PALO ALTO NETWORKS FIREWALL (INTEGRATED THREAT & TRAFFIC)
Sawmill is a Palo Alto Networks Firewall (Integrated Threat & Traffic) log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in Palo Alto Networks Firewall (Integrated Threat & Traffic) format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Palo Alto Networks Firewall (Integrated Threat & Traffic) logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Palo Alto Networks Firewall (Integrated Threat & Traffic) log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Palo Alto Networks Firewall (Integrated Threat & Traffic), generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
|---|
| | date/time | | date_time |
| | hour of day | | hour_of_day |
| | day of week | | day_of_week |
| | serial number | | serial_number |
| | type | | type |
| | sub type | | sub_type |
| | source IP | | source_ip |
| | destination IP | | destination_ip |
| | NAT source IP | | nat_source_ip |
| | NAT destination IP | | nat_destination_ip |
| | rule name | | rule_name |
| | source user | | source_user |
| | destination user | | destination_user |
| | application | | application |
| | virtual system | | virtual_system |
| | source zone | | source_zone |
| | destination zone | | destination_zone |
| | ingress interface | | ingress_interface |
| | egress interface | | egress_interface |
| | log forwarding profile | | log_forwarding_profile |
| | source port | | source_port |
| | destination port | | destination_port |
| | NAT source port | | nat_source_port |
| | NAT destination port | | nat_destination_port |
| | flags | | flags |
| | protocol | | protocol |
| | action | | action |
| | category | | category |
| | action flags | | action_flags |
| | source location | | source_location |
| | destination location | | destination_location |
| | content type | | content_type |
| | page | | page |
| | user | | user |
Sawmill stores the following numerical fields in its database for Palo Alto Networks Firewall (Integrated Threat & Traffic), aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
|---|
| | events | | events |
| | page views | | page_views |
| | bytes | | bytes |
| | packets | | packets |
| | elapsed time | | elapsed_time |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Palo Alto Networks Firewall (Integrated Threat & Traffic) reports.
Sawmill also supports 1021 other log formats.
