Message Creation

Using Existing Search Filter or Creating a New Search Filter

1. Click Update on the desired log filter.
2. Log transmission can be additionally generated using Alarm Transmission (Administrator), SYSLOG, SNMP TRAP, and WEBHOOK.

Adding Macros to Message Content during Log Transmission

Genian NAC can use predefined macros in message content. By adding predefined macros, messages can be sent in the user's desired format. If the log notification message input field is left blank, the default message written in the tooltip will be sent.

1. Go to Preferences.
2. In the left Settings menu, go to Preferences > Audit Log.
3. In Select Node Audit Log - Save Additional Information, select the information items to additionally save during audit logging. - Saving node and agent operational status history is an optional setting.
4. Go to Audit in the top menu.
5. In the left menu, go to Logs > Search Filter.
6. Find and click the Search Filter Name.
7. Check the Alarm Transmission > SMS option.
8. Add macros to the SMS Content input box.
9. Find and click the macro help question mark button above the Alarm Transmission menu.
10. Select the desired macro and add it to the alarm transmission message body. (Example: Message {_SWNAME}{SWPORT} is here.)
11. Click the Update button.

Message Default Values

• Alarm Transmission

  SMS - [Site Name] {_HEADMSG}: Log Filter Name
  Email Subject - [Site Name] {_HEADMSG}: Log Filter Name
  Email Content - {_DATETIME} {_LOGTYPE} {_LOGID} {_SENSORNAME} {_IP} {_MAC} {_FULLMSG} {_DETAILMSG}
  

Note

SMS transmission may be limited by the maximum monthly transmission quantity depending on the license type.

• SYSLOG Transmission

  Default - {_DATETIME} {_LOGTYPE} {_LOGID} {_SENSORNAME} {_IP} {_MAC} {_FULLMSG} {_DETAILMSG}
  CEF - CEF:0|GENIANS|Genian NAC|{_VERSION}|{_LOGFILTERNAME}|{_LOGFILTERDESC}|1|rt={_DATETIME} cs1Label=Log Type cs1={_LOGTYPE} cs2Label=Log ID cs2={_LOGID} dvchost={_SENSORNAME} dst={_IP} dmac={_MAC} msg={_FULLMSG} cs3Label=Detail Message cs3={_DETAILMSG}
  

• SNMP Trap Transmission

  {_DATETIME} {_LOGTYPE} {_LOGID} {_SENSORNAME} {_IP} {_MAC} {_FULLMSG} {_DETAILMSG}
  

• Webhook (POST)

  {
  "datetime": "{_DATETIMEZ}",
  "ip": "{_IP}",
  "mac": "{_MAC}",
  "sensorip": "{_SENSORIP}",
  "sensorname": "{_SENSORNAME}",
  "logid": "{_LOGID}",
  "logidstr": "{_LOGIDSTR}",
  "logtype": "{_LOGTYPE}",
  "userid": "{_USERID}",
  "fullname": "{_USERNAME}",
  "userdept": "{_USERDEPT}",
  "position": "{_POS}",
  "nodename": "{_NNAME}",
  "hostname": "{_HOSTNAME}",
  "platform": "{_PLATFORM}",
  "nodedesc": "{_DESC}",
  "domain": "{_DOMAIN}",
  "dnsname": "{_DNSNAME}",
  "switchname": "{_SWNAME}",
  "switchport": "{_SWPORT}",
  "detail": "{_DETAILMSG}"
  }
  

Macro Definitions

Administrators can select and send necessary information when sending events by using predefined macros.

• Hostname, platform, and switch information are not included when a new node is detected.
• Macros can be used when additional information is collected after the node scan is completed.

• Please refer to the documents below for related information.

  • Genian Device Platform Intelligence (GDPI)
  • Understanding Network Nodes
  • Browsing Switches

Macro Format	Contents
{_FULLMSG}	Full Log Message
{_HEADMSG}	Log Message Header
{_TAILMSG}	Data After Header (KEY=VALUE, ...)
{_EXTRAINFO}	All Additional Information
{_IP}	Log Node IP
{_IP_HTML}	Log Node IP(Hyperlink)
{_MAC}	Log Node MAC
{_MAC_HTML}	Log Node MAC(Hyperlink)
{_SENSORIP}	Log Sensor IP
{_SENSORNAME}	Log Sensor Name
{_LOGID}	Log ID
{_LOGIDSTR}	Log ID String
{_LOGTYPE}	Log Type
{_DATETIME}	Log Time and Date (2025/11/27 14:22:32)
{_DATETIMETZ}	Log Time and TimeZone
{_DETAILMSG}	Log Details
{_USERID}	Authenticated User ID
{_USERNAME}	Authenticated User Name
{_USERDEPT}	Authenticated User Department
{_POS}	Authenticated User Job Title (Additional Information Required)
{_NNAME}	Node Name (Additional Information Required)
{_HOSTNAME}	Hostname (Additional Information Required)
{_PLATFORM}	Platform (Additional Information Required)
{_DESC}	Node Description (Additional Information Required)
{_DOMAIN}	Domain (Additional Information Required)
{_DNSNAME}	DNSName (Additional Information Required)
{_SWNAME}	Switch Name (Additional Information Required)
{_SWPORT}	Switch Port (Additional Information Required)

• Macros containing (Additional Information Required) will only output data if the Preferences > General > Log > Log Options: Remarks column Elements setting is enabled.

  If this setting is disabled, the macro replacement result will be displayed as an empty value. (Default is disabled.)

Note

You can convert to uppercase or lowercase by appending _upper or _lower to existing macros.