CISCO SYSTEMS PIX/ASA SECURITY APPLIANCE
Sawmill is a Cisco Systems PIX/ASA Security Appliance log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in Cisco Systems PIX/ASA Security Appliance format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Cisco Systems PIX/ASA Security Appliance logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Cisco Systems PIX/ASA Security Appliance log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Cisco Systems PIX/ASA Security Appliance, generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
|---|
| | operation | | operation |
| | message | | message |
| | message code | | message_code |
| | message facility | | message_facility |
| | message severity | | message_severity |
| | message mnemonic | | message_mnemonic |
| | protocol | | protocol |
| | source IP | | source_ip |
| | source MAC address | | source_mac_address |
| | location | | location |
| | destination IP | | destination_ip |
| | source hostname | | source_hostname |
| | destination hostname | | destination_hostname |
| | source port | | source_port |
| | destination port | | destination_port |
| | source side | | source_side |
| | destination side | | destination_side |
| | destination service | | destination_service |
| | interface | | interface |
| | direction | | direction |
| | username | | user_name |
| | group | | group |
| | access group | | access_group |
| | access list | | access_list |
| | foreign IP | | faddr_host |
| | foreign port | | faddr_port |
| | foreign service | | faddr_service |
| | global IP | | gaddr_host |
| | global port | | gaddr_port |
| | global service | | gaddr_service |
| | local IP | | laddr_host |
| | local port | | laddr_port |
| | local service | | laddr_service |
| | URL | | url |
| | flags | | flags |
| | command | | command |
| | type | | type |
| | list | | list |
| | reason | | reason |
| | ICMP type | | icmp_type |
| | ICMP code | | icmp_code |
| | state | | state |
| | VTY line | | vty_line |
| | privilege_level | | privilege_level |
| | AAA status | | aaa_status |
| | AAA server | | aaa_server |
| | group policy | | group_policy |
| | private IP | | private_ip |
| | VLAN ID | | vlan_id |
| | client type | | client_type |
| | client public address | | client_public_addr |
| | client application version | | client_application_version |
| | server public address | | server_public_addr |
| | assigned public address | | assigned_public_addr |
| | session type | | session_type |
Sawmill stores the following numerical fields in its database for Cisco Systems PIX/ASA Security Appliance, aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
|---|
| | events | | events |
| | connections built | | connections_built |
| | connections torn down | | connections_torn_down |
| | page views | | page_views |
| | unique source IPs | | unique_source_ips |
| | bytes | | bytes |
| | bytes transmitted | | bytes_xmt |
| | bytes received | | bytes_rcv |
| | duration | | duration |
| | packets | | packets |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Cisco Systems PIX/ASA Security Appliance reports.
Sawmill also supports 1021 other log formats.
