.. _define-send-event: Define Event Criteria for Export ================================ Use an existing Log Filter or Create a new one ---------------------------------------------- #. Select the **edit** option under the desired log filter. #. Log export may be configured further by checking **Notification** (Local Admin), **SYSLOG**, **SNMP Trap**, and/or **Webhook**. Add Macros To Log Export Message Box ------------------------------------ Genian NAC uses Macros as a placeholder text that gets replaced with specific data when inserted into the Log Notifications message box. You can add and customize these Macros to present the data however you like. If the Log Notifications message block is left empty then a default set of Macros will be used. #. Go to **Preferences** in the top panel. #. Go to **General > Log** in the left **Preferences** panel. #. Find **Log Options: Remarks column Elements** section in main **Log** panel. #. Select options to **Enable** this data to be added to **Logs.** (*Node Status Logs and Agent Status Logs are optional*) #. Go to **Log** in the top panel. #. Go to **Log Filter** in the left **Log** panel. #. Find and click **Log Filter Name.** #. Click Edit at the top right of view pane. #. Find and select **Notification**, **SYSLOG**, **SNMP Trap**, and/or **Webhook**. #. Find and click **Help for Macro** button just above **Notification** section title. #. Choose the desired **MACRO** to add to the message body. (*Some Message{_SWNAME}{SWPORT}*) #. Click **Update.** **Default Message Syntax** - Notification .. code-block:: bash SMS - [site Name] {_HEADMSG}: Log Filter Name Email Subject - [Site Name] {_HEADMSG}: Log Filter Name Email Contents - {_DATETIME} {_LOGTYPE} {_LOGID} {_SENSORNAME} {_IP} {_MAC} {_FULLMSG} {_DETAILMSG} - SYSLOG .. code-block:: bash Default - {_DATETIME} {_LOGTYPE} {_LOGID} {_SENSORNAME} {_IP} {_MAC} {_FULLMSG} {_DETAILMSG} CEF - CEF:0|GENIANS|Genian NAC|{_VERSION}|{_LOGFILTERNAME}|{_LOGFILTERDESC}|1|rt={_DATETIME} cs1Label=Log Type cs1={_LOGTYPE} cs2Label=Log ID cs2={_LOGID} dvchost={_SENSORNAME} dst={_IP} dmac={_MAC} msg={_FULLMSG} cs3Label=Detail Message cs3={_DETAILMSG} - SNMP Trap .. code-block:: bash {_DATETIME} {_LOGTYPE} {_LOGID} {_SENSORNAME} {_IP} {_MAC} {_FULLMSG} {_DETAILMSG} .. note:: SMS Notifications are limited to 500 per-month. - Webhook (POST) .. code-block:: bash { "datetime": "{_DATETIMEZ}", "ip": "{_IP}", "mac": "{_MAC}", "sensorip": "{_SENSORIP}", "sensorname": "{_SENSORNAME}", "logid": "{_LOGID}", "logidstr": "{_LOGIDSTR}", "logtype": "{_LOGTYPE}", "userid": "{_USERID}", "fullname": "{_USERNAME}", "userdept": "{_USERDEPT}", "position": "{_POS}", "nodename": "{_NNAME}", "hostname": "{_HOSTNAME}", "platform": "{_PLATFORM}", "nodedesc": "{_DESC}", "domain": "{_DOMAIN}", "dnsname": "{_DNSNAME}", "switchname": "{_SWNAME}", "switchport": "{_SWPORT}", "detail": "{_DETAILMSG}" } Macro Definitions ----------------- Administrators can select and send necessary information when sending events by using predefined macros. .. csv-table:: :header: "Macro Format", "Contents" "{_FULLMSG}", "Full Log Message" "{_HEADMSG}", "Log Message Header" "{_TAILMSG}", "Data After Header (KEY=VALUE, ...)" "{_EXTRAINFO}", "All Additional Information" "{_IP}", "Log Node IP" "{_IP_HTML}", "Log Node IP(Hyperlink)" "{_MAC}", "Log Node MAC" "{_MAC_HTML}", "Log Node MAC(Hyperlink)" "{_SENSORIP}", "Log Sensor IP" "{_SENSORNAME}", "Log Sensor Name" "{_LOGID}", "Log ID" "{_LOGIDSTR}", "Log ID String" "{_LOGTYPE}", "Log Type" "{_DATETIME}", "Log Time and Date (2009/11/27 14:22:32)" "{_DATETIMETZ}", "Log Time and TimeZone" "{_DETAILMSG}", "Log Details" "{_USERID}", "Authenticated User ID" "{_USERNAME}", "Authenticated User Name" "{_USERDEPT}", "Authenticated User Department" "{_POS}", "Authenticated User Job Title (Additional Information Required)" "{_NNAME}", "Node Name (Additional Information Required)" "{_HOSTNAME}", "Hostname (Additional Information Required)" "{_PLATFORM}", "Platform (Additional Information Required)" "{_DESC}", "Node Description (Additional Information Required)" "{_DOMAIN}", "Domain (Additional Information Required)" "{_DNSNAME}", "DNSName (Additional Information Required)" "{_SWNAME}", "Switch Name (Additional Information Required)" "{_SWPORT}", "Switch Port (Additional Information Required)"