Sending Logs
============

You can send Events to external locations like SIEM solutions using several
methods.

.. note:: To send emails notifications, Outbound email and admin email
   notification settings must both be configured.
   See :doc:`/system/email` , :doc:`/system/admin-account`.

#. Select a **log filter**, click **edit.**
#. Click **Checkbox** for **Notification** (Administrator email / sms),
   **Syslog**, **SNMP Trap**, or **Webhook**.
#. Configure settings and Update.

Example Integration: Splunk
---------------------------

Integrate with Splunk using the following process:

1. In Splunk configure a Local UDP input under **Settings > Data Inputs.**
2. Configure your desired **data input port** and enter your Genians policy
   server IP into the "Only accept connection from" section. (optional)
3. In Genians NAC, select syslog under the log filter of your choice.
4. Input the **Sever Address** of your splunk server. For **Protocol**, select
   **UDP**, and for **server port**, select the **data input port** you defined
   on Splunk.
5. In the SYSLOG message section, enter the value:
   {_DATETIME},LOGTYPE={_LOGTYPE},LOGID={_LOGID},IP={_IP},MAC={_MAC},MSG={_FULLMSG},
   DETAIL={_DETAILMSG}

 * This is necessary for the proper display of information in Splunk.

SNMP Trap Example
-----------------

SNMP Trap is mainly used for device-to-device event transmission, and the transmission setting method is as follows.

#. Check SNMP trap in selected search filter of Genian NAC.
#. Enter the server address of the SNMP Trap server.
#. Enter the Community string defined in the SNMP Trap server.
#. In the SNMP Trap message, enter values ​​of {_DATETIME},LOGTYPE={_LOGTYPE},LOGID={_LOGID},IP={_IP},MAC={_MAC},MSG={_FULLMSG},
   DETAIL={_DETAILMSG}.