This repository has been archived by the owner on Oct 28, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 89
/
EnableFirewallRuleLogging.ps1
55 lines (41 loc) · 2.31 KB
/
EnableFirewallRuleLogging.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#PowerNSX example script
#Nick Bradford
<#
Copyright © 2015 VMware, Inc. All Rights Reserved.
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License version 2, as published by the Free Software Foundation.
This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTIBILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more details.
You should have received a copy of the General Public License version 2 along with this program.
If not, see https://www.gnu.org/licenses/gpl-2.0.html.
The full text of the General Public License 2.0 is provided in the COPYING file.
Some files may be comprised of various open source software components, each of which
has its own license that is located in the source code of the respective component.
#>
<#
This is a SAMPLE script that enables logging on all firewall rules in the NSX DFW.
It is intended to be an example of how to perform a certain action and may not be suitable
for all purposes. Please read an understand its action and modify as appropriate, or ensure
its suitability for a given situation before blindly running it.
Testing is limited to a lab environment. Please test accordingly.
#>
#Requires -Version 3.0
#Requires -Module PowerNSX
If ( -not $DefaultNsxConnection ) {
throw "Please connect to to NSX first"
}
foreach ( $section in (Get-NsxFirewallSection | ? { $_.name -notmatch 'Default Section Layer3' })) {
$req = Invoke-NsxWebRequest -URI "/api/4.0/firewall/globalroot-0/config/layer3sections/$($section.id)" -method get
$content = [xml]$req.Content
foreach ($rule in $content.section.rule) { $rule.logged = "true" }
$AdditionalHeaders = @{"If-Match"=$req.Headers.ETag}
$response = Invoke-NsxWebRequest -URI "/api/4.0/firewall/globalroot-0/config/layer3sections/$($section.id)" -method put -extraheader $AdditionalHeaders -body $content.section.outerxml
if ( -not $response.StatusCode -eq 200 ) {
throw "Failed putting section $($section.name) ($($section.id)). $($response.StatusCode) : $($response.StatusDescription)"
}
else {
write-host "Enabled logging on all rules in Section $($section.name) ($($section.id))"
}
}