MICROSOFT IAS/NPS
Sawmill is a Microsoft IAS/NPS log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in Microsoft IAS/NPS format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Microsoft IAS/NPS logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Microsoft IAS/NPS log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Microsoft IAS/NPS, generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
|---|
| | date/time | | date_time |
| | day of week | | day_of_week |
| | hour of day | | hour_of_day |
| | server | | server |
| | service | | service |
| | hostname | | hostname |
| | domain description | | domain_description |
| | location | | location |
| | authenticated user | | authenticated_user |
| | username | | user_name |
| | NAS IP address | | nas_ip_address |
| | NAS port | | nas_port |
| | service type | | service_type |
| | framed protocol | | framed_protocol |
| | framed IP address | | framed_ip_address |
| | framed IP netmask | | framed_ip_netmask |
| | framed routing | | framed_routing |
| | filter IP | | filter_id |
| | framed MTU | | framed_mtu |
| | framed compression | | framed_compression |
| | login IP host | | login_ip_host |
| | login service | | login_service |
| | login TCP port | | login_tcp_port |
| | reply message | | reply_message |
| | callback number | | callback_number |
| | callback ID | | callback_id |
| | framed route | | framed_route |
| | framed IPX network | | framed_ipx_network |
| | class | | class |
| | vendor specific | | vendor_specific |
| | session timeout | | session_timeout |
| | idle timeout | | idle_timeout |
| | termination action | | termination_action |
| | called station ID | | called_station_id |
| | calling station ID | | calling_station_id |
| | NAS identifier | | nas_identifier |
| | login LAT service | | login_lat_service |
| | login LAT node | | login_lat_node |
| | login LAT group | | login_lat_group |
| | framed appletalk link | | framed_appletalk_link |
| | framed appletalk network | | framed_appletalk_network |
| | framed appletalk zone | | framed_appletalk_zone |
| | status type | | acct_status_type |
| | delay time | | acct_delay_time |
| | session ID | | acct_session_id |
| | authentic | | acct_authentic |
| | terminate clause | | acct_terminate_clause |
| | multi ssn ID | | acct_multi_ssn_id |
| | link count | | acct_link_count |
| | event timestamp | | event_timestamp |
| | NAS port type | | nas_port_type |
| | port limit | | port_limit |
| | login LAT port | | login_lat_port |
| | tunnel type | | tunnel_type |
| | tunnel medium type | | tunnel_medium_type |
| | tunnel client endpoint | | tunnel_client_endpt |
| | tunnel server endpoint | | tunnel_server_endpt |
| | tunnel connection | | acct_tunnel_conn |
| | password retry | | password_retry |
| | prompt | | prompt |
| | connect info | | connect_info |
| | configuration token | | configuration_token |
| | tunnel private group ID | | tunnel_pvt_group_id |
| | tunnel assignment ID | | tunnel_assignment_id |
| | tunnel preference | | tunnel_preference |
| | interim interval | | acct_interim_interval |
| | ascend | | ascend |
| | saved radius framed route | | saved_radius_framed_route |
| | client IP address | | client_ip_address |
| | RAS Client Name | | ms_ras_client_name |
| | NAS manufacturer | | nas_manufacturer |
| | ms chap error | | ms_chap_error |
| | authentication type | | authentication_type |
| | client friendly name | | client_friendly_name |
| | SAM account name | | sam_account_name |
| | fully qualified username | | fully_qualified_user_name |
| | EAP friendly name | | eap_friendly_name |
| | packet type | | packet_type |
| | source IP | | ip_source_ip |
| | source port | | ip_source_port |
| | destination IP | | ip_destination_ip |
| | destination port | | ip_destination_port |
| | NP policy name | | np_policy_name |
Sawmill stores the following numerical fields in its database for Microsoft IAS/NPS, aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
|---|
| | events | | events |
| | input octets | | acct_input_octets |
| | output octets | | acct_output_octets |
| | session time | | acct_session_time |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Microsoft IAS/NPS reports.
Sawmill also supports 1021 other log formats.
