| Parameter | Choices/Defaults | Comments | 
                
                                                            | log_format_delimiter 
                    string
                                                                 |  | Specifies the delimiter string when using a log_storage_formatoffield-list. When creating a new profile, if this parameter is not specified, the default value of ,(the comma character) will be used. This option is valid when the log_storage_formatis set tofield-list. It will be ignored otherwise. Depending on the delimiter used, it may be necessary to wrap the delimiter in quotes to prevent YAML errors from occurring. The special character $should not be used, and will raise an error if used, as it is reserved for internal use. The maximum length allowed for this parameter is 31characters. | 
                            
                                                            | log_ip_errors 
                    dictionary
                                                                 |  | Modify log settings for logging of IP error packets. | 
                                                        
                                                |  | enabled 
                    boolean
                                                                 |  | This option is used to enable or disable the logging of IP error packets. | 
                            
                                                |  | rate_limit 
                    integer
                                                                 |  | This option is used to set rate limits for the logging of IP error packets. This option is effective only if logging of this message type is enabled. | 
                                            
                                                            | log_matches_accept_rule 
                    dictionary
                                                                 |  | Modify log settings for ACL rules configured with an "accept" or "accept decisively" action. | 
                                                        
                                                |  | enabled 
                    boolean
                                                                 |  | This option is used to enable or disable the logging of packets that match ACL rules configured with an "accept" or "accept decisively" action. | 
                            
                                                |  | rate_limit 
                    integer
                                                                 |  | This option is used to set rate limits for the logging of packets that match ACL rules configured with an "accept" or "accept decisively" action. This option is effective only if logging of this message type is enabled. | 
                                            
                                                            | log_matches_drop_rule 
                    dictionary
                                                                 |  | Modify log settings for ACL rules configured with a drop action. | 
                                                        
                                                |  | enabled 
                    boolean
                                                                 |  | This option is used to enable or disable the logging of packets that match ACL rules configured with a drop action. | 
                            
                                                |  | rate_limit 
                    integer
                                                                 |  | This option is used to set rate limits for the logging of packets that match ACL rules configured with a drop action. This option is effective only if logging of this message type is enabled. | 
                                            
                                                            | log_matches_reject_rule 
                    dictionary
                                                                 |  | Modify log settings for ACL rules configured with a reject action. | 
                                                        
                                                |  | enabled 
                    boolean
                                                                 |  | This option is used to enable or disable the logging of packets that match ACL rules configured with a reject action. | 
                            
                                                |  | rate_limit 
                    integer
                                                                 |  | This option is used to set rate limits for the logging of packets that match ACL rules configured with a reject action. This option is effective only if logging of this message type is enabled. | 
                                            
                                                            | log_message_fields 
                    list
                                                                 | Choices:
                                                                                                                                                            acl_policy_nameacl_policy_typeacl_rule_nameactionbigip_hostnamecontext_namecontext_typedate_timedest_fqdndest_geodest_ipdest_portdrop_reasonmanagement_ip_addressprotocolroute_domainsa_translation_poolsa_translation_typesource_fqdnsource_usersrc_geosrc_ipsrc_porttranslated_dest_iptranslated_dest_porttranslated_ip_protocoltranslated_route_domaintranslated_src_iptranslated_src_porttranslated_vlanvlan | Specifies a set of fields to be logged. This option is valid when the log_storage_formatis set tofield-list. It will be ignored otherwise. The order of the list is important as the server displays the selected traffic items in the log sequentially according to it. | 
                            
                                                            | log_publisher 
                    string
                                                                 |  | Specifies the name of the log publisher used for Network events. To specify the log_publisher on a different partition from the AFM log profile, specify the name in fullpath format, e.g. /Foobar/log-publisher, otherwise the partition for log publisher is inferred frompartitionmodule parameter. | 
                            
                                                            | log_storage_format 
                    string
                                                                 |  | Specifies the type of the storage format. When creating a new log profile, if this parameter is not specified, the default is none. When field-list, specifies that the log displays only the items you specify in thelog_message_fieldslist withlog_format_delimiteras the delimiter between the items. When none, the messages will be logged in the default format, which is"management_ip_address", "bigip_hostname","context_type", "context_name","src_geo","src_ip", "dest_geo","dest_ip","src_port", "dest_port","vlan","protocol","route_domain", "translated_src_ip", "translated_dest_ip", "translated_src_port","translated_dest_port", "translated_vlan","translated_ip_protocol", "translated_route_domain", "acl_policy_type", "acl_policy_name","acl_rule_name","action", "drop_reason","sa_translation_type", "sa_translation_pool","flow_id", "source_user", "source_fqdn","dest_fqdn". | 
                            
                                                            | log_tcp_errors 
                    dictionary
                                                                 |  | Modify log settings for logging of TCP error packets. | 
                                                        
                                                |  | enabled 
                    boolean
                                                                 |  | This option is used to enable or disable the logging of TCP error packets. | 
                            
                                                |  | rate_limit 
                    integer
                                                                 |  | This option is used to set rate limits for the logging of TCP error packets. This option is effective only if logging of this message type is enabled. | 
                                            
                                                            | log_tcp_events 
                    dictionary
                                                                 |  | Modify log settings for logging of TCP events on the client side. | 
                                                        
                                                |  | enabled 
                    boolean
                                                                 |  | This option is used to enable or disable the logging of TCP events on the client side. Only 'Established' and 'Closed' states of a TCP session are logged if this option is enabled. | 
                            
                                                |  | rate_limit 
                    integer
                                                                 |  | This option is used to set rate limits for the logging of TCP events on the client side. This option is effective only if logging of this message type is enabled. | 
                                            
                                                            | log_translation_fields 
                    boolean
                                                                 |  | This option is used to enable or disable the logging of translated (i.e server side) fields in ACL match and TCP events. Translated fields include (but are not limited to) source address/port, destination address/port, IP protocol, route domain, and VLAN. | 
                            
                                                            | partition 
                    string
                                                                 | Default: 
 "Common" | Device partition to create log profile on. Parameter also used when specifying names for log publishers, unless log publisher names are in fullpath format. | 
                            
                                                            | profile_name 
                    string
                                             / required                     |  | Specifies the name of the AFM log profile to be updated. | 
                            
                                                            | provider 
                    dictionary
                                                                 added in 2.5 |  | A dict object containing connection details. | 
                                                        
                                                |  | auth_provider 
                    string
                                                                 |  | Configures the auth provider for to obtain authentication tokens from the remote device. This option is really used when working with BIG-IQ devices. | 
                            
                                                |  | password 
                    string
                                             / required                     |  | The password for the user account used to connect to the BIG-IP. You may omit this option by setting the environment variable F5_PASSWORD. aliases: pass, pwd
 | 
                            
                                                |  | server 
                    string
                                             / required                     |  | The BIG-IP host. You may omit this option by setting the environment variable F5_SERVER. | 
                            
                                                |  | server_port 
                    integer
                                                                 | Default: 
 443 | The BIG-IP server port. You may omit this option by setting the environment variable F5_SERVER_PORT. | 
                            
                                                |  | ssh_keyfile 
                    path
                                                                 |  | Specifies the SSH keyfile to use to authenticate the connection to the remote device.  This argument is only used for cli transports. You may omit this option by setting the environment variable ANSIBLE_NET_SSH_KEYFILE. | 
                            
                                                |  | timeout 
                    integer
                                                                 |  | Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands.  If the timeout is exceeded before the operation is completed, the module will error. | 
                            
                                                |  | transport 
                    string
                                                                 |  | Configures the transport connection to use when connecting to the remote device. | 
                            
                                                |  | user 
                    string
                                             / required                     |  | The username to connect to the BIG-IP with. This user must have administrative privileges on the device. You may omit this option by setting the environment variable F5_USER. | 
                            
                                                |  | validate_certs 
                    boolean
                                                                 |  | If no, SSL certificates are not validated. Use this only on personally controlled sites using self-signed certificates. You may omit this option by setting the environment variable F5_VALIDATE_CERTS. | 
                                            
                                                            | rate_limit 
                    string
                                                                 |  | Defines a rate limit for all combined network firewall log messages per second. Beyond this rate limit, log messages are not logged. To specify an indefinite rate, use the value indefinite. If specifying a numeric rate, the value must be between 1and4294967295. | 
                            
                                                            | state 
                    string
                                                                 | Choices:
                                                                                                                                                            present ←absent | When stateispresent, ensures the resource exists. Only built-in profile that allows updating network log settings is global-network, attempts to do so on other built-in profiles will be ignored. When stateisabsent, ensures that resource is removed. The absentstate is ignored for global-network log profile. |