Sawmill is a Cisco PIX/ASA/Router/Switch log analyzer (it also supports the 843 other log formats listed to the left). It can process log files in Cisco PIX/ASA/Router/Switch format, and generate dynamic statistics from them, analyzing and reporting events. Sawmill can parse Cisco PIX/ASA/Router/Switch logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database), aggregate them, and generate dynamically filtered reports, all through a web interface. Sawmill can perform Cisco PIX/ASA/Router/Switch log analysis on any platform, including Window, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Cisco PIX/ASA/Router/Switch, generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | Internal Name | ||
|---|---|---|---|
| operation | operation | ||
| message | message | ||
| message code | message_code | ||
| message facility | message_facility | ||
| message severity | message_severity | ||
| message mnemonic | message_mnemonic | ||
| protocol | protocol | ||
| source IP | source_ip | ||
| source MAC address | source_mac_address | ||
| geographic location | location | ||
| destination IP | destination_ip | ||
| source hostname | source_hostname | ||
| destination hostname | destination_hostname | ||
| source port | source_port | ||
| destination port | destination_port | ||
| source side | source_side | ||
| destination side | destination_side | ||
| destination service | destination_service | ||
| interface | interface | ||
| direction | direction | ||
| username | user_name | ||
| group | group | ||
| access group | access_group | ||
| access list | access_list | ||
| foreign IP | faddr_host | ||
| foreign port | faddr_port | ||
| foreign service | faddr_service | ||
| global IP | gaddr_host | ||
| global port | gaddr_port | ||
| global service | gaddr_service | ||
| local IP | laddr_host | ||
| local port | laddr_port | ||
| local service | laddr_service | ||
| page | page | ||
| flags | flags | ||
| command | command | ||
| type | type | ||
| list | list | ||
| reason | reason | ||
| ICMP type | icmp_type | ||
| ICMP code | icmp_code | ||
| state | state | ||
| VTY line | vty_line | ||
| AAA status | aaa_status | ||
| AAA server | aaa_server | ||
| group policy | group_policy | ||
| private IP | private_ip | ||
| client type | client_type | ||
| client public address | client_public_addr | ||
| client application version | client_application_version | ||
| server public address | server_public_addr | ||
| assigned public address | assigned_public_addr | ||
| session type | session_type |
Sawmill stores the following numerical fields in its database for Cisco PIX/ASA/Router/Switch, aggregating them and including them as columns in most reports:
| Numerical Field | Internal Name | ||
|---|---|---|---|
| events | events | ||
| connections built | connections_built | ||
| connections torn down | connections_torn_down | ||
| page views | page_views | ||
| unique source IPs | unique_source_ips | ||
| bytes | bytes | ||
| bytes transmitted | bytes_xmt | ||
| bytes received | bytes_rcv | ||
| duration | duration | ||
| packets | packets |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Cisco PIX/ASA/Router/Switch reports.
Sawmill also supports 843 other log formats.