OPENBSD PACKET FILTER FIREWALL (TCPDUMP -NEQTTR)
Sawmill is a OpenBSD Packet Filter Firewall (tcpdump -neqttr) log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in OpenBSD Packet Filter Firewall (tcpdump -neqttr) format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse OpenBSD Packet Filter Firewall (tcpdump -neqttr) logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform OpenBSD Packet Filter Firewall (tcpdump -neqttr) log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for OpenBSD Packet Filter Firewall (tcpdump -neqttr), generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
|---|
| | date/time | | date_time |
| | day of week | | day_of_week |
| | hour of day | | hour_of_day |
| | rule | | rule |
| | action | | action |
| | direction | | direction |
| | interface | | interface |
| | source IP | | source_ip |
| | source port | | source_port |
| | destination IP | | destination_ip |
| | destination port | | destination_port |
| | TCP flags | | tcp_flags |
| | window size | | window_size |
| | TCP header options | | tcp_header_options |
| | don't fragment bit | | dont_fragment_bit |
| | ACK | | ack |
| | protocol | | protocol |
| | DNS query | | dns_query |
| | domain | | domain |
| | event type | | event_type |
| | service | | service |
| | Workstation IP | | workstation_ip |
| | Workstation MAC address | | workstation_mac_address |
| | XID | | xid |
| | message | | message |
| | ICMP message | | icmp_message |
| | MIB tree | | mib_tree |
| | Community string | | community_string |
| | flags | | flags |
| | length | | len |
| | client version | | client_version |
| | strat | | strat |
| | poll | | poll |
| | prec | | prec |
| | TOS | | pf_tos |
Sawmill stores the following numerical fields in its database for OpenBSD Packet Filter Firewall (tcpdump -neqttr), aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
|---|
| | events | | events |
| | bytes | | bytes |
| | duration | | duration |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling OpenBSD Packet Filter Firewall (tcpdump -neqttr) reports.
Sawmill also supports 1021 other log formats.
