CYBERGUARD FIREWALL AUDIT(NON-WELF)
Sawmill is a CyberGuard Firewall Audit(non-WELF) log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in CyberGuard Firewall Audit(non-WELF) format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse CyberGuard Firewall Audit(non-WELF) logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform CyberGuard Firewall Audit(non-WELF) log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for CyberGuard Firewall Audit(non-WELF), generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
| action | | action |
| protocol | | protocol |
| ICMP type | | icmp_type |
| source host | | src_host |
| destination host | | dst_host |
| source port | | srcport |
| destination port | | dstport |
| source interface | | srcintfc |
| destination interface | | dstintfc |
Sawmill stores the following numerical fields in its database for CyberGuard Firewall Audit(non-WELF), aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
| events | | events |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling CyberGuard Firewall Audit(non-WELF) reports.
Sawmill also supports 1021 other log formats.