MICROSOFT IAS (XML)
Sawmill is a Microsoft IAS (XML) log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in Microsoft IAS (XML) format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Microsoft IAS (XML) logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Microsoft IAS (XML) log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Microsoft IAS (XML), generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
| date/time | | date_time |
| day of week | | day_of_week |
| hour of day | | hour_of_day |
| authentic | | acct_authentic |
| session ID | | acct_session_id |
| status type | | acct_status_type |
| terminate cause | | acct_terminate_cause |
| authentication type | | authentication_type |
| called station ID | | called_station_id |
| calling station ID | | calling_station_id |
| cisco AV pair | | cisco_av_pair |
| class | | class |
| client friendly name | | client_friendly_name |
| client IP address | | client_ip_address |
| client vendor | | client_vendor |
| computer name | | computer_name |
| EAP friendly name | | eap_friendly_name |
| event source | | event_source |
| framed IP address | | framed_ip_address |
| framed MTU | | framed_mtu |
| fully qualified user name | | fully_qualifed_user_name |
| MS extended quarantine state | | ms_extended_quarantine_state |
| MS link drop time limit | | ms_link_drop_time_limit |
| MS link utilization threshold | | ms_link_utilization_threshold |
| MS quarantine state | | ms_quarantine_state |
| NAS identifier | | nas_identifier |
| NAS IP address | | nas_ip_address |
| NAS port | | nas_port |
| NAS port type | | nas_port_type |
| NP policy name | | np_policy_name |
| packet type | | packet_type |
| provider type | | provider_type |
| proxy policy name | | proxy_policy_name |
| quarantine update non compliant | | quarantine_update_non_compliant |
| reason code | | reason_code |
| SAM account name | | sam_account_name |
| service type | | service_type |
| session timeout | | session_timeout |
| tunnel medium type | | tunnel_medium_type |
| tunnel private group ID | | tunnel_pvt_group_id |
| tunnel type | | tunnel_type |
| username | | user_name |
| vendor specific | | vendor_specific |
Sawmill stores the following numerical fields in its database for Microsoft IAS (XML), aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
| events | | events |
| input octets | | acct_input_octets |
| output octets | | acct_output_octets |
| input packets | | acct_input_packets |
| output packets | | acct_output_packets |
| delay time | | acct_delay_time |
| session time | | acct_session_time |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Microsoft IAS (XML) reports.
Sawmill also supports 1021 other log formats.