Sawmill is a Microsoft IAS/NPS log analyzer (it also supports the 843 other log formats listed to the left). It can process log files in Microsoft IAS/NPS format, and generate dynamic statistics from them, analyzing and reporting events. Sawmill can parse Microsoft IAS/NPS logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database), aggregate them, and generate dynamically filtered reports, all through a web interface. Sawmill can perform Microsoft IAS/NPS log analysis on any platform, including Window, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Microsoft IAS/NPS, generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | Internal Name | ||
|---|---|---|---|
| date/time | date_time | ||
| day of week | day_of_week | ||
| hour of day | hour_of_day | ||
| server | server | ||
| service | service | ||
| hostname | hostname | ||
| domain description | domain_description | ||
| geographic location | location | ||
| authenticated user | authenticated_user | ||
| username | user_name | ||
| nas IP address | nas_ip_address | ||
| nas port | nas_port | ||
| service type | service_type | ||
| framed protocol | framed_protocol | ||
| framed IP address | framed_ip_address | ||
| framed IP netmask | framed_ip_netmask | ||
| framed routing | framed_routing | ||
| filter IP | filter_id | ||
| framed MTU | framed_mtu | ||
| framed compression | framed_compression | ||
| login IP host | login_ip_host | ||
| login service | login_service | ||
| login TCP port | login_tcp_port | ||
| reply message | reply_message | ||
| callback number | callback_number | ||
| callback ID | callback_id | ||
| framed route | framed_route | ||
| framed IPX network | framed_ipx_network | ||
| class | class | ||
| vendor specific | vendor_specific | ||
| session timeout | session_timeout | ||
| idle timeout | idle_timeout | ||
| termination action | termination_action | ||
| called station ID | called_station_id | ||
| calling station ID | calling_station_id | ||
| nas identifier | nas_identifier | ||
| login LAT service | login_lat_service | ||
| login LAT node | login_lat_node | ||
| login LAT group | login_lat_group | ||
| framed appletalk link | framed_appletalk_link | ||
| framed appletalk network | framed_appletalk_network | ||
| framed appletalk zone | framed_appletalk_zone | ||
| status type | acct_status_type | ||
| delay time | acct_delay_time | ||
| session id | acct_session_id | ||
| authentic | acct_authentic | ||
| terminate clause | acct_terminate_clause | ||
| multi ssn ID | acct_multi_ssn_id | ||
| link count | acct_link_count | ||
| event timestamp | event_timestamp | ||
| nas port type | nas_port_type | ||
| port limit | port_limit | ||
| login LAT port | login_lat_port | ||
| tunnel type | tunnel_type | ||
| tunnel medium type | tunnel_medium_type | ||
| tunnel client endpoint | tunnel_client_endpt | ||
| tunnel server endpoint | tunnel_server_endpt | ||
| tunnel connection | acct_tunnel_conn | ||
| password retry | password_retry | ||
| prompt | prompt | ||
| connect info | connect_info | ||
| configuration token | configuration_token | ||
| tunnel private group ID | tunnel_pvt_group_id | ||
| tunnel assignment ID | tunnel_assignment_id | ||
| tunnel preference | tunnel_preference | ||
| interim interval | acct_interim_interval | ||
| ascend | ascend | ||
| saved radius framed route | saved_radius_framed_route | ||
| client IP address | client_ip_address | ||
| RAS Client Name | ms_ras_client_name | ||
| NAS manufacturer | nas_manufacturer | ||
| ms chap error | ms_chap_error | ||
| authentication type | authentication_type | ||
| client friendly name | client_friendly_name | ||
| SAM account name | sam_account_name | ||
| fully qualified username | fully_qualified_user_name | ||
| eap friendly name | eap_friendly_name | ||
| packet type | packet_type | ||
| source IP | ip_source_ip | ||
| source port | ip_source_port | ||
| destination IP | ip_destination_ip | ||
| destination port | ip_destination_port | ||
| np policy name | np_policy_name |
Sawmill stores the following numerical fields in its database for Microsoft IAS/NPS, aggregating them and including them as columns in most reports:
| Numerical Field | Internal Name | ||
|---|---|---|---|
| events | events | ||
| input octets | acct_input_octets | ||
| output octets | acct_output_octets | ||
| session time | acct_session_time |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Microsoft IAS/NPS reports.
Sawmill also supports 843 other log formats.