Sending Logs
You can send Events to external locations like SIEM solutions using several methods.
Note
To send emails notifications, Outbound email and admin email notification settings must both be configured. See Setting up Outbound Mail Server ( SMTP ) , Administrator Accounts.
- Select a log filter, click edit.
- Click Checkbox for Notification (Administrator email / sms), Syslog, SNMP Trap, or Webhook.
- Configure settings and Update.
Example Integration: Splunk
Integrate with Splunk using the following process:
- In Splunk configure a Local UDP input under Settings > Data Inputs.
- Configure your desired data input port and enter your Genians policy server IP into the "Only accept connection from" section. (optional)
- In Genians NAC, select syslog under the log filter of your choice.
- Input the Sever Address of your splunk server. For Protocol, select UDP, and for server port, select the data input port you defined on Splunk.
- In the SYSLOG message section, enter the value: {_DATETIME},LOGTYPE={_LOGTYPE},LOGID={_LOGID},IP={_IP},MAC={_MAC},MSG={_FULLMSG}, DETAIL={_DETAILMSG}
- This is necessary for the proper display of information in Splunk.
SNMP Trap Example
SNMP Trap is mainly used for device-to-device event transmission, and the transmission setting method is as follows.
- Check SNMP trap in selected search filter of Genian NAC.
- Enter the server address of the SNMP Trap server.
- Enter the Community string defined in the SNMP Trap server.
- In the SNMP Trap message, enter values of {_DATETIME},LOGTYPE={_LOGTYPE},LOGID={_LOGID},IP={_IP},MAC={_MAC},MSG={_FULLMSG}, DETAIL={_DETAILMSG}.