DORIAN EVENT ARCHIVER
Sawmill is a Dorian Event Archiver log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in Dorian Event Archiver format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Dorian Event Archiver logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Dorian Event Archiver log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Dorian Event Archiver, generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
| date/time | | date_time |
| hour of day | | hour_of_day |
| day of week | | day_of_week |
| source | | source |
| event code | | event_code |
| event type | | event_type |
| category | | category |
| username | | user_name |
| computer name | | computer_name |
| action | | action |
| error code | | error_code |
| message | | message |
| authentication package | | authentication_package |
| client domain | | client_domain |
| client logon ID | | client_logon_id |
| client user name | | client_user_name |
| domain | | domain |
| handle ID | | handle_id |
| image file name | | image_file_name |
| logon GUID | | logon_guid |
| logon ID | | logon_id |
| logon process | | logon_process |
| logon type | | logon_type |
| object name | | object_name |
| object server | | object_server |
| object type | | object_type |
| operation ID | | operation_id |
| primary domain | | primary_domain |
| primary logon ID | | primary_logon_id |
| primary user name | | primary_user_name |
| process ID | | process_id |
| reason | | reason |
| source network address | | source_network_address |
| source port | | source_port |
| target domain | | target_domain |
| target logon GUID | | target_logon_guid |
| target server info | | target_server_info |
| target server name | | target_server_name |
| target user name | | target_user_name |
| transited services | | transited_services |
| credentialed user | | user_whose_credentials_were_used |
| workstation name | | workstation_name |
| access mask | | access_mask |
| restricted sid count | | restricted_sid_count |
| server name | | server_name |
| member name | | member_name |
| member ID | | member_id |
| caller user name | | caller_user_name |
| caller domain | | caller_domain |
| caller logon ID | | caller_logon_id |
| caller process ID | | caller_process_id |
| new process ID | | new_process_id |
| creator process ID | | creator_process_id |
Sawmill stores the following numerical fields in its database for Dorian Event Archiver, aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
| events | | events |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Dorian Event Archiver reports.
Sawmill also supports 1021 other log formats.