CISCO SYSTEMS IDS/NETRANGER
Sawmill is a Cisco Systems IDS/NetRanger log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in Cisco Systems IDS/NetRanger format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Cisco Systems IDS/NetRanger logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Cisco Systems IDS/NetRanger log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Cisco Systems IDS/NetRanger, generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
|---|
| | date/time | | date_time |
| | day of week | | day_of_week |
| | hour of day | | hour_of_day |
| | application ID | | application_id |
| | host ID | | host_id |
| | organization ID | | organization_id |
| | source direction | | source_direction |
| | destination direction | | destination_direction |
| | alarm level | | alarm_level |
| | signature ID | | signature_id |
| | subsignature ID | | subsignature_id |
| | protocol | | protocol |
| | source IP | | source_ip |
| | destination IP | | destination_ip |
| | source port | | source_port |
| | destination port | | destination_port |
| | router IP | | router_ip |
| | attack detail | | attack_detail |
Sawmill stores the following numerical fields in its database for Cisco Systems IDS/NetRanger, aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
|---|
| | hits | | hits |
| | visitors | | visitors |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Cisco Systems IDS/NetRanger reports.
Sawmill also supports 1021 other log formats.
