How to retrieve hardware firewall logs via API

Question

I'm wondering if there is a way to retrieve the Fortigate firewall logs, as also found in https://control.softlayer.com/devices/details//vlanFirewall as "reports", or any additional logs.

I can retrieve the updateRequests, so I can get a history of changes to the firewall ruleset linked to the user that performed that action.

Regards, Ilias

Answer 1

Please follow these steps:

1. Find the Vlan_Id that the firewall is associated:

   https://[username]:[apikey]@api.softlayer.com/rest/v3/SoftLayer_Network_Vlan_Firewall/[Vlan_Firewall_Id]/getNetworkVlans
   
   Method: GET
   

The response should be something like this:

[
  {
    "accountId": 207800,
    "id": 204000,
    "modifyDate": "2012-06-18T14:11:22-05:00",
    "primarySubnetId": 420900,
    "vlanNumber": 1600
  }
]

Where: ‘"id": 204000’ is what we need

References:

SoftLayer_Network_Vlan_Firewall::getNetworkVlan

SoftLayer_Network_Vlan_Firewall::getNetworkVlans

2. To get the Ip address list associated to the above Vlan_Id, execute:

   https://[username]:[apikey]@api.softlayer.com/rest/v3/SoftLayer_Network_Vlan/204000/getFirewallProtectableIpAddresses?objectMask=mask[ id,ipAddress]
   
   Method: GET
   

References: SoftLayer_Network_Vlan::getFirewallProtectableIpAddresses

3. Finally, as Control Portal, select the IP Address(in my case Ip_Address_Id = 54846700) to get Firewall Report. We will execute the following:

   https://[username]:[apikey]@api.softlayer.com/rest/v3/SoftLayer_Network_Subnet_IpAddress/54846700/getSyslogEventsOneDay
   
   Method: GET
   

References:

SoftLayer_Network_Subnet_IpAddress::getSyslogEventsOneDay

SoftLayer_Network_Subnet_IpAddress::getSyslogEventsSevenDays

I hope this information help you.