SYMANTEC GATEWAY SECURITY
Sawmill is a Symantec Gateway Security log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in Symantec Gateway Security format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Symantec Gateway Security logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Symantec Gateway Security log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Symantec Gateway Security, generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
| date/time | | date_time |
| day of week | | day_of_week |
| hour of day | | hour_of_day |
| logging device | | logging_device |
| service | | service |
| duration | | duration |
| authentication result | | authentication_result |
| ID | | id |
| sent | | sent |
| received | | received |
| bytes | | bytes |
| source interface | | source_interface |
| source IP | | source_ip |
| source port | | source_port |
| source name | | source_name |
| server source | | server_source |
| server source port | | server_source_port |
| destination interface | | destination_interface |
| destination IP | | destination_ip |
| destination port | | destination_port |
| destination name | | destination_name |
| client destination | | client_destination |
| URL | | url |
| result | | result |
| protocol | | protocol |
| rule ID | | rule_id |
| message type | | message_type |
| message | | message |
| operation | | operation |
| status | | status |
| state | | state |
| rule | | rule |
| PID | | pid |
| notes | | notes |
| adapter | | adapter |
| alert destination MAC address | | alert_destination_mac_addr |
| alert source MAC address | | alert_source_mac_addr |
| class | | class |
| consolidated message | | consolidated_message |
| count | | count |
| CVE | | cve |
| family | | family |
| flag | | flag |
| flow cookie | | flow_cookie |
| host | | host |
| interface | | interface |
| interface ID | | interface_id |
| interval | | interval |
| IP code | | ip_code |
| IP protocol | | ip_protocol |
| level | | level |
| outcome | | outcome |
| packet | | packet |
| payload left offset | | payload_left_offset |
| payload right offset | | payload_right_offset |
| policy tag | | policy_tag |
| program name | | program_name |
| reliability | | reliability |
| request | | request |
| resource | | resource |
| response | | response |
| string value | | string_value |
| title | | title |
| type | | type |
| vendor | | vendor |
| VLAN ID | | vlan_id |
| month | | month |
| user | | user |
| setting | | setting |
| key | | key |
| revision | | revision |
| domain | | domain |
| client port | | client_port |
| related ID | | related_id |
| server | | server |
| IP address | | ip_address |
| license expiry date | | license_exp_date |
| feature ID | | feature_id |
| license type | | license_type |
| product | | product |
| version | | version |
| detail | | detail |
| antivirus comfort | | av_comfort |
| antivirus scan | | av_scan |
| context data | | context_data |
| context description | | context_description |
| probable probe | | probable_probe |
| trace route TTL | | trace_route_ttl |
| command | | command |
| error number | | error_number |
| information | | information |
| length | | length |
| limit | | limit |
| message count | | message_count |
| offset | | offset |
Sawmill stores the following numerical fields in its database for Symantec Gateway Security, aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
| events | | events |
| sent | | sent |
| received | | received |
| bytes | | bytes |
| duration | | duration |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Symantec Gateway Security reports.
Sawmill also supports 1021 other log formats.