Sawmill
Download Sawmill 8.8.1
30 Days Free Trial
Home Products Downloads Purchase Support About About
Sawmill Sawmill

SAWMILLPLUG-IN

ALL PLUG-INS

Sawmill has plug-ins to support the following log formats:

line
INTERSECT ALLIANCE SNARE

Sawmill is a Intersect Alliance Snare log analyzer (it also supports the 1021 other log formats listed to the left). It can process log files in Intersect Alliance Snare format, and generate dynamic statistics from them, analyzing and reporting events. Sawmill can parse Intersect Alliance Snare logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database), aggregate them, and generate dynamically filtered reports, all through a web interface. Sawmill can perform Intersect Alliance Snare log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.

Sawmill stores the following non-numerical fields in its database for Intersect Alliance Snare, generates reports for each field, and allows dynamic filtering on any combination of these fields:

Field  Internal Name
   event code  event_code
   type  type
   category  category
   username  user_name
   server name  server_name
   action  action
   domain  domain
   logon ID  logon_id
   logon GUID  logon_guid
   logon type  logon_type
   logon process  logon_process
   authentication package  authentication_package
   workstation name  workstation_name
   new process ID  new_process_id
   process ID  process_id
   creator process ID  creator_process_id
   image file name  image_file_name
   caller user name  caller_user_name
   caller domain  caller_domain
   caller logon ID  caller_logon_id
   caller process ID  caller_process_id
   transited services  transited_services
   source network address  source_network_address
   source port  source_port
   primary user name  primary_user_name
   primary domain  primary_domain
   primary logon ID  primary_logon_id
   handle ID  handle_id
   target account name  target_account_name
   target account ID  target_account_id
   target domain  target_domain
   privileges  privileges
   accesses  accesses
   restricted sid count  restricted_sid_count
   access mask  access_mask
   object server  object_server
   object type  object_type
   object name  object_name
   operation ID  operation_id
   client user name  client_user_name
   client domain  client_domain
   client logon ID  client_logon_id
   member name  member_name
   member ID  member_id
   server  server
   service  service
   name  name
   path  path
   identifier  identifier
   user account  user_account
   user domain  user_domain
   rpc_server  rpc_server
   ip_version  ip_version
   IP protocol  ip_protocol
   port number  port_number
   allowed  allowed
   user_notified  user_notified
   subject  subject
   Security ID  security_id
   account name  account_name
   Account Domain  account_domain
   group  group
   group name  group_name
   group_domain  group_domain
   changed_attributes  changed_attributes
   member  member
   additional_information  additional_information
   event type  event_type
   level  level
   event description  event_description
   computer name  computer_name
   subcategory  subcategory

Sawmill stores the following numerical fields in its database for Intersect Alliance Snare, aggregating them and including them as columns in most reports:

Numerical Field  Internal Name
   events  events

See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Intersect Alliance Snare reports.

Sawmill also supports 1021 other log formats.

© 2024 Flowerfire | Copyright | Privacy Policy | License Agreement | Terms of Use | Contact | Feedback | About
Sawmill Software
Sawmill Software
Back to Sawmill Home