STONESOFT STONEGATE FIREWALL
Sawmill is a Stonesoft StoneGate Firewall log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in Stonesoft StoneGate Firewall format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Stonesoft StoneGate Firewall logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Stonesoft StoneGate Firewall log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Stonesoft StoneGate Firewall, generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
|---|
| | log ID | | log_id |
| | node ID | | node_id |
| | facility | | facility |
| | type | | type |
| | event | | event |
| | action | | action |
| | protocol | | protocol |
| | source IP | | source_ip |
| | destination IP | | destination_ip |
| | source port | | source_port |
| | destination port | | destination_port |
| | rule ID | | rule_id |
| | NAT source IP | | nat_source_ip |
| | NAT destination IP | | nat_destination_ip |
| | NAT source port | | nat_source_port |
| | NAT destination port | | nat_destination_port |
| | flags | | flags |
| | source interface | | source_interface |
| | protocol agent | | protocol_agent |
| | alert name | | alert_name |
| | syslog message | | syslog_message |
| | ICMP type | | icmp_type |
| | ICMP code | | icmp_code |
| | ICMP ID | | icmp_id |
| | IPSEC SPI | | ipsec_spi |
| | RTT | | rtt |
| | authenticated name | | authenticated_name |
| | source VLAN | | source_vlan |
| | destination VLAN | | destination_vlan |
| | firewall engine ID | | firewall_engine_id |
| | info message | | info_message |
Sawmill stores the following numerical fields in its database for Stonesoft StoneGate Firewall, aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
|---|
| | hits | | hits |
| | visitors | | visitors |
| | bytes received | | bytes_received |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Stonesoft StoneGate Firewall reports.
Sawmill also supports 1021 other log formats.
