Skip to content

Instantly share code, notes, and snippets.

@mtellin

mtellin/Enable DFW Logging.ps1 Secret

Created Apr 17, 2017
Embed
What would you like to do?
#PowerNSX example script
#Nick Bradford
#nbradford@vmware.com
<#
Copyright © 2015 VMware, Inc. All Rights Reserved.
This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License version 2, as published by the Free Software Foundation.
This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTIBILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more details.
You should have received a copy of the General Public License version 2 along with this program.
If not, see https://www.gnu.org/licenses/gpl-2.0.html.
The full text of the General Public License 2.0 is provided in the COPYING file.
Some files may be comprised of various open source software components, each of which
has its own license that is located in the source code of the respective component.
#>
<#
This is a SAMPLE script that enables logging on all firewall rules in the NSX DFW.
It is intended to be an example of how to perform a certain action and may not be suitable
for all purposes. Please read an understand its action and modify as appropriate, or ensure
its suitability for a given situation before blindly running it.
Testing is limited to a lab environment. Please test accordingly.
#>
#Requires -Version 3.0
#Requires -Module PowerNSX
If ( -not $DefaultNsxConnection ) {
throw "Please connect to to NSX first"
}
foreach ( $section in (Get-NsxFirewallSection | ? { $_.name -notmatch 'Default Section Layer3' })) {
$req = Invoke-NsxWebRequest -URI "/api/4.0/firewall/globalroot-0/config/layer3sections/$($section.id)" -method get
$content = [xml]$req.Content
foreach ($rule in $content.section.rule) { $rule.logged = "true" }
$AdditionalHeaders = @{"If-Match"=$req.Headers.ETag}
$response = Invoke-NsxWebRequest -URI "/api/4.0/firewall/globalroot-0/config/layer3sections/$($section.id)" -method put -extraheader $AdditionalHeaders -body $content.section.outerxml
if ( -not $response.StatusCode -eq 200 ) {
throw "Failed putting section $($section.name) ($($section.id)). $($response.StatusCode) : $($response.StatusDescription)"
}
else {
write-host "Enabled logging on all rules in Section $($section.name) ($($section.id))"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.