SYMANTEC SECURITY GATEWAYS LOG FORMAT (SGS 2.0/3.0 & SEF 8.0)

Sawmill is a Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0) log analyzer (it also supports the 843 other log formats listed to the left). It can process log files in Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0) format, and generate dynamic statistics from them, analyzing and reporting events. Sawmill can parse Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0) logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database), aggregate them, and generate dynamically filtered reports, all through a web interface. Sawmill can perform Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0) log analysis on any platform, including Window, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.

Sawmill stores the following non-numerical fields in its database for Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0), generates reports for each field, and allows dynamic filtering on any combination of these fields:

	Field		Internal Name
	date/time		date_time
	day of week		day_of_week
	hour of day		hour_of_day
	logging device		logging_device
	service		service
	duration		duration
	authentication result		authentication_result
	ID		id
	sent		sent
	received		received
	bytes		bytes
	source interface		source_interface
	source IP		source_ip
	source port		source_port
	source name		source_name
	server source		server_source
	server source port		server_source_port
	destination interface		destination_interface
	destination IP		destination_ip
	destination port		destination_port
	destination name		destination_name
	client destination		client_destination
	URL		url
	result		result
	protocol		protocol
	rule ID		rule_id
	message type		message_type
	message		message
	operation		operation
	status		status
	state		state
	rule		rule
	PID		pid
	notes		notes
	adapter		adapter
	alert destination MAC address		alert_destination_mac_addr
	alert source MAC address		alert_source_mac_addr
	class		class
	consolidated message		consolidated_message
	count		count
	CVE		cve
	family		family
	flag		flag
	flow cookie		flow_cookie
	host		host
	interface		interface
	interface ID		interface_id
	interval		interval
	IP code		ip_code
	IP protocol		ip_protocol
	level		level
	outcome		outcome
	packet		packet
	payload left offset		payload_left_offset
	payload right offset		payload_right_offset
	policy tag		policy_tag
	program name		program_name
	reliability		reliability
	request		request
	resource		resource
	response		response
	string value		string_value
	title		title
	type		type
	vendor		vendor
	VLAN ID		vlan_id
	month		month
	user		user
	setting		setting
	key		key
	revision		revision
	domain		domain
	client port		client_port
	related ID		related_id
	server		server
	IP address		ip_address
	license expiry date		license_exp_date
	feature ID		feature_id
	license type		license_type
	product		product
	version		version
	detail		detail
	antivirus comfort		av_comfort
	antivirus scan		av_scan
	context data		context_data
	context description		context_description
	probable probe		probable_probe
	trace route TTL		trace_route_ttl
	command		command
	error number		error_number
	information		information
	length		length
	limit		limit
	message count		message_count
	offset		offset

Sawmill stores the following numerical fields in its database for Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0), aggregating them and including them as columns in most reports:

	Numerical Field		Internal Name
	events		events
	sent		sent
	received		received
	bytes		bytes
	duration		duration

See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0) reports.

Sawmill also supports 843 other log formats.