JUNIPER IDP
Sawmill is a Juniper IDP log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in Juniper IDP format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Juniper IDP logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Juniper IDP log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Juniper IDP, generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
| record ID | | record_id |
| domain | | domain |
| device ip | | device_ip |
| category | | cat |
| attack | | attack |
| source zone | | source_zone |
| source interface | | source_interface |
| source IP | | source_ip |
| source port | | source_port |
| NAT source IP | | nat_source_ip |
| NAT source port | | nat_source_port |
| destination zone | | destination_zone |
| destination interface | | destination_interface |
| destination IP | | destination_ip |
| destination port | | destination_port |
| NAT destination IP | | nat_destination_ip |
| NAT destination port | | nat_destination_port |
| protocol | | protocol |
| rule_ver | | rule_ver |
| policy | | policy |
| rule_base | | rule_base |
| rule number | | rule_number |
| action | | action |
| alert | | alert |
| packet data | | packet_data |
| var_enum | | var_enum |
| miscellaneous | | miscellaneous |
| user | | user |
| application | | app |
| URI | | uri |
| location | | location |
Sawmill stores the following numerical fields in its database for Juniper IDP, aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
| accesses | | accesses |
| bytes in | | inbytes |
| bytes out | | outbytes |
| total bytes | | total_bytes |
| repeat count | | repeat_count |
| unique source IPs | | unique_source_ips |
| duration | | duration |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Juniper IDP reports.
Sawmill also supports 1021 other log formats.