syslog.psm1
|
#Helper function Resolve-SafeguardSyslogServerId { [CmdletBinding()] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(Mandatory=$true, Position=0)] [object]$ToResolve ) $local:RelPath = "SyslogServers" $local:ResourceType = "syslog server" $local:ErrMsgSuffix = "in $($local:ResourceType)" $local:Resources = $null if ($ToResolve.Id -as [int]) { $ToResolve = $ToResolve.Id } if (-not ($ToResolve -as [int])) { try { $local:Resources = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "$($local:RelPath)" ` -Parameters @{ filter = "Name ieq '$ToResolve'"; fields = "Id" }) if (-not $local:Resources) { $local:Resources = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "$($local:RelPath)" ` -Parameters @{ filter = "NetworkAddress ieq '$ToResolve'"; fields = "Id" }) } } catch { Write-Verbose $_ Write-Verbose "Caught exception with ieq filter, trying with q parameter" $local:Resources = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "$($local:RelPath)" ` -Parameters @{ q = $ToResolve; fields = "Id" }) } if (-not $local:Resources) { throw "Unable to find $($local:ResourceType) matching '$ToResolve' $($local:ErrMsgSuffix)" } if ($local:Resources.Count -ne 1) { throw "Found $($local:Resources.Count) $($local:ResourceType) matching '$ToResolve' $($local:ErrMsgSuffix)" } $local:Resources[0].Id } else { # Make sure it actually exists $local:Resources = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "$($local:RelPath)" ` -Parameters @{ filter = "Id eq $ToResolve"; fields = "Id" }) if (-not $local:Resources) { throw "Unable to find $($local:ResourceType) matching '$ToResolve' $($local:ErrMsgSuffix)" } $ToResolve } } <# .SYNOPSIS Returns a list of configured syslog servers .DESCRIPTION Returns a list of configured syslog servers .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Get-SafeguardSyslogServer -AccessToken $token -Appliance 10.5.32.54 -Insecure .EXAMPLE Get-SafeguardSyslogServer #> function Get-SafeguardSyslogServer { [CmdletBinding()] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(Mandatory=$false, Position=0)] [string]$ServerToGet, [Parameter(Mandatory=$false)] [string[]]$Fields ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } $local:RelPath = "SyslogServers" $local:Parameters = $null if ($Fields) { $local:Parameters = @{ fields = ($Fields -join ",")} } if($PSBoundParameters.ContainsKey("ServerToGet")) { $local:id = Resolve-SafeguardSyslogServerId $ServerToGet -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "$($local:RelPath)/$($local:id)" -Parameters $local:Parameters } else { Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "$($local:RelPath)" -Parameters $local:Parameters } } <# .SYNOPSIS Configure a new syslog server .DESCRIPTION Configure Safeguard with a new syslog server. Syslog servers defined here are only a reference. Nothing will be sent to the syslog server until you configure debug logging or event subscribers to use the server. You may configure more than one server for different uses. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER NetworkAddress The network address of the syslog server. .PARAMETER Name A display name for the syslog server. If omitted, it will default to the network address. .PARAMETER Port The syslog server port. Defaults to 514. .PARAMETER Protocol The syslog protocol and format to use. The options are 'LegacyUdp', 'Udp' and 'Tcp'. The 'Udp' and 'Tcp' options use RFC 5424. 'LegacyUdp' uses RFC 3164. .PARAMETER UseTls Whether to use TLS when sending messages to the syslog server. This requires that the server is configured to accept TLS connections. This option is only supported for 'Tcp' protocol. .PARAMETER UseClientCertificate Whether to use client certificate authentication when sending messages to the syslog server. This requires that the syslog server is configured to accept client certificate authentication. Implies UseTls. This option is only supported for 'Tcp' protocol. .PARAMETER VerifyServerCertificate Whether to validate the TLS certificate presented by the syslog server. Safeguard must be configured to trust the issuer of the syslog server TLS certificate. Implies UseTls. This option is only supported for 'Tcp' protocol. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE New-SafeguardSyslogServer -AccessToken $token -Appliance 10.5.32.54 -Insecure "syslog.example.com" .EXAMPLE New-SafeguardSyslogServer -NetworkAddress "syslog.example.com" -Name "My Syslog Server" -Port 6514 -Protocol "Tcp" -UseTls $true -UseClientCertificate $true -VerifyServerCertificate $true #> function New-SafeguardSyslogServer { [CmdletBinding()] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(Mandatory=$true, Position=0)] [string]$NetworkAddress, [Parameter(Mandatory=$false)] [string]$Name = $null, [Parameter(Mandatory=$false)] [int]$Port = 514, [Parameter(Mandatory=$false)] [string]$Protocol = "LegacyUdp", [Parameter(Mandatory=$false)] [bool]$UseTls = $false, [Parameter(Mandatory=$false)] [bool]$UseClientCertificate = $false, [Parameter(Mandatory=$false)] [bool]$VerifyServerCertificate = $false ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } if([string]::IsNullOrEmpty($Name)) { $Name = $NetworkAddress } if($UseClientCertificate -or $VerifyServerCertificate) { $UseTls = $true } $syslogServer = @{ Name = $Name; NetworkAddress = $NetworkAddress; Port = $Port; Protocol = $Protocol; UseSslEncryption = $UseTls; UseClientCertificate = $UseClientCertificate; VerifySslCertificate = $VerifyServerCertificate; } Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core POST "SyslogServers" -Body $syslogServer } <# .SYNOPSIS Removes a syslog server configuration from Safeguard. .DESCRIPTION Removes a syslog server configuration from Safeguard. If there are other resources that depend on this syslog server you will receive an API error when trying to remove the syslog server unless you specify the -Force parameter. If -Force is specified any resources that depend on this syslog server such as debug logging or event subscribers will also be removed. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER ServerToRemove The syslog server object to remove. Can also be specified as the syslog server ID, Name or NetworkAddress. .PARAMETER Force If specified, also remove any resources that depend on this syslog server. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE Remove-SafeguardSyslogServer -AccessToken $token -Appliance 10.5.32.54 -Insecure "My Syslog Server" .EXAMPLE Remove-SafeguardSyslogServer 5 -Force #> function Remove-SafeguardSyslogServer { [CmdletBinding()] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(Mandatory=$true, Position=0)] [object]$ServerToRemove, [Parameter(Mandatory=$false)] [switch]$Force ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } if($Force) { $local:ExtraHeaders = @{ "x-force-delete" = "true"; } } $local:id = Resolve-SafeguardSyslogServerId -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure $ServerToRemove Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core DELETE "SyslogServers/$($local:id)" -ExtraHeaders $local:ExtraHeaders } <# .SYNOPSIS Edits an existing syslog server configuration .DESCRIPTION Edits an existing syslog server configuration. To get the current configuration use Get-SafeguardSyslogServer. Modify the properties of the syslog server configuration and pass the object as the -SyslogServer parameter. .PARAMETER Appliance IP address or hostname of a Safeguard appliance. .PARAMETER AccessToken A string containing the bearer token to be used with Safeguard Web API. .PARAMETER Insecure Ignore verification of Safeguard appliance SSL certificate. .PARAMETER SyslogServer The syslog server object to update. .INPUTS None. .OUTPUTS JSON response from Safeguard Web API. .EXAMPLE $server = Get-SafeguardSyslogServer PS C:\>$server.NetworkAddress = "new-server.example.com" PS C:\>Edit-SafeguardSyslogServer -SyslogServer $server .EXAMPLE Edit-SafeguardSyslogServer -AccessToken $token -Appliance 10.5.32.54 -Insecure $server #> function Edit-SafeguardSyslogServer { [CmdletBinding()] Param( [Parameter(Mandatory=$false)] [string]$Appliance, [Parameter(Mandatory=$false)] [object]$AccessToken, [Parameter(Mandatory=$false)] [switch]$Insecure, [Parameter(Mandatory=$true, Position=0)] [object]$SyslogServer ) if (-not $PSBoundParameters.ContainsKey("ErrorAction")) { $ErrorActionPreference = "Stop" } if (-not $PSBoundParameters.ContainsKey("Verbose")) { $VerbosePreference = $PSCmdlet.GetVariableValue("VerbosePreference") } $local:id = Resolve-SafeguardSyslogServerId -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure $SyslogServer Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core PUT "SyslogServers/$($local:id)" -Body $SyslogServer } |