|
SYMANTEC SECURITY GATEWAYS LOG FORMAT (SGS 2.0/3.0 & SEF 8.0)
Sawmill is a Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0) log analyzer (it also supports the 843 other log formats listed to the left).
It can process log files
in Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0) format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0) logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0) log analysis on any platform, including Window, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0), generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
|---|
| | date/time | | date_time |
| | day of week | | day_of_week |
| | hour of day | | hour_of_day |
| | logging device | | logging_device |
| | service | | service |
| | duration | | duration |
| | authentication result | | authentication_result |
| | ID | | id |
| | sent | | sent |
| | received | | received |
| | bytes | | bytes |
| | source interface | | source_interface |
| | source IP | | source_ip |
| | source port | | source_port |
| | source name | | source_name |
| | server source | | server_source |
| | server source port | | server_source_port |
| | destination interface | | destination_interface |
| | destination IP | | destination_ip |
| | destination port | | destination_port |
| | destination name | | destination_name |
| | client destination | | client_destination |
| | URL | | url |
| | result | | result |
| | protocol | | protocol |
| | rule ID | | rule_id |
| | message type | | message_type |
| | message | | message |
| | operation | | operation |
| | status | | status |
| | state | | state |
| | rule | | rule |
| | PID | | pid |
| | notes | | notes |
| | adapter | | adapter |
| | alert destination MAC address | | alert_destination_mac_addr |
| | alert source MAC address | | alert_source_mac_addr |
| | class | | class |
| | consolidated message | | consolidated_message |
| | count | | count |
| | CVE | | cve |
| | family | | family |
| | flag | | flag |
| | flow cookie | | flow_cookie |
| | host | | host |
| | interface | | interface |
| | interface ID | | interface_id |
| | interval | | interval |
| | IP code | | ip_code |
| | IP protocol | | ip_protocol |
| | level | | level |
| | outcome | | outcome |
| | packet | | packet |
| | payload left offset | | payload_left_offset |
| | payload right offset | | payload_right_offset |
| | policy tag | | policy_tag |
| | program name | | program_name |
| | reliability | | reliability |
| | request | | request |
| | resource | | resource |
| | response | | response |
| | string value | | string_value |
| | title | | title |
| | type | | type |
| | vendor | | vendor |
| | VLAN ID | | vlan_id |
| | month | | month |
| | user | | user |
| | setting | | setting |
| | key | | key |
| | revision | | revision |
| | domain | | domain |
| | client port | | client_port |
| | related ID | | related_id |
| | server | | server |
| | IP address | | ip_address |
| | license expiry date | | license_exp_date |
| | feature ID | | feature_id |
| | license type | | license_type |
| | product | | product |
| | version | | version |
| | detail | | detail |
| | antivirus comfort | | av_comfort |
| | antivirus scan | | av_scan |
| | context data | | context_data |
| | context description | | context_description |
| | probable probe | | probable_probe |
| | trace route TTL | | trace_route_ttl |
| | command | | command |
| | error number | | error_number |
| | information | | information |
| | length | | length |
| | limit | | limit |
| | message count | | message_count |
| | offset | | offset |
Sawmill stores the following numerical fields in its database for Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0), aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
|---|
| | events | | events |
| | sent | | sent |
| | received | | received |
| | bytes | | bytes |
| | duration | | duration |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0) reports.
Sawmill also supports 843 other log formats.
|
