MICROSOFT FOREFRONT THREAT MANAGEMENT GATEWAY
Sawmill is a Microsoft Forefront Threat Management Gateway log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in Microsoft Forefront Threat Management Gateway format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Microsoft Forefront Threat Management Gateway logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Microsoft Forefront Threat Management Gateway log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
The database fields available in this log format are defined in the log data; Sawmill extracts the names and types of the fields from the log data, and tracks all available fields in its reports. Sawmill generates reports for each field, and allows dynamic filtering on any combination of these fields.
Sawmill stores the following numerical fields in its database for Microsoft Forefront Threat Management Gateway, aggregating them and including them as columns in most reports:
|Numerical Field|| ||Internal Name|
| ||events|| ||events|
| ||client-to-server bytes|| ||cs_bytes|
| ||server-to-client bytes|| ||sc_bytes|
| ||time taken|| ||time_taken|
| ||bytes sent|| ||bytes_sent|
| ||bytes sent (intermediate)|| ||bytes_sent_intermediate|
| ||bytes received|| ||bytes_received|
| ||bytes received (intermediate)|| ||bytes_received_intermediate|
| ||connection time|| ||connection_time|
| ||connection time (intermediate)|| ||connection_time_intermediate|
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Microsoft Forefront Threat Management Gateway reports.
Sawmill also supports 1021 other log formats.