Sawmill supports Symantec Security Gateways Log Format (SGS 2.0 & SEF 8.0)--it can process log files
in Symantec Security Gateways Log Format (SGS 2.0 & SEF 8.0), and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill stores the following fields in its database for Symantec Security Gateways Log Format (SGS 2.0 & SEF 8.0), generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
| date/time | | date_time |
| day of week | | day_of_week |
| hour of day | | hour_of_day |
| logging device | | logging_device |
| service | | service |
| message type | | message_type |
| message | | message |
| URL | | url |
| file type | | file_type |
| client destination | | client_destination |
| source IP | | source_ip |
| destination IP | | destination_ip |
| source port | | source_port |
| destination port | | destination_port |
| source name | | source_name |
| destination name | | destination_name |
| source interface | | source_interface |
| destination interface | | destination_interface |
| server source | | server_source |
| server source port | | server_source_port |
| result | | result |
| protocol | | protocol |
| rule ID | | rule_id |
| authentication result | | authentication_result |
| ID | | id |
| operation | | operation |
| status | | status |
| state | | state |
| rule | | rule |
| PID | | pid |
| notes | | notes |
| adapter | | adapter |
| alert destination MAC address | | alert_destination_mac_addr |
| alert source MAC address | | alert_source_mac_addr |
| class | | class |
| consolidated message | | consolidated_message |
| count | | count |
| CVE | | cve |
| family | | family |
| flag | | flag |
| flow cookie | | flow_cookie |
| host | | host |
| interface | | interface |
| interface ID | | interface_id |
| interval | | interval |
| IP code | | ip_code |
| IP protocol | | ip_protocol |
| level | | level |
| outcome | | outcome |
| packet | | packet |
| payload left offset | | payload_left_offset |
| payload right offset | | payload_right_offset |
| policy tag | | policy_tag |
| program name | | program_name |
| reliability | | reliability |
| request | | request |
| resource | | resource |
| response | | response |
| string value | | string_value |
| title | | title |
| type | | type |
| vendor | | vendor |
| VLAN ID | | vlan_id |
| user | | user |
| setting | | setting |
| key | | key |
| revision | | revision |
| domain | | domain |
| client port | | client_port |
| related ID | | related_id |
| server | | server |
| IP address | | ip_address |
| license expiry date | | license_exp_date |
| license type | | license_type |
| product | | product |
| version | | version |
| feature ID | | feature_id |
Sawmill stores the following numerical fields in its database for Symantec Security Gateways Log Format (SGS 2.0 & SEF 8.0), aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
| events | | events |
| sent | | sent |
| received | | received |
| bytes | | bytes |
| duration | | duration |
Sawmill also supports 601 other log formats;
see Sawmill Features
for a list containing Symantec Security Gateways Log Format (SGS 2.0 & SEF 8.0) and all the other supported formats.
|