Newsletters

Sawmill Newsletter

Ā January 18, 2011

Welcome to the Sawmill Newsletter!

You're receiving this newsletter because during the downloading or purchase of Sawmill, you checked the box to join our mailing list. If you wish to be removed from this list, please send an email, with the subject line of "UNSUBSCRIBE" to newsletter@sawmill.net (please include the entire message, as the identifying information is at the bottom).

News

Sawmill 8.1.8 shipped on January 17, 2011. This is a bug-fix releaseā€"it fixes a few bugs, and adds a few small features. This release is free to existing Sawmill 8 users. This release is recommended for anyone experiencing the issues described in the version history. You can download Sawmill 8.1.8 from http://sawmill.net/download.html .

Sawmill 7 users can upgrade to Sawmill 8 for half of the license price; or if you have Premium Support, the upgrade is free. Major features of Sawmill 8 include support for Oracle and Microsoft SQL Server databases, real-time reporting, a completely redesigned web interface, better multi-processor and multi-core support, and role-based authentication control.

This issue of the Sawmill Newsletter describes the creation of a cluster of parsing servers to improve the performance of log processing to omit rows of reports as they are displayed.

Get The Most Out Of Sawmill With Professional Services

Looking to get more out of your statistics from Sawmill? Running short on time, but need the information now to make critical business decisions? Our Professional Service Experts are available for just this situation and many others. We will assist in the initial installation of Sawmill using best practices; work with you to integrate and configure Sawmill to generate reports in the shortest possible time. We will tailor Sawmill to your environment, create a customized solution, be sensitive to your requirements and stay focused on what your business needs are. We will show you areas of Sawmill you may not even be aware of, demonstrating these methods will provide you with many streamlined methods to get you the information more quickly. Often you'll find that Sawmill's deep analysis can even provide you with information you've been after but never knew how to reach, or possibly never realized was readily available in reports. Sawmill is an extremely powerful tool for your business, and most users only exercise a fraction of this power. That's where our experts really can make the difference. Our Sawmill experts have many years of experience with Sawmill and with a large cross section of devices and business sectors. Our promise is to very quickly come up with a cost effective solution that fits your business, and greatly expand your ROI with only a few hours of fee based Sawmill Professional Services. For more information, a quote, or to speak directly with a Professional services expert contact consulting@flowerfire.com.

Tips & Techniques: Using The LDAP Plug-in

Sawmill 8.1.8 includes a new plug-in architecture for managing logins and authentication. The first plug-in for this architecture is the LDAP Plug-in (ldap.cfg), which is included in the Extras folder of the Sawmill distribution. Sawmill 8.1.8 also includes a section in the Preferences which integrates with this plug-in.

Installing the LDAP Plug-in

Sawmill 8.6.2 or earlier: To use the LDAP plug-in, copy the login_plugins folder from Extras to LogAnalysisInfo. This installs the LDAP plug-in, and makes it active immediately. You can still login as the local administrative Sawmill user, but other user logins will be managed by the plug-in.

In Sawmill 8.6.3 or later: The LDAP login plug-in is always installed, and is enabled by checking "ldap" in Preferences->Security.

Configuring the LDAP Plug-in

While logging in as the local Sawmill administrator, go to Preferences, and within there to Security. Fill out the bottom section, called LDAP:

Preferences LDAP

The Security Section Of Preferences

The values of these fields should be:

LDAP server hostname. This is the hostname of the LDAP server to be used for Sawmill login authentication.
LDAP administrator DN. This is the DN (Distinguished Name) of the LDAP user to be used for Sawmill's LDAP queries.
LDAP administrator password. This is the password of the LDAP administrator DN.
Use SSL for LDAP. Check this if your LDAP server supports SSL, and you want to use it for better security.
LDAP base DN. This is the base DN of all your Sawmill users in LDAP
LDAP username label. This is the label of the username field to be queried from LDAP, e.g. CN or sAMAccountName.

Logging In

Now, log out of Sawmill, and log in as usual. If the username and password you enter are the root administrator, you will be logged directly into Sawmill. Otherwise the LDAP plug-in will contact the specified LDAP server, log in (bind) to the LDAP server as the specified LDAP administrator, and run a query against the base DN, to find a user whose username label attribute matches the value entered as the username in the login page. For instance, in the example above, if "bob" were entered in the Username field of the Sawmill login page, the LDAP Plug-in would do a query to find a user with sAMAccountName=bob, within the base DN (recursively, i.e. using a subtree query). If a user is found, the LDAP plug-in will attempt to bind to that user with the specified password; if that succeeds, the user will be logged into Sawmill. The default behavior of the plug-in is to log the user into Sawmill as a statistics-viewing user with access to view all profiles, but with no administrative or Config permissions (i.e., the user record is created in Sawmill within the role of Statistics Viewer).

Advanced Topic: Customizing the LDAP Plug-in

The default LDAP Plug-in, ldap.cfg, does only basic authentication: it confirms that the user exists, and that the password is correct, and logs them in as an all-profile-viewing user. If you need more, however, the plug-in can be configured to do more, by editing the Salang code of ldap.cfg. For instance, the code contains a line which specifies which role the user should be; that can be changed, or a new LDAP query can be executed to determine their role. Also, the code contains a line where it specifies which profiles the user may access (all of them, by default); that can be changed to allow access to only a particular profile, or do another LDAP query to determine which profiles the user may access.

Finally, ldap.cfg contains a commented-out section implementing a particularly sophisticated usage. The code, if un-commented and edited appropriately, will perform an LDAP query to determine who reports to the logging-in user, within the organization. It will then create an invisible per-user report filter selecting only those users from the reports. For instance, if Bob logs in, and Jane and Jeff report to Bob, then it will create a report filter which selects all events where user=jane or user=jeff. This allows the reports to change dynamically, depending on who is logging in, to show only information for their subordinates, or their division. This is particularly useful for web proxy analysis.

Advanced Topic: Creating Other Plug-ins

The LDAP Plug-in is one example of a new category of plug-ins called "login plug-ins." Though most users will only need the LDAP Plug-in, it is possible to create your own plug-ins which perform authentication against another external authentication source, for instance a database. The ldap.cfg file can be used as a basis for creating this sort of alternate external authentication system for Sawmill.

Professional Services

This newsletter describes the LDAP Plug-in. If you need assistance with implementing or customizing the LDAP Plug-in, creating a new login plug-in, or with any other Sawmill tasks, our Sawmill Experts can help. Contact sales@sawmill.net for more information.

[Article revision v1.0]
[ClientID: 43726]