Sawmill
Download Sawmill 8.8.1
30 Days Free Trial
Home Products Downloads Purchase Support About About
Sawmill Sawmill

SAWMILLPLUG-IN

ALL PLUG-INS

Sawmill has plug-ins to support the following log formats:

line
MICROSOFT WINDOWS EVENT LOG (XML)

Sawmill is a Microsoft Windows Event Log (XML) log analyzer (it also supports the 1021 other log formats listed to the left). It can process log files in Microsoft Windows Event Log (XML) format, and generate dynamic statistics from them, analyzing and reporting events. Sawmill can parse Microsoft Windows Event Log (XML) logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database), aggregate them, and generate dynamically filtered reports, all through a web interface. Sawmill can perform Microsoft Windows Event Log (XML) log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.

Sawmill stores the following non-numerical fields in its database for Microsoft Windows Event Log (XML), generates reports for each field, and allows dynamic filtering on any combination of these fields:

Field  Internal Name
   date/time  date_time
   day of week  day_of_week
   hour of day  hour_of_day
   provider_name  provider_name
   event ID  eventid
   level  level
   task  task
   keywords  keywords
   timecreated  timecreated
   eventrecordid  eventrecordid
   channel  channel
   computer  computer
   user ID  userid
   eventdata  eventdata
   renderinginfo_culture  renderinginfo_culture
   message  message
   username  user_name
   server name  server_name
   action  action
   domain  domain
   logon ID  logon_id
   logon GUID  logon_guid
   logon type  logon_type
   logon process  logon_process
   authentication package  authentication_package
   workstation name  workstation_name
   new process ID  new_process_id
   process ID  process_id
   creator process ID  creator_process_id
   image file name  image_file_name
   caller user name  caller_user_name
   caller domain  caller_domain
   caller logon ID  caller_logon_id
   caller process ID  caller_process_id
   transited services  transited_services
   source network address  source_network_address
   source port  source_port
   primary user name  primary_user_name
   primary domain  primary_domain
   primary logon ID  primary_logon_id
   handle ID  handle_id
   target account name  target_account_name
   target account ID  target_account_id
   target domain  target_domain
   privileges  privileges
   accesses  accesses
   restricted sid count  restricted_sid_count
   access mask  access_mask
   object server  object_server
   object type  object_type
   object name  object_name
   operation ID  operation_id
   client user name  client_user_name
   client domain  client_domain
   client logon ID  client_logon_id
   member name  member_name
   member ID  member_id
   server  server
   service  service

Sawmill stores the following numerical fields in its database for Microsoft Windows Event Log (XML), aggregating them and including them as columns in most reports:

Numerical Field  Internal Name
   events  events

See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Microsoft Windows Event Log (XML) reports.

Sawmill also supports 1021 other log formats.

© 2024 Flowerfire | Copyright | Privacy Policy | License Agreement | Terms of Use | Contact | Feedback | About
Sawmill Software
Sawmill Software
Back to Sawmill Home