|
Sawmill supports Symantec Security Gateways Log Format (SGS 2.0 & SEF 8.0)--it can process log files
in Symantec Security Gateways Log Format (SGS 2.0 & SEF 8.0), and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill stores the following fields in its database for Symantec Security Gateways Log Format (SGS 2.0 & SEF 8.0), generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
|---|
| | date/time | | date_time |
| | day of week | | day_of_week |
| | hour of day | | hour_of_day |
| | logging device | | logging_device |
| | service | | service |
| | message type | | message_type |
| | message | | message |
| | URL | | url |
| | file type | | file_type |
| | client destination | | client_destination |
| | source IP | | source_ip |
| | destination IP | | destination_ip |
| | source port | | source_port |
| | destination port | | destination_port |
| | source name | | source_name |
| | destination name | | destination_name |
| | source interface | | source_interface |
| | destination interface | | destination_interface |
| | server source | | server_source |
| | server source port | | server_source_port |
| | result | | result |
| | protocol | | protocol |
| | rule ID | | rule_id |
| | authentication result | | authentication_result |
| | ID | | id |
| | operation | | operation |
| | status | | status |
| | state | | state |
| | rule | | rule |
| | PID | | pid |
| | notes | | notes |
| | adapter | | adapter |
| | alert destination MAC address | | alert_destination_mac_addr |
| | alert source MAC address | | alert_source_mac_addr |
| | class | | class |
| | consolidated message | | consolidated_message |
| | count | | count |
| | CVE | | cve |
| | family | | family |
| | flag | | flag |
| | flow cookie | | flow_cookie |
| | host | | host |
| | interface | | interface |
| | interface ID | | interface_id |
| | interval | | interval |
| | IP code | | ip_code |
| | IP protocol | | ip_protocol |
| | level | | level |
| | outcome | | outcome |
| | packet | | packet |
| | payload left offset | | payload_left_offset |
| | payload right offset | | payload_right_offset |
| | policy tag | | policy_tag |
| | program name | | program_name |
| | reliability | | reliability |
| | request | | request |
| | resource | | resource |
| | response | | response |
| | string value | | string_value |
| | title | | title |
| | type | | type |
| | vendor | | vendor |
| | VLAN ID | | vlan_id |
| | user | | user |
| | setting | | setting |
| | key | | key |
| | revision | | revision |
| | domain | | domain |
| | client port | | client_port |
| | related ID | | related_id |
| | server | | server |
| | IP address | | ip_address |
| | license expiry date | | license_exp_date |
| | license type | | license_type |
| | product | | product |
| | version | | version |
| | feature ID | | feature_id |
Sawmill stores the following numerical fields in its database for Symantec Security Gateways Log Format (SGS 2.0 & SEF 8.0), aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
|---|
| | events | | events |
| | sent | | sent |
| | received | | received |
| | bytes | | bytes |
| | duration | | duration |
Sawmill also supports 601 other log formats;
see Sawmill Features
for a list containing Symantec Security Gateways Log Format (SGS 2.0 & SEF 8.0) and all the other supported formats.
| 
