Define Event Criteria for Export
Use an existing Log Filter or Create a new one
- Select the edit option under the desired log filter.
- Log export may be configured further by checking Notification (Local Admin), SYSLOG, SNMP Trap, and/or Webhook.
Add Macros To Log Export Message Box
Genian NAC uses Macros as a placeholder text that gets replaced with specific data when inserted into the Log Notifications message box. You can add and customize these Macros to present the data however you like. If the Log Notifications message block is left empty then a default set of Macros will be used.
- Go to Preferences in the top panel.
- Go to General > Log in the left Preferences panel.
- Find Log Options: Remarks column Elements section in main Log panel.
- Select options to Enable this data to be added to Logs. (Node Status Logs and Agent Status Logs are optional)
- Go to Log in the top panel.
- Go to Log Filter in the left Log panel.
- Find and click Log Filter Name.
- Click Edit at the top right of view pane.
- Find and select Notification, SYSLOG, SNMP Trap, and/or Webhook.
- Find and click Help for Macro button just above Notification section title.
- Choose the desired MACRO to add to the message body. (Some Message{_SWNAME}{SWPORT})
- Click Update.
Default Message Syntax
- Notification
SMS - [site Name] {_HEADMSG}: Log Filter Name
Email Subject - [Site Name] {_HEADMSG}: Log Filter Name
Email Contents - {_DATETIME} {_LOGTYPE} {_LOGID} {_SENSORNAME} {_IP} {_MAC} {_FULLMSG} {_DETAILMSG}
- SYSLOG
Default - {_DATETIME} {_LOGTYPE} {_LOGID} {_SENSORNAME} {_IP} {_MAC} {_FULLMSG} {_DETAILMSG}
CEF - CEF:0|GENIANS|Genian NAC|{_VERSION}|{_LOGFILTERNAME}|{_LOGFILTERDESC}|1|rt={_DATETIME} cs1Label=Log Type cs1={_LOGTYPE} cs2Label=Log ID cs2={_LOGID} dvchost={_SENSORNAME} dst={_IP} dmac={_MAC} msg={_FULLMSG} cs3Label=Detail Message cs3={_DETAILMSG}
- SNMP Trap
{_DATETIME} {_LOGTYPE} {_LOGID} {_SENSORNAME} {_IP} {_MAC} {_FULLMSG} {_DETAILMSG}
Note
SMS Notifications are limited to 500 per-month.
- Webhook (POST)
{
"datetime": "{_DATETIMEZ}",
"ip": "{_IP}",
"mac": "{_MAC}",
"sensorip": "{_SENSORIP}",
"sensorname": "{_SENSORNAME}",
"logid": "{_LOGID}",
"logidstr": "{_LOGIDSTR}",
"logtype": "{_LOGTYPE}",
"userid": "{_USERID}",
"fullname": "{_USERNAME}",
"userdept": "{_USERDEPT}",
"position": "{_POS}",
"nodename": "{_NNAME}",
"hostname": "{_HOSTNAME}",
"platform": "{_PLATFORM}",
"nodedesc": "{_DESC}",
"domain": "{_DOMAIN}",
"dnsname": "{_DNSNAME}",
"switchname": "{_SWNAME}",
"switchport": "{_SWPORT}",
"detail": "{_DETAILMSG}"
}
Macro Definitions
Administrators can select and send necessary information when sending events by using predefined macros.
| Macro Format | Contents |
|---|---|
| {_FULLMSG} | Full Log Message |
| {_HEADMSG} | Log Message Header |
| {_TAILMSG} | Data After Header (KEY=VALUE, ...) |
| {_EXTRAINFO} | All Additional Information |
| {_IP} | Log Node IP |
| {_IP_HTML} | Log Node IP(Hyperlink) |
| {_MAC} | Log Node MAC |
| {_MAC_HTML} | Log Node MAC(Hyperlink) |
| {_SENSORIP} | Log Sensor IP |
| {_SENSORNAME} | Log Sensor Name |
| {_LOGID} | Log ID |
| {_LOGIDSTR} | Log ID String |
| {_LOGTYPE} | Log Type |
| {_DATETIME} | Log Time and Date (2009/11/27 14:22:32) |
| {_DATETIMETZ} | Log Time and TimeZone |
| {_DETAILMSG} | Log Details |
| {_USERID} | Authenticated User ID |
| {_USERNAME} | Authenticated User Name |
| {_USERDEPT} | Authenticated User Department |
| {_POS} | Authenticated User Job Title (Additional Information Required) |
| {_NNAME} | Node Name (Additional Information Required) |
| {_HOSTNAME} | Hostname (Additional Information Required) |
| {_PLATFORM} | Platform (Additional Information Required) |
| {_DESC} | Node Description (Additional Information Required) |
| {_DOMAIN} | Domain (Additional Information Required) |
| {_DNSNAME} | DNSName (Additional Information Required) |
| {_SWNAME} | Switch Name (Additional Information Required) |
| {_SWPORT} | Switch Port (Additional Information Required) |