Sawmill Architecture Overview

This document provides a high-level overview of the internal architecture that is specific to Sawmill.

Log Importer: A component which reads log data from a log source, and puts it into the Sawmill database.
Sawmill Database: A database which keeps a copy of the log data, and is queried to generate reports.
Reporting Interface: A web interface providing access to dynamic reports.
Administrative Interface: A web interface for administrating profiles, schedules, users, roles, tasks, and more.
Web Server: A built-in web server providing a graphical interface for administrating and viewing reports.
Command-line Interface: An extensive command-line interface that can be used to manage profiles, generate reports, and more.

Log Importer

Sawmill is a log analyzer. It reads text log data from a log source (usually log files on the local disk, a network mounted disk, or FTP), parses the data, and puts it in the Sawmill Database. Log Filters can be used to convert or filter the data as it is read, or to pull in external metadata for use in reports.

Sawmill Database

The Sawmill Database stores the data from the log source. The Log Importer feeds data into the database, and the Reporting Interface queries the database to generate reports. The database can be either the internal database, built into Sawmill, or a MySQL database.

Reporting Interface

The Reporting Interface is an HTML interface delivered through the Web Server, to any compatible web browser. Reports are generated dynamically by querying the Sawmill Database. The Reporting Interface allows arbitrary filters to be applied to any report, including Boolean filters. Reports can be created or edited through the Administrative Interface.

Create profiles
Build or update databases (process logs)
Expire data from an existing database
Email HTML reports
Generate HTML reports to disk

The most common command-line actions can also be run periodically, using the Sawmill Scheduler.

Sawmill Architecture Overview