CLAVISTER FIREWALL (WITH SYSLOG)
Sawmill is a Clavister Firewall (with syslog) log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in Clavister Firewall (with syslog) format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Clavister Firewall (with syslog) logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Clavister Firewall (with syslog) log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Clavister Firewall (with syslog), generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
| URL | | url |
| uptime | | uptime |
| UDP data length | | udptotlen |
| TCP header length | | tcphdrlen |
| SYN | | syn |
| startup | | startup |
| source port | | srcport |
| source IP | | srcip |
| source | | src |
| shutdown | | shutdown |
| SES | | ses |
| rule | | rule |
| RST | | rst |
| receiver interface | | recvif |
| reason | | reason |
| PSH | | psh |
| priority | | prio |
| previous shutdown | | previous_shutdown |
| peer | | peer |
| IP protocol | | ipproto |
| IP data length | | ipdatalen |
| ICMP type | | icmptype |
| FIN | | fin |
| file size | | filesize |
| file | | file |
| ECHO sequence | | echoseq |
| ECHO ID | | echoid |
| destination port | | destport |
| destination IP | | destip |
| destination | | dest |
| demonstration mode | | demo |
| delay | | delay |
| core version | | corever |
| source port | | connsrcport |
| source IP | | connsrcip |
| source ping ID | | connsrcid |
| receiving interface | | connrecvif |
| IP protocol | | connipproto |
| destination port | | conndestport |
| destination IP | | conndestip |
| destination interface | | conndestif |
| destination ping ID | | conndestid |
| connection | | conn |
| config file version | | cfgver |
| config file used | | cfgfile |
| bi direction | | bidir |
| algsesid | | algsesid |
| algmod | | algmod |
| action | | action |
| ACK | | ack |
| ARP message type | | arp |
| destination network | | destenet |
| destination mac address | | hwdest |
| sender mac address | | hwsender |
| ip | | ip |
| size | | size |
| source network | | srcenet |
| VPN tunnel | | vpntunnel |
Sawmill stores the following numerical fields in its database for Clavister Firewall (with syslog), aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
| event | | event |
| data sent (server) | | termsent |
| data sent (client) | | origsent |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Clavister Firewall (with syslog) reports.
Sawmill also supports 1021 other log formats.