CISCO SYSTEMS IDS/NETRANGER
Sawmill is a Cisco Systems IDS/NetRanger log analyzer (it also supports the 1020 other log formats listed to the left).
It can process log files
in Cisco Systems IDS/NetRanger format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Cisco Systems IDS/NetRanger logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Cisco Systems IDS/NetRanger log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Cisco Systems IDS/NetRanger, generates reports for each field, and allows dynamic filtering on any combination of these fields:
|Field|| ||Internal Name|
| ||date/time|| ||date_time|
| ||day of week|| ||day_of_week|
| ||hour of day|| ||hour_of_day|
| ||application ID|| ||application_id|
| ||host ID|| ||host_id|
| ||organization ID|| ||organization_id|
| ||source direction|| ||source_direction|
| ||destination direction|| ||destination_direction|
| ||alarm level|| ||alarm_level|
| ||signature ID|| ||signature_id|
| ||subsignature ID|| ||subsignature_id|
| ||protocol|| ||protocol|
| ||source IP|| ||source_ip|
| ||destination IP|| ||destination_ip|
| ||source port|| ||source_port|
| ||destination port|| ||destination_port|
| ||router IP|| ||router_ip|
| ||attack detail|| ||attack_detail|
Sawmill stores the following numerical fields in its database for Cisco Systems IDS/NetRanger, aggregating them and including them as columns in most reports:
|Numerical Field|| ||Internal Name|
| ||hits|| ||hits|
| ||visitors|| ||visitors|
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Cisco Systems IDS/NetRanger reports.
Sawmill also supports 1020 other log formats.