Sawmill is a IronPort C-Series log analyzer (it also supports the 843 other log formats listed to the left). It can process log files in IronPort C-Series format, and generate dynamic statistics from them, analyzing and reporting events. Sawmill can parse IronPort C-Series logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database), aggregate them, and generate dynamically filtered reports, all through a web interface. Sawmill can perform IronPort C-Series log analysis on any platform, including Window, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for IronPort C-Series, generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | Internal Name | ||
|---|---|---|---|
| date/time | date_time | ||
| day of week | day_of_week | ||
| hour of day | hour_of_day | ||
| action | action | ||
| from | from | ||
| to | to | ||
| SBRS action | sbrs_action | ||
| SBRS list | sbrs_list | ||
| SBRS score | sbrs_score | ||
| message ID | message_id | ||
| subject | subject | ||
| antispam_result | antispam_result | ||
| antivirus result | antivirus_result | ||
| interface | interface | ||
| interface host | interface_host | ||
| address | address | ||
| reverse DNS host | reverse_dns_host | ||
| response | response | ||
| reason | reason | ||
| ICID | icid | ||
| MID | mid | ||
| RID | rid | ||
| warnings | warning_message |
Sawmill stores the following numerical fields in its database for IronPort C-Series, aggregating them and including them as columns in most reports:
| Numerical Field | Internal Name | ||
|---|---|---|---|
| events | events | ||
| messages delivered | messages_delivered | ||
| messages queued | messages_queued | ||
| messages rejected | messages_rejected | ||
| messages aborted | messages_aborted | ||
| messages_spam_positive | messages_spam_positive | ||
| messages_virus_positive | messages_virus_positive | ||
| message deliveries aborted | message_deliveries_aborted | ||
| messages quarantined | messages_quarantined | ||
| messages delayed | messages_delayed | ||
| bytes transferred | bytes_transferred | ||
| warnings | warnings |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling IronPort C-Series reports.
Sawmill also supports 843 other log formats.