|
IRONPORT C-SERIES
Sawmill is a IronPort C-Series log analyzer (it also supports the 839 other log formats listed to the left).
It can process log files
in IronPort C-Series format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse IronPort C-Series logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform IronPort C-Series log analysis on any platform, including Window, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for IronPort C-Series, generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
|---|
| | date/time | | date_time |
| | day of week | | day_of_week |
| | hour of day | | hour_of_day |
| | action | | action |
| | from | | from |
| | to | | to |
| | SBRS action | | sbrs_action |
| | SBRS list | | sbrs_list |
| | SBRS score | | sbrs_score |
| | message ID | | message_id |
| | subject | | subject |
| | antispam_result | | antispam_result |
| | antivirus result | | antivirus_result |
| | interface | | interface |
| | interface host | | interface_host |
| | address | | address |
| | reverse DNS host | | reverse_dns_host |
| | response | | response |
| | reason | | reason |
| | ICID | | icid |
| | MID | | mid |
| | RID | | rid |
| | warnings | | warning_message |
Sawmill stores the following numerical fields in its database for IronPort C-Series, aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
|---|
| | events | | events |
| | messages delivered | | messages_delivered |
| | messages queued | | messages_queued |
| | messages rejected | | messages_rejected |
| | messages aborted | | messages_aborted |
| | messages_spam_positive | | messages_spam_positive |
| | messages_virus_positive | | messages_virus_positive |
| | message deliveries aborted | | message_deliveries_aborted |
| | messages quarantined | | messages_quarantined |
| | messages delayed | | messages_delayed |
| | bytes transferred | | bytes_transferred |
| | warnings | | warnings |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling IronPort C-Series reports.
Sawmill also supports 839 other log formats.
|
