SECURE COMPUTING CORPORATION SECURE FIREWALL (SIDEWINDER)
Sawmill is a Secure Computing Corporation Secure Firewall (Sidewinder) log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in Secure Computing Corporation Secure Firewall (Sidewinder) format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Secure Computing Corporation Secure Firewall (Sidewinder) logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Secure Computing Corporation Secure Firewall (Sidewinder) log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Secure Computing Corporation Secure Firewall (Sidewinder), generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
| fac | | fac |
| area | | area |
| type | | type |
| priority | | pri |
| source IP | | srcip |
| location | | location |
| source port | | srcport |
| src burb | | srcburb |
| destination IP | | dstip |
| destination port | | dstport |
| destination burb | | dstburb |
| protocol name | | protocolname |
| PID | | pid |
| RUID | | ruid |
| EUID | | euid |
| PGID | | pgid |
| FID | | fid |
| log ID | | logid |
| command | | cmd |
| domain | | domain |
| e domain | | edomain |
| protocol | | protocol |
| service name | | service_name |
| status | | status |
| net session ID | | netsessid |
| request_command | | request_command |
| interface | | interface |
| agent type | | agent_type |
| username | | user_name |
| authentication method | | auth_method |
| ACL ID | | acl_id |
| cache hit | | cache_hit |
| ACL position | | acl_position |
| URL | | url |
| request status | | request_status |
| information | | information |
| CPU data | | cpu_data |
| destination hostname | | dsthostname |
| file | | file |
| file domain | | filedom |
| file type | | filetyp |
| load data | | load_data |
| MBUF data | | mbuf_data |
| operation | | op |
| originator domain | | originator_domain |
| permission granted | | permgranted |
| permission wanted | | permwanted |
| real data | | real_data |
| reason | | reason |
| recipient domain | | recipient_domain |
| result | | result |
| rule name | | rule_name |
| source domain | | srcdmn |
| source hostname | | srchostname |
| source service | | srcservice |
| target domain | | tgtdmn |
| UDB action | | udb_action |
| UDB admin | | udb_admin |
| UDB class | | udb_class |
| UDB user | | udb_user |
| virtual data | | virt_data |
Sawmill stores the following numerical fields in its database for Secure Computing Corporation Secure Firewall (Sidewinder), aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
| events | | events |
| visitors | | visitors |
| bytes written to client | | bytes_written_to_client |
| bytes written to server | | bytes_written_to_server |
| bytes sent | | sentbyte |
| bytes received | | rcvdbyte |
| packets in | | ipkt |
| packets out | | opkt |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Secure Computing Corporation Secure Firewall (Sidewinder) reports.
Sawmill also supports 1021 other log formats.