Sawmill is a tcpdump Log Format (-tt, with interface) log analyzer (it also supports the 843 other log formats listed to the left). It can process log files in tcpdump Log Format (-tt, with interface) format, and generate dynamic statistics from them, analyzing and reporting events. Sawmill can parse tcpdump Log Format (-tt, with interface) logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database), aggregate them, and generate dynamically filtered reports, all through a web interface. Sawmill can perform tcpdump Log Format (-tt, with interface) log analysis on any platform, including Window, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for tcpdump Log Format (-tt, with interface), generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | Internal Name | ||
|---|---|---|---|
| date/time | date_time | ||
| day of week | day_of_week | ||
| hour of day | hour_of_day | ||
| interface | interface | ||
| direction | direction | ||
| source IP | source_ip | ||
| source port | source_port | ||
| destination IP | destination_ip | ||
| destination port | destination_port | ||
| protocol | protocol | ||
| operation | operation |
Sawmill stores the following numerical fields in its database for tcpdump Log Format (-tt, with interface), aggregating them and including them as columns in most reports:
| Numerical Field | Internal Name | ||
|---|---|---|---|
| packets | packets | ||
| size | size |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling tcpdump Log Format (-tt, with interface) reports.
Sawmill also supports 843 other log formats.