CORADIANT TRUESIGHT (DATA OBJECTS)
Sawmill is a Coradiant TrueSight (data objects) log analyzer (it also supports the 883 other log formats listed to the left).
It can process log files
in Coradiant TrueSight (data objects) format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Coradiant TrueSight (data objects) logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Coradiant TrueSight (data objects) log analysis on any platform, including Window, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Coradiant TrueSight (data objects), generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
| date/time | | date_time |
| day of week | | day_of_week |
| hour of day | | hour_of_day |
| URL | | cs_uri_stem |
| file type | | file_type |
| worm | | worm |
| geographic location | | location |
| referrer | | cs_referer |
| referrer description | | referrer_description |
| search engine | | search_engine |
| search phrase | | search_phrase |
| URL query | | cs_uri_query |
| client to server post | | x_cs_post |
| location | | sc_location |
| client IP | | c_ip |
| client port | | c_port |
| X-Forwarded-For | | x_forwarded_for |
| first public IP | | x_first_public_ip |
| first public IP source | | x_first_public_ip_source |
| server IP | | s_ip |
| source port | | s_port |
| method | | cs_method |
| protocol | | cs_version |
| MIME type | | x_sc_mimetype |
| server status | | sc_status |
| redirect | | x_redirect |
| document | | x_document |
| container | | x_container |
| component | | x_component |
| aborted | | x_aborted |
| client aborted | | x_client_aborted |
| server aborted | | x_server_aborted |
| client timed out | | x_client_timed_out |
| server timed out | | x_server_timed_out |
| extension | | x_extension |
| errors | | x_errors |
| info | | x_info |
| peripheral traffic | | x_peripheral_traffic |
| session request tags found | | x_session_request_tags_found_list |
| session response tags found | | x_session_response_tags_found_list |
| session tags used | | x_session_tags_used_list |
| stateless | | x_stateless |
| matching a session tag locator | | x_matching_a_session_tag_locator |
| missing X-Forwarded-For session tag locator | | x_missing_x_forwarded_for_session_tag_locator |
| session tags collision | | x_session_tags_collision_list |
| session tag multi value | | x_session_tag_multi_value |
| session tag collision | | x_session_tag_collision |
| session tag group collision | | x_session_tag_group_collision |
| custom gzip | | x_custom_gzip |
| custom usernamepw | | x_custom_usernamepw |
| custom pw username | | x_custom_pw_username |
| historical custom fields | | x_historical_custom_fields |
Sawmill stores the following numerical fields in its database for Coradiant TrueSight (data objects), aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
| events | | events |
| page views | | page_views |
| unique client IPs | | unique_client_ips |
| server-to-client bytes | | sc_bytes |
| througput | | x_throughput |
| average_x_throughput | | average_x_throughput |
| TCP RTT | | x_tcp_rtt |
| average_x_tcp_rtt | | average_x_tcp_rtt |
| TCP OOO | | x_tcp_ooo |
| average_x_tcp_ooo | | average_x_tcp_ooo |
| TCP retries | | x_tcp_retrx |
| average_x_tcp_retrx | | average_x_tcp_retrx |
| SSL time | | x_ssl_time |
| average_x_ssl_time | | average_x_ssl_time |
| end-to-end time | | x_e2e_time |
| average_x_e2e_time | | average_x_e2e_time |
| process time | | x_process_time |
| average_x_process_time | | average_x_process_time |
| network time | | x_network_time |
| average_x_network_time | | average_x_network_time |
| NW error count | | x_nw_error_count |
| average_x_nw_error_count | | average_x_nw_error_count |
| CL error count | | x_cl_error_count |
| average_x_cl_error_count | | average_x_cl_error_count |
| SV error count | | x_sv_error_count |
| average_x_sv_error_count | | average_x_sv_error_count |
| AP error count | | x_ap_error_count |
| average_x_ap_error_count | | average_x_ap_error_count |
| timed out | | x_timed_out |
| average_x_timed_out | | average_x_timed_out |
| CT error count | | x_ct_error_count |
| average_x_ct_error_count | | average_x_ct_error_count |
| CU error count | | x_cu_error_count |
| average_x_cu_error_count | | average_x_cu_error_count |
| TCP packet count | | x_tcp_packet_count |
| average_x_tcp_packet_count | | average_x_tcp_packet_count |
| NW info count | | x_nw_info_count |
| average_x_nw_info_count | | average_x_nw_info_count |
| CL info count | | x_cl_info_count |
| average_x_cl_info_count | | average_x_cl_info_count |
| SV info count | | x_sv_info_count |
| average_x_sv_info_count | | average_x_sv_info_count |
| AP info count | | x_ap_info_count |
| average_x_ap_info_count | | average_x_ap_info_count |
| CT info count | | x_ct_info_count |
| average_x_ct_info_count | | average_x_ct_info_count |
| CU info count | | x_cu_info_count |
| average_x_cu_info_count | | average_x_cu_info_count |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Coradiant TrueSight (data objects) reports.
Sawmill also supports 883 other log formats.