JUNIPER SRX240
Sawmill is a Juniper SRX240 log analyzer (it also supports the 1021 other log formats listed to the left).
It can process log files
in Juniper SRX240 format, and generate dynamic statistics from them,
analyzing and reporting events.
Sawmill can parse Juniper SRX240 logs, import them into a MySQL, Microsoft SQL Server, or Oracle database (or its own built-in database),
aggregate them, and generate dynamically filtered reports, all through a web interface.
Sawmill can perform Juniper SRX240 log analysis on any platform, including Windows, Linux, FreeBSD, OpenBSD, Mac OS, Solaris, other UNIX, and others.
Sawmill stores the following non-numerical fields in its database for Juniper SRX240, generates reports for each field, and allows dynamic filtering on any combination of these fields:
| Field | | Internal Name |
| event type | | event_type |
| lsys | | lsys |
| action | | action |
| reason | | reason |
| source IP | | src_ip |
| location | | location |
| source port | | src_port |
| destination IP | | dst_ip |
| destination port | | dst_port |
| service | | service |
| source NAT IP | | src_ip_nat |
| source NAT port | | src_port_nat |
| destination NAT IP | | dst_ip_nat |
| destination NAT IP | | dst_port_nat |
| source NAT rule | | src_nat_rule |
| destination NAT rule | | dst_nat_rule |
| protocol | | protocol |
| policy name | | policy_name |
| source zone | | src_zone |
| destination zone | | dst_zone |
| session ID | | session_id |
| ICMP type | | icmp_type |
| unix-style timestamp | | timestamp |
| message | | message |
| message type | | message_type |
| rule name | | rule_name |
| rule base | | rulebase |
| repeat count | | repeat_count |
| threat severity | | threat_severity |
| Attack Name | | attack_name |
| source interface | | src_intf |
| destination interface | | dst_intf |
| packet log ID | | pktlog_id |
| nested application | | nested_application |
| incoming packet interface | | packet_incoming_interface |
| role | | role |
| username | | username |
Sawmill stores the following numerical fields in its database for Juniper SRX240, aggregating them and including them as columns in most reports:
| Numerical Field | | Internal Name |
| events | | events |
| packets from client | | packets_from_client |
| packets from server | | packets_from_server |
| inbound packets | | inbound_packets |
| outbound packets | | outbound_packets |
| bytes from client | | bytes_from_client |
| bytes from server | | bytes_from_server |
| inbound bytes | | inbound_bytes |
| outbound bytes | | outbound_bytes |
| elapsed time | | elapsed_time |
See Sawmill Features to learn more about Sawmill's options for viewing, customizing, filtering, exporting and scheduling Juniper SRX240 reports.
Sawmill also supports 1021 other log formats.