Bindview Windows Event Log Analyzer

Sawmill is a Bindview Windows Event log analyzer (it also supports 827 other log formats). It can process log files in Bindview Windows Event format, and generate dynamic statistics from them, analyzing and reporting events. Sawmill can parse Bindview Windows Event logs, import them into a SQL database (or its own built-in database), aggregate them, and generate dynamically filtered reports, all through a web interface. Sawmill can perform Bindview Windows Event log analysis on any platform, including Window, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.

Sawmill stores the following non-numerical fields in its database for Bindview Windows Event, generates reports for each field, and allows dynamic filtering on any combination of these fields:

	Field		Internal Name
	date/time		date_time
	day of week		day_of_week
	hour of day		hour_of_day
	machine name		machine_name
	event code		event_code
	reason		reason
	username		user_name
	domain		domain
	logon type		logon_type
	logon process		logon_process
	authentication package		authentication_package
	workstation name		workstation_name
	caller user name		caller_user_name
	caller domain		caller_domain
	caller logon ID		caller_logon_id
	caller process ID		caller_process_id
	transited services		transited_services
	source network address		source_network_address
	source port		source_port
	type		type
	event type		event_type
	process		process
	category		category
	logon account		logon_account
	logon ID		logon_id
	source workstation		source_workstation
	error code		error_code
	status code		status_code
	substatus code		substatus_code

Sawmill stores the following numerical fields in its database for Bindview Windows Event, aggregating them and including them as columns in most reports:

	Numerical Field		Internal Name
	events		events

Sawmill also supports 827 other log formats; see Sawmill Features for a list containing Bindview Windows Event and all the other supported formats.