genian-nac-audit-logs
Fetch audit logs from Genian NAC server.
genian-nac-audit-logs [profile=PROFILE] [duration=NUM{mon|w|d|h|m|s}] [from=yyyyMMddHHmmss] [to=yyyyMMddHHmmss] [level=LEVEL] [ip=IP] [mac=MAC] [login=LOGIN] [user=USER] [dept=DEPT] [msg=MSG]
- profile=PROFILE
- Genian NAC profile code
- duration=NUM{mon|w|d|h|m|s}
- Scan only recent data. You should use s(second), m(minute), h(hour), d(day), mon(month) time unit. For example,
10smeans data from 10 seconds earlier. - from=yyyyMMddHHmmss
- Start time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- to=yyyyMMddHHmmss
- End time of range. yyyyMMddHHmmss format. If you omit time part, it will be padded by zero.
- level=LEVEL
- Comma seperated levels. Use info, warn, error, anomaly.
- ip=IP
- Search by IP address
- mac=MAC
- Search by MAC address
- login=LOGIN
- Search by login ID
- user=USER
- Search by user name
- dept=DEPT
- Search by department name
- msg=MSG
- Search by message keyword
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Time | Log time |
| profile | String | Profile | Connect profile code |
| level | String | Level | info, warn, error, anomaly |
| source | String | Source | Sensor or management server |
| category | String | Category | |
| ip | IP address | IP address | |
| mac | String | MAC address | |
| user | String | User | |
| user_name | String | User name | |
| dept_name | String | Department name | |
| msg | String | Message | |
| detail | String | Detail |