JUNIPER SRX3400
Sawmill is a Juniper SRX3400 log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in Juniper SRX3400 format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Juniper SRX3400 logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Juniper SRX3400 log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Juniper SRX3400, generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
| event type | | event_type |
| lsys | | lsys |
| action | | action |
| reason | | reason |
| source IP | | src_ip |
| location | | location |
| source port | | src_port |
| destination IP | | dst_ip |
| destination port | | dst_port |
| service | | service |
| source NAT IP | | src_ip_nat |
| source NAT port | | src_port_nat |
| destination NAT IP | | dst_ip_nat |
| destination NAT IP | | dst_port_nat |
| source NAT rule | | src_nat_rule |
| destination NAT rule | | dst_nat_rule |
| protocol | | protocol |
| policy name | | policy_name |
| source zone | | src_zone |
| destination zone | | dst_zone |
| session ID | | session_id |
| ICMP type | | icmp_type |
| unix-style timestamp | | timestamp |
| message | | message |
| message type | | message_type |
| rule name | | rule_name |
| rule base | | rulebase |
| repeat count | | repeat_count |
| threat severity | | threat_severity |
| Attack Name | | attack_name |
| source interface | | src_intf |
| destination interface | | dst_intf |
| packet log ID | | pktlog_id |
| nested application | | nested_application |
| incoming packet interface | | packet_incoming_interface |
| role | | role |
| username | | username |
Sawmill stores the following numerical fields in its database for Juniper SRX3400, aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
| events | | events |
| packets from client | | packets_from_client |
| packets from server | | packets_from_server |
| inbound packets | | inbound_packets |
| outbound packets | | outbound_packets |
| bytes from client | | bytes_from_client |
| bytes from server | | bytes_from_server |
| inbound bytes | | inbound_bytes |
| outbound bytes | | outbound_bytes |
| elapsed time | | elapsed_time |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Juniper SRX3400 reports.
Sawmill also supports 1021 other log formats.