">New Modules</a>
 - <a href="#v1-2-1">v1\.2\.1</a>
     - <a href="#release-summary-3">Release Summary</a>
-    - <a href="#bugfixes-2">Bugfixes</a>
+    - <a href="#bugfixes-3">Bugfixes</a>
 - <a href="#v1-2-0">v1\.2\.0</a>
     - <a href="#release-summary-4">Release Summary</a>
     - <a href="#new-modules-2">New Modules</a>
@@ -26,6 +28,14 @@
     - <a href="#release-summary-6">Release Summary</a>
     - <a href="#new-modules-4">New Modules</a>
 
+<a id="v1-4-3"></a>
+## v1\.4\.3
+
+<a id="bugfixes"></a>
+### Bugfixes
+
+* Fixed an issue where the sfos\_syslog module would fail to update log settings
+
 <a id="v1-4-2"></a>
 ## v1\.4\.2
 
@@ -34,15 +44,15 @@
 
 Bugfix
 
-<a id="bugfixes"></a>
+<a id="bugfixes-1"></a>
 ### Bugfixes
 
 * Fixed issue with service\_acl\_exception crashing when no destination hosts are defined
 
 <a id="v1-4-1"></a>
 ## v1\.4\.1
 
-<a id="bugfixes-1"></a>
+<a id="bugfixes-2"></a>
 ### Bugfixes
 
 * Correct test files
@@ -86,7 +96,7 @@ This release adds modules for working with authentication servers
 
 Minor bug fixes
 
-<a id="bugfixes-2"></a>
+<a id="bugfixes-3"></a>
 ### Bugfixes
 
 * Allow use of \'any\' keyword for src/dst networks and services for sfos\_firewall\_rule module

changelogs/changelog.yaml

@@ -154,3 +154,10 @@ releases:
     fragments:
     - 1.4.2.yaml
     release_date: '2025-01-29'
+  1.4.3:
+    changes:
+      bugfixes:
+      - Fixed an issue where the sfos_syslog module would fail to update log settings
+    fragments:
+    - 1.4.3.yaml
+    release_date: '2025-02-18'

galaxy.yml

@@ -8,7 +8,7 @@ namespace: sophos
 name: sophos_firewall
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.4.2
+version: 1.4.3
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md

plugins/modules/sfos_syslog.py

@@ -723,7 +723,12 @@ def update_syslog(fw_obj, exist_settings, module, result):
     Returns:
         dict: API response
     """
-    exist_settings = exist_settings["api_response"]["Response"]["SyslogServers"][0]
+    if isinstance(exist_settings["api_response"]["Response"]["SyslogServers"], dict):
+        exist_settings = exist_settings["api_response"]["Response"]["SyslogServers"]
+    if isinstance(exist_settings["api_response"]["Response"]["SyslogServers"], list):
+        for syslog_server in exist_settings["api_response"]["Response"]["SyslogServers"]:
+            if syslog_server["Name"] == module.params.get("name"):
+                exist_settings = syslog_server
 
     syslog_format = "3" if module.params.get("format") == "Standard syslog" else "DeviceStandardFormat"
     log_settings = get_with_default(module.params, "log_settings", {})
@@ -828,7 +833,13 @@ def eval_changed(module, exist_settings):
     Returns:
         bool: Return true if any settings are different, otherwise return false
     """
-    exist_settings = exist_settings["api_response"]["Response"]["SyslogServers"][0]
+
+    if isinstance(exist_settings["api_response"]["Response"]["SyslogServers"], dict):
+        exist_settings = exist_settings["api_response"]["Response"]["SyslogServers"]
+    if isinstance(exist_settings["api_response"]["Response"]["SyslogServers"], list):
+        for syslog_server in exist_settings["api_response"]["Response"]["SyslogServers"]:
+            if syslog_server["Name"] == module.params.get("name"):
+                exist_settings = syslog_server
 
     if module.params.get("address") and not module.params.get("address") == exist_settings["ServerAddress"]:
         return True
@@ -850,9 +861,11 @@ def eval_changed(module, exist_settings):
         expected_format = "3" if fmt == "Standard syslog" else "DeviceStandardFormat"
         if not expected_format == exist_settings["Format"]:
             return True
-
-    if module.params.get("security_policy"):
-        security_policy = module.params.get("security_policy")
+
+    log_settings = module.params.get("log_settings", {})
+
+    if log_settings.get("security_policy"):
+        security_policy = log_settings.get("security_policy", {})
         policy_rules = security_policy.get("policy_rules")
         invalid_traffic = security_policy.get("invalid_traffic")
         local_acls = security_policy.get("local_acls")
@@ -887,17 +900,17 @@ def eval_changed(module, exist_settings):
             ):
             return True
 
-    if module.params.get("ips"):
-        ips = module.params.get("ips")
+    if log_settings.get("ips"):
+        ips = log_settings.get("ips")
         anomaly = ips.get("anomaly")
         signatures = ips.get("signatures")
         if (anomaly and not anomaly == exist_settings["LogSettings"]["IPS"]["Anomaly"] or
             signatures and not signatures == exist_settings["LogSettings"]["IPS"]["Signatures"]
         ):
             return True
 
-    if module.params.get("anti_virus"):
-        anti_virus = module.params.get("anti_virus")
+    if log_settings.get("anti_virus"):
+        anti_virus = log_settings.get("anti_virus")
         http = anti_virus.get("http")
         ftp = anti_virus.get("ftp")
         smtp = anti_virus.get("smtp")
@@ -919,8 +932,8 @@ def eval_changed(module, exist_settings):
         ):
             return True
 
-    if module.params.get("anti_spam"):
-        anti_spam = module.params.get("anti_spam")
+    if log_settings.get("anti_spam"):
+        anti_spam = log_settings.get("anti_spam")
         pop3 = anti_spam.get("pop3")
         imap = anti_spam.get("imap")
         smtps = anti_spam.get("smtps")
@@ -935,8 +948,8 @@ def eval_changed(module, exist_settings):
             return True
 
 
-    if module.params.get("content_filtering"):
-        content_filtering = module.params.get("content_filtering")
+    if log_settings.get("content_filtering"):
+        content_filtering = log_settings.get("content_filtering")
         web_filter = content_filtering.get("web_filter")
         application_filter = content_filtering.get("application_filter")
         web_content_policy = content_filtering.get("web_content_policy")
@@ -948,8 +961,8 @@ def eval_changed(module, exist_settings):
         ):
             return True
 
-    if module.params.get("events"):
-        events = module.params.get("events")
+    if log_settings.get("events"):
+        events = log_settings.get("events")
         admin = events.get("admin")
         authentication = events.get("authentication")
         system = events.get("system")
@@ -959,44 +972,44 @@ def eval_changed(module, exist_settings):
         ):
             return True
 
-    if module.params.get("web_server_protection"):
-        web_server_protection = module.params.get("web_server_protection")
+    if log_settings.get("web_server_protection"):
+        web_server_protection = log_settings.get("web_server_protection")
         waf_events = web_server_protection.get("waf_events")
         if waf_events and not waf_events == exist_settings["LogSettings"]["WebServerProtection"]["WAFEvents"]:
             return True
 
-    if module.params.get("atp"):
-        atp = module.params.get("atp")
+    if log_settings.get("atp"):
+        atp = log_settings.get("atp")
         atp_events = atp.get("atp_events")
         if atp_events and not atp_events == exist_settings["LogSettings"]["ATP"]["ATPEvents"]:
             return True
 
-    if module.params.get("wireless"):
-        wireless = module.params.get("wireless")
+    if log_settings.get("wireless"):
+        wireless = log_settings.get("wireless")
         access_points_ssid = wireless.get("access_points_ssid")
         if access_points_ssid and not access_points_ssid == exist_settings["LogSettings"]["Wireless"]["AccessPoints_SSID"]:
             return True
 
-    if module.params.get("heartbeat"):
-        heartbeat = module.params.get("heartbeat")
+    if log_settings.get("heartbeat"):
+        heartbeat = log_settings.get("heartbeat")
         endpoint_status = heartbeat.get("endpoint_status")
         if endpoint_status and not endpoint_status == exist_settings["LogSettings"]["Heartbeat"]["EndpointStatus"]:
             return True
 
-    if module.params.get("system_health"):
-        system_health = module.params.get("system_health")
+    if log_settings.get("system_health"):
+        system_health = log_settings.get("system_health")
         usage = system_health.get("usage")
         if usage and not usage == exist_settings["LogSettings"]["SystemHealth"]["Usage"]:
             return True
 
-    if module.params.get("zeroday_protection"):
-        zeroday_protection = module.params.get("zeroday_protection")
+    if log_settings.get("zeroday_protection"):
+        zeroday_protection = log_settings.get("zeroday_protection")
         zeroday_protection_events = zeroday_protection.get("zeroday_protection_events")
         if zeroday_protection_events and not zeroday_protection_events == exist_settings["LogSettings"]["ZeroDayProtection"]["ZeroDayProtectionEvents"]:
             return True
 
-    if module.params.get("sdwan"):
-        sdwan = module.params.get("sdwan")
+    if log_settings.get("sdwan"):
+        sdwan = log_settings.get("sdwan")
         profile = sdwan.get("profile")
         sla = sdwan.get("sla")
         route = sdwan.get("route")

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "sophosfirewall-ansible"
-version = "1.4.2"
+version = "1.4.3"
 description = "Ansible modules for Sophos Firewall"
 authors = ["Matt Mullen <[email protected]>"]
 license = "GNU GENERAL PUBLIC LICENSE"

tests/manual/sfos_syslog.yml

@@ -19,10 +19,10 @@
         severity: Emergency
         format: Device standard
         default_logging: Enable
-        state: updated
+        state: present
       delegate_to: localhost
 
-    - name: Create syslog server, disable selected logs
+    - name: Update syslog server with some logging disable
       sophos.sophos_firewall.sfos_syslog:
         username: "{{ username }}"
         password: "{{ password }}"
@@ -39,9 +39,64 @@
         default_logging: Enable
         log_settings:
           security_policy:
-            invalid_traffic: Disable
-            icmp_errormessage: Disable
+            bridge_acls: Enable
+            dos_attack: Enable
+            dropped_fragment: Enable
+            dropped_icmpredirect: Enable
+            dropped_sourceroute: Enable
+            heartbeat: Enable
+            icmp_errormessage: Enable
+            invalid_traffic: Enable
+            ipmacpair_filtering: Enable
+            ipspoof_prevention: Enable
+            local_acls: Enable
+            mac_filtering: Enable
+            policy_rules: Enable
+            protected_application_server: Enable
+            ssl_vpntunnel: Enable
+          system_health:
+            usage: Enable
+          web_server_protection:
+            waf_events: Enable
+          wireless:
+            access_points_ssid: Enable
+          zeroday_protection:
+            zeroday_protection_events: Enable
           content_filtering:
-            ssl_tls: Disable
-        state: present
+            application_filter: Enable
+            ssl_tls: Enable
+            web_content_policy: Enable
+            web_filter: Enable
+          atp:
+            atp_events: Enable
+          anti_spam:
+            imap: Enable
+            imaps: Enable
+            pop3: Enable
+            pops: Enable
+            smtps: Enable
+          anti_virus:
+            ftp: Enable
+            http: Enable
+            https: Enable
+            imap: Enable
+            imaps: Enable
+            pop3: Enable
+            pops: Enable
+            smtp: Enable
+            smtps: Enable
+          events:
+            admin: Enable
+            authentication: Enable
+            system: Enable
+          heartbeat:
+            endpoint_status: Enable
+          ips:
+            anomaly: Enable
+            signatures: Enable
+          sdwan:
+            profile: Enable
+            route: Enable
+            sla: Enable
+        state: updated
       delegate_to: localhost