|
Sawmill is a powerful, hierarchical log analysis tool that runs on every major
platform. It is particularly well suited to web server logs, but can process
almost any log. The reports that Sawmill generates are hierarchical, attractive,
and heavily cross-linked for easy navigation. Complete documentation is built
directly into the program.
Here are just a few of the major features of Sawmill:
|
| Sawmill presents an intuitive user interface, which leads
you through every step of browsing your log file's statistics. Using an
interview format, it asks questions when it needs information, so you only
have to deal with the configuration options which are relevant to the task
at hand. Statistics pages are full of links to related information,
organized intuitively so you can get to the information you want with a
minimal number of clicks. A powerful hierarchical optimization feature
automatically reorganizes the hierarchy to increase the amount of useful
information on each page.
|
|
|
| The manual for Sawmill is built right into the CGI program, so it's always at
your fingertips as you use the program. Throughout the HTML interface, there are
links to relevant sections of the online documentation, and wherever a
configuration option is mentioned, or a value is requested for it, there is a
link to that option's documentation page. You can browse the documentation by
running any copy of Sawmill. |
| Sawmill statistics are "live," for unparalleled flexibility
while viewing the statistics. Sawmill shows you a collection of interlinked
web pages which allow rapid navigation of the entire range of your log
statistics. Convenient links and menus right on the statistics pages let you
zoom in, set up real-time filters, show and hide columns of the tables and
other view elements, sort the data however you want, and much more.
|
|
|
|
- Analyze subsets of your data by the use of filters
For example you can retain only hits from external sources for analysis.
- Analyze relationships between fields in your log
For example Sawmill not only identifies key information such as which referrers are search engines or what search terms bring customers to your website. It can analyze relationships such as which search terms were used in search engines that brought hits on your website.
|
| Sawmill's statistics are attractive. The tables are colored
for easy reading, and the graphs are designed to be easily readable. You'll be
able to take the reports right out of Sawmill and show them to your boss, or
your investors, or anyone else, without having to reformat them to make them
look good -- they already look good.
|
| Sawmill stores your statistics in an optimized database.
This database can be incrementally updated as new log files arrive, and old
data can be periodically expired from the database. Sawmill generates
reports directly from the database; it does this so quickly (just a few
seconds) that you can browse through your statistics in real time, asking
for new views of your data with every click, and receiving the information
you want almost instantly.
|
|
|
| Since Sawmill generates a new "report" every time you click the mouse, it has
been heavily optimized for speed. Most pages load in less than five seconds, so
you won't be waiting for your statistics. There is no limit to the amount of
data Sawmill can analyze, and even really huge datasets (gigabytes of log data)
can be browsed in real time. |
| Sawmill is extremely easy to install. For Windows or MacOS, just run the
installer and launch the program. For UNIX, just tar/gunzip it and run the
executable. Sawmill starts its built-in web server, and you're ready to start
using it immediately. Or if you want to run it as a CGI program, you can drop
the executable in the CGI directory of your web server, and start using it
immediately from your favorite web browser. We will also install it for free on
any Internet-connected UNIX-type system. |
| Sawmill is highly configurable using a large set of
configuration options. These options can be set through the graphical user
interface from any web browser. The options let you choose which views are
available (or you can create your own custom views), what types of
information are tracked, which log entries are filtered out, what the
statistics look like, and much, much more.
|
|
|
Sawmill runs on all major platforms. There are currently versions for the
following platforms:
- An x86/Pentium system running Windows (95, 98, ME, NT, 2000, XP, or 2003)
- An x86/Pentium system running Linux
- An x86/Pentium system running FreeBSD
- An x86/Pentium system running OpenBSD
- An x86/Pentium system running BSD/OS
- An x86/Pentium system running Solaris
- A Macintosh running MacOS X
- A Sun workstation running Solaris
- A Sun workstation running Linux
- An Alpha workstation running Digital UNIX
- An Alpha workstation running Linux
- An IBM workstation running AIX
- An HP workstation running HP/UX
Source code is also available (obfuscated), so Sawmill can be compiled and run on
any system with a C++ compiler.
If you are interested in seeing Sawmill on any other platforms, send mail to
sawmill@flowerfire.com.
Sawmill supports 828 log formats:
- 3Com Office Connect / WinSyslog
- AboCom VPN Firewall FW550
- Active PDF
- Aladdin Esafe Gateway
- Aladdin eSafe Mail
- Aladdin eSafe Sessions (with URL category)
- Aladdin eSafe Sessions
- Aladdin eSafe Sessions Log Format v5
- Amavis
- Amavis Log Format (BETA)*
- Annex Term Server
- Annex Term Server (BETA)*
- Anti-Spam SMTP Proxy (ASSP)
- Apache Custom
- Apache Error
- Apache SSL Request
- Apache/NCSA Combined Format With Cookie Last
- Apache/NCSA Combined Format With Server Domain After Agent
- Apache/NCSA Combined Format With Server Domain After Date
- Apache/NCSA Combined Format With Server Domain After Host
- Apache/NCSA Combined Format With Server Domain After Size (e.g. 1&1, Puretec)
- Apache/NCSA Combined Format With Server Domain Before Host
- Apache/NCSA Combined Format With Visitor Cookie
- Apache/NCSA Combined Format With WebTrends Cookie
- Apache/NCSA Combined
- Apache/NCSA Combined Log Format (BETA)*
- Apache/NCSA Combined Log Format with Syslog
- Apache/NCSA Common Agent
- Apple File Service
- AppleShare IP
- Applied Identity WELF
- Arcserve NT
- Argosoft Mail Server
- Argosoft Mail Server Log Format (BETA)*
- Argosoft Mail Server Log Format (with dd-mm-yyyy dates)
- Argosoft Mail Server Log Format (with dd-mm-yyyy dates) (BETA)*
- Argus
- Array 500 Combined
- Aruba 800 Wireless LAN Switch
- Ascend
- AscenLink
- AscenLink Log Format (BETA)*
- AspEmail (Active Server Pages Component for Email)
- Astaro
- Atom
- AutoAdmin
- AutoAdmin Log Format (BETA)*
- Autodesk Network License Manager (FlexLM)
- Aventail Client/server Access
- Aventail Web Access
- Backup Exec
- Backup Exec Log Format (BETA)*
- Barracuda Spam Firewall - Syslog
- Barracuda Spam Firewall - Syslog (BETA)*
- Barracuda Spyware Firewall / Web Filter
- Barrier Group
- BDS FTP
- BEA WebLogic
- BeatBox Hits Log Format (default)
- Bind 9 Log Format (Syslog required)
- Bind 9 Query
- Bind 9 Query Log Format (with timestamp)
- Bind 9 Update Log Format (with timestamp)
- Bind Query
- Bind Query Log Format With Timestamp
- Bind Response Checks
- Bind Security
- Bindview Reporting
- Bindview User Logins
- Bindview Windows Event
- Bintec VPN 25 or XL
- Bintec VPN 25 or XL (BETA)*
- BitBlock
- Blue Coat Custom
- Blue Coat Instant Messenger
- Blue Coat
- Blue Coat Log Format (Alternate)
- Blue Coat RealMedia
- Blue Coat Squid
- Blue Coat W3C Log Format (ELFF)
- Blue Coat Windows Media
- Bomgar Box
- Borderware
- Borderware runstats
- bpft traflog
- bpft4
- bpft4 Log Format (with interface)
- BroadVision Error
- BroadVision Observation
- BroadWeb NetKeeper
- Bulletproof/G6 FTP Log Format (dd/mm/yy dates, 24-hour times)
- Bulletproof/G6 FTP Log Format (dd/mm/yyyy dates)
- Bulletproof/G6 FTP Log Format (dd/mm/yyyy dates, 24 hour times)
- Bulletproof/G6 FTP Log Format (mm/dd/yy dates)
- Bulletproof/G6 FTP Log Format (mm/dd/yyyy dates)
- Bulletproof/G6 FTP Log Format (yyyy/mm/dd dates)
- Bulletproof/G6 FTP Sessions
- Centrinity FirstClass (m/d/yyyy)
- Centrinity FirstClass
- Check Point SNMP
- Cisco 3750
- Cisco 827 Log Format (Kiwi, Full Dates, Tabs)
- Cisco Access Control Server
- Cisco Access Register
- Cisco ACNS log w/ SmartFilter
- Cisco As5300
- Cisco As5300 Log Format (BETA)*
- Cisco CE Common
- Cisco CE
- Cisco EMBLEM
- Cisco IDS Netranger
- Cisco IPS
- Cisco NetFlow
- Cisco NetFlow (flow-export)
- Cisco NetFlow (FlowTools ASCII Export)
- Cisco NetFlow (no dates)
- Cisco NetFlow (version 1)
- Cisco NetFlow Binary (DAT) Log Format (SUPPORTED ONLY AFTER ASCII EXPORT)
- Cisco PIX/ASA/Router/Switch
- Cisco PIX/ASA/Router/Switch Log Format (BETA)*
- Cisco PIX/IOS
- Cisco Router Log Format (no syslog)
- Cisco Router Log Format (Using Syslog Server)
- Cisco SCA
- Cisco Secure Server (RAS Access)
- Cisco SOHO77
- Cisco Voice Router
- Cisco VPN Concentrator
- Cisco VPN Concentrator (Comma separated - MMDDYYYY)
- Cisco VPN Concentrator (Comma-delimited)
- Cisco VPN Concentrator Syslog
- Cisco Wide Area Application Services (WAAS) TCP Proxy
- CiscoVPNConcentratorAlt
- CiscoWorks Syslog Server Format
- Citrix Firewall Manager Syslog
- Citrix NetScaler
- ClamAV
- Clavister Firewall Binary Log Format (SUPPORTED ONLY AFTER FWLoggqry.exe EXPORT)
- Clavister Firewall
- Clavister Firewall Log Format (CSV)
- Clavister Firewall Syslog
- Click To Meet
- Cognos Powerplay Enterprise Server
- Cognos Ticket Server
- ColdFusion Application
- ColdFusion Application Log Format (CSV)
- ColdFusion Web Server
- Combined Proxy
- Common Access
- Common Access Log Format (Claranet)
- Common Access Log Format (WebSTAR)
- Common Access Log Format, with full URLs
- Common Error
- Common Proxy
- Common Referrer
- Communigate
- Communigate Pro
- Communigate Pro Log Format (BETA)*
- Complete Syslog Messages (report full syslog message in one field)
- Coradiant Log Format (object tracking)
- Coradiant TrueSight Log Format (object tracking) v2.0
- CP Secure Content Security Gateway
- Critical Path Mail Server POP/IMAP
- Critical Path Mail Server SMTP
- Cron
- CSV (Generic Comma-Separated Values)
- CWAT Alert
- CWAT
- Cyberguard Firewall (non-WELF) Audit
- Cyberguard WELF
- Dade Behring User Account Format (With Duration)
- Dade Behring User
- DansGuardian 2.2
- DansGuardian 2.4
- DansGuardian 2.9
- DansGuardian 2.9 Log Format (BETA)*
- Datagram Syslog Format
- Datagram SyslogAgent
- Declude SPAM
- Declude Virus
- Digital Insight Magnet
- DLink DI-804HV Ethernet Broadband VPN Router
- Domino Access
- Domino Agent
- Domino Error
- Dorian Event Archiver (Windows Event Log) Format
- Dovecot Secure IMAP/POP3 Server
- du Disk Usage Tracking Format (find /somedir -type f | xargs du)
- du Disk Usage Tracking Format (find updatetest -type f | xargs du) (BETA)*
- Easy Lender - Login Audit - Comma Separated
- EIMS Error
- EIMS Error Log Format (BETA)*
- EIMS SMTP (12 hour)
- EIMS SMTP (24 hour)
- EmailCatcher
- Essbase
- Event Reporter Logs (version 7)
- Event Reporter v6
- Eventlog to Syslog Format
- Exim 4
- Exim 4 Log Format (BETA)*
- Exim
- EZProxy
- FastHosts
- FedEx Tracking
- Filemaker 3
- Filemaker
- FileZilla Server (d/m/yyyy)
- FileZilla Server (m/d/yyyy)
- Firebox
- Firepass
- Firepass Log Format (BETA)*
- FirePass SSL VPN
- Firewall-1 (fw log -ftn export)
- Firewall-1 (fw log export)
- Firewall-1 (fw logexport export)
- Firewall-1 Log Viewer 4.1 Export
- Firewall-1 Next Generation Full Log Format (text export)
- Firewall-1 Next Generation General Log Format (text export)
- Firewall-1 NG (text export)
- Firewall-1 Text Export
- Firewall1 Webtrends Log Format
- FirstClass Server
- Fiserv Financial Easy Lender - Unsuccessful Login Audit
- Flash FSP
- Flash Media Server
- Flex/JRun*
- Flex/JRun
- FortiGate Comma Separated
- FortiGate
- FortiGate Log Format (BETA)*
- FortiGate Space Separated
- FortiGate Traffic
- Fortinet Log Format (syslog required)
- Foundry Networks BigIron
- Foundry Networks
- Free Radius
- FusionBot
- Gauntlet
- Gauntlet Log Format (yyyy-mm-dd dates)
- Gene6 FTP W3C
- GFI Attachment & Content
- GFI Spam
- GMS POP
- GMS POST
- GMS SMTP
- GNAT Box Log Format (Syslog Required)
- GNAT Box Syslogger (v1.3) Syslog
- Google
- GroupWise Internet Agent Accounting Log Format (2-digit years)
- GroupWise Internet Agent Accounting Log Format (4-digit years)
- GroupWise Post Office Agent
- Groupwise Web Access Log Format (dd/mm/yy)
- Groupwise Web Access Log Format (mm/dd/yy)
- GTA GBWare
- Guardix Log Format (IPFW)
- GW Guardian Antivirus
- GW Guardian Spam
- Helix Universal Server (Style 5)
- Helix Universal Server
- hMailserver
- Hosting.com
- htdig
- IAS Alternate
- IAS Comma-Separated
- IAS Comma-Separated Log Format (BETA)*
- IAS
- IBM HTTP Server
- IBM Tivoli Access Manager
- IBM Tivoli Access Manager WebSEAL
- IBM Tivoli Access Manager WebSEAL Log Format (BETA)*
- IBM Tivoli NetView
- IceCast Alternate
- IceCast
- IIS Extended (W3C) Web Server
- IIS Extended
- IIS FTP Server
- IIS
- IIS Log Format (dd/mm/yy dates)
- IIS Log Format (dd/mm/yyyy dates)
- IIS Log Format (mm/dd/yyyy dates)
- IIS Log Format (yy/mm/dd dates)
- IIS SMTP Comma Separated*
- IIS SMTP Comma Separated
- IIS SMTP Common
- IIS SMTP W3C
- IIS SMTP W3C Log Format (BETA)*
- IMail (7/8)
- Imail Header
- iMail
- iMail Log Format, Alternate
- InfiNet
- Ingate Firewall
- INN News
- INN News Log Format (Alternate)
- Instagate
- Intel NetStructure VPN Gateway
- Intermapper Event
- Intermapper Event Log Format (BETA)*
- Intermapper Outages Log Format (dd mmm yyyy dates, 24-hour times)
- Intermapper Outages Log Format (mmm dd yyyy dates, AM/PM times)
- Internet Security Systems Network Sensors
- Internet Security Systems Network Sensors (BETA)*
- Intersafe HTTP Content Filter
- Interscan E-mail
- Interscan E-mail Viruswall
- Interscan Messaging Security Suite Integrated
- Interscan Messaging Security Suite Integrated Log Format (BETA)*
- Interscan Messaging Security Suite
- Interscan Proxy Log Format (dd/mm/yyyy dates)
- Interscan Proxy Log Format (mm/dd/yyyy dates)
- InterScan Viruswall
- Interscan Viruswall Virus
- Interscan Web Security Suite
- Interscan Web Security Suite (BETA)*
- IOS Debug IP Packet Detailed (Using Syslog Server)
- IP Traffic LAN Statistics Log
- ipchains
- IPCop Syslog
- IPEnforcer
- ipfw
- iPlanet Error
- iPlanet Messaging Server 5/6 MTA
- Iplanet Messenger Server 5
- iPlanet/Netscape Directory Server Format
- iPlanet/Netscape
- IPMon Log Format (Using Syslog Server)
- iPrism (with syslog)
- iPrism Monitor
- iPrism-rt
- IPTables Config
- IPTables Config Log Format (BETA)*
- iptables
- IPTraf
- IPTraf TCP/UDP Services
- Ironmail AV Log Format (Sophos)
- Ironmail CSV
- Ironmail SMTP Proxy
- Ironmail SMTPO
- Ironmail Sophosq
- Ironmail Spam
- IronPort Bounce
- IronPort C-Series
- IronPort Log Format (BETA)*
- ISC DHCP Leases
- ISC DHCP
- ISS
- IST
- Jataayu Carrier WAP Server (CWS)
- Java Administration MBEAN
- Java Administration MBEAN Log Format (BETA)*
- Java Bean Application Server
- JBoss Application Server
- Juniper Networks NetScreen Traffic
- Juniper Secure Access SSL VPN
- Juniper Secure Access SSL VPN Log Format (BETA)*
- Juniper/Netscreen Secure Access
- Kaspersky Labs for Mail Servers (linux)
- Kaspersky
- Kaspersky Log Format (BETA)*
- Keria Mailserver Mail Log Format (BETA)*
- Kerio Mailserver Mail
- Kerio Network Monitor HTTP
- Kerio Network Monitor
- Kerio Winroute Firewall
- Kernun DNS Proxy
- Kernun HTTP Proxy
- Kernun Proxy
- Kernun SMTP Proxy
- Kiwi (dd-mm-yyyy dates)
- Kiwi (mm-dd-yy dates, with type and protocol)
- Kiwi (mm-dd-yyyy dates)
- Kiwi (mmm/dd dates, hh:hh:ss.mmm UTC times)
- Kiwi CatTools CatOS Port Usage Format
- Kiwi Syslog (ISO/Sawmill)
- Kiwi Syslog (UTC)
- Kiwi YYYYMMDD Comma Syslog
- Lancom Router
- Lancom Router (BETA)*
- Lava2
- Limelight Flash Media Server
- LinkSys Router
- LISTSERV
- LogSat SpamFilterISP Log Format B500.9
- LRS VPSX Accounting
- LSMTP Access
- LSMTP
- Lucent Brick
- Lucent Brick (LSMS) Admin
- Lyris MailShield
- MacOS X FTP
- Mail Enable W3C
- Mail Enable W3C Log Format (BETA)*
- Mail Essentials
- Mailer Daemon
- Mailman Post
- Mailman Post Log Format (BETA)*
- Mailman Subscribe
- MailMax SE Mail POP
- MailMax SE SMTP
- mailscanner
- MailScanner Log Format (testfase)
- MailScanner Virus Log Format (email messages sent)
- MailStripper
- MailSweeper (24 Hour)
- MailSweeper (AM/PM)
- MailSweeper (long)
- McAfee E1000 Mail Scanner
- McAfee E1000 Mail Scanner (BETA)*
- McAfee Secure Messaging Gateway (SMG) VPN Firewall
- McAfee Web Shield
- McAfee Web Shield XML
- McAfee Web Shield XML Log Format (BETA)*
- MDaemon 7 (All)
- MDaemon 7
- MDaemon 8 (All)
- Merak POP/IMAP
- Merak SMTP
- Merak SMTP Log Format (BETA)*
- Message Sniffer
- Metavante CEB Failed Logins
- Metavante
- Microsoft Elogdmp (CSV) Log Format (CSV)
- Microsoft Exchange Internet Mail
- Microsoft Exchange Server 2000 Log Format (comma separated)
- Microsoft Exchange Server 2000/2003
- Microsoft Exchange Server 2007 Log Format (comma separated)
- Microsoft Exchange Server
- Microsoft ICF
- Microsoft ISA Server Log Format (W3C)
- Microsoft ISA Server Packet Logs
- Microsoft ISA WebProxy Log Format (CSV)
- Microsoft Media Server
- Microsoft Port Reporter
- Microsoft Proxy
- Microsoft Proxy Log Format (Bytes Received Field Before Bytes Sent)
- Microsoft Proxy Log Format (d/m/yy dates)
- Microsoft Proxy Log Format (d/m/yyyy dates)
- Microsoft Proxy Log Format (m/d/yyyy dates)
- Microsoft Proxy Packet Filtering
- Microsoft SQL Profiler Export
- Microsoft Windows Firewall
- Microsoft Windows Firewall Log Format (BETA)*
- Microtech ImageMaker Error
- MicroTech ImageMaker Media
- Minirsyslogd
- Mirapoint SMTP
- Miva Access
- Miva Combined Access
- MM/DD-HH:MM:SS Timestamp
- Mod Gzip
- MonitorWare
- MonitorWare (Alternate)
- MPS
- MPS Log Format (BETA)*
- msieser HTTP
- msieser HTTP Log Format (BETA)*
- msieser SMTP
- msieser SMTP Log Format (BETA)*
- MTS Professional
- N2H2 / Novell Border Manager
- N2H2
- N2H2 Sentian
- Nagios*
- Nagios
- NcFTP Log Format (Alternate)
- NcFTP Xfer
- NEMX PowerTools for Exchange
- Neoteris
- Neoteris/Netscreen SSL Web Client Export
- Nessus
- Nessus Log Format (BETA)*
- Net-Acct
- NetApp Filers Audit
- NetApp NetCache 5.5+
- NetCache NetApp
- NetContinuum Application Security Gateway
- Netegrity SiteMinder Access
- Netegrity SiteMinder Event
- NetForensics Syslog Format
- NetGear DG834G
- NetGear FR328S
- Netgear FVL328 Log Format (logging to syslog)
- Netgear FVS318
- NetGear
- Netgear Security
- Netgear Security Log Format (BETA)*
- Netgear Security Log Format (logging to syslog)
- Netilla
- NetKey
- NetPresenz
- NetPresenz Log Format (24-hour times, d/m/y dates)
- NetPresenz Log Format (d/m/y dates)
- Netscape Extended
- Netscape Messenger
- Netscreen IDP
- NetScreen
- NetScreen Log Format (BETA)*
- Netscreen SSL Gateway
- Netscreen SSL Gateway Log Format (BETA)*
- NetScreen Traffic Log Format (get log traffic)
- Netscreen Web Client Export*
- Netscreen Web Client Export
- Netstat Log Format (uses script generated timestamp from log or GMT time)
- Netwall
- Network Syslog Format
- nmap
- No Syslog Header (use today's date, or use date/time from message)
- Nokia IP350/Checkpoint NG (fw log export)
- Nortel Contivity
- Nortel Contivity Log Format (BETA)*
- Nortel Meridian 1 Automatic Call Distribution (ACD)
- Nortel Networks RouterARN Format (SUPPORTED ONLY AFTER TEXT EXPORT)
- Nortel SSL VPN
- Norton Personal Firewall 2003 Connection
- Novell Border Manager
- Novell Border Manager
- Novell iChain Extended (W3C) Web Server
- Novell iChain W3C
- Novell NetMail 3.5
- Novell NetMail
- NTsyslog
- NVDcms
- O'Reilly
- OpenBSD Packet Filter (tcpdump -neqttr) Firewall
- OpenVPN
- Openwave Intermail
- Optima
- Oracle Application Server (Java Exceptions)
- Oracle Audit
- Oracle Failed Login Attempts
- Oracle Listener
- Order
- Packet Dynamics
- Passlogd Syslog (Full Messages)
- Passlogd Syslog Format
- PeopleSoft AppServer
- Performance Monitor
- Performance Monitor Log Format (BETA)*
- Piolink Network Loadbalance
- PIX Firewall Syslog Server (no year) (EMBLEM)
- PIX Firewall Syslog Server Format
- Planet-Share InterFax
- Plesk Server Administrator Web Log
- Policy Directory Audit
- Policy Directory Security Audit Trail
- PortalXPert
- portsentry
- Post Office Mail Server
- Postfix II
- Postfix
- Postfix Log Format (BETA)*
- PostWorks IMAP
- PostWorks POP3
- PostWorks SMTP
- praudit
- praudit Log Format (BETA)*
- Privoxy
- ProFTP
- Proxy-Pro GateKeeper
- ProxyPlus
- PsLogList
- PureFTP
- qmail (Syslog Required)
- qmail Log Format (TAI64N dates)
- qmail-scanner
- Quicktime Streaming Error
- Quicktime/Darwin Streaming Server
- RACF Security
- Radius Accounting
- Radius Accounting Log Format II
- Radius ACT
- Radware Load Balancing (Using Syslog Server)
- Raiden FTP
- RAIDiator Error
- Rapid Firewall
- Raptor
- Raptor Log Format (Exception Reporting)
- RealProxy
- RealServer Error
- RealServer
- RealServer Log Format, Alternate
- Redcreek System Message Viewer Format
- Rumpus
- SafeSquid Combined/Extended
- SafeSquid Log Format (logging to syslog server)
- SafeSquid Log Format (Orange)
- SafeSquid Standalone
- Samba Server
- Sambar Server
- Sawmill Task
- Scanmail For Exchange
- Scanmail For Exchange Log Format (BETA)*
- Seconds since Jan 1 1970 Timestamp Syslog
- SecureIIS Binary Log Format (SUPPORTED ONLY AFTER TEXT EXPORT)
- SecureIIS
- Sendmail for NT
- Sendmail
- Sendmail Log Format (BETA)*
- Separ URL Filter
- Separ URL Filter Log Format (BETA)*
- Serv-U FTP
- Servers Alive (Statistics)
- Servers Alive
- Sharetech Firewall
- Sharewall
- ShareWay IP
- Shoutcast 1.6
- Shoutcast 1.8+
- SHOUTcast W3C
- Sidewinder Firewall
- Sidewinder Firewall Log Format (BETA)*
- Sidewinder
- Sidewinder Raw Log Format (SUPPORTED ONLY AFTER acat -x EXPORT)
- Sidewinder Syslog
- Simple DNS
- SIMS
- SiteCAM
- SiteKiosk 6
- SiteKiosk
- SiteMinder Policy Server
- SiteMinder WebAgent
- SL4NT (dd.mm.yyyy, commas without spaces)
- SL4NT (dd/mm/yyyy)
- SL4NT
- SLNT4
- SmartFilter (Bess Edition)
- SmartMaxPOP
- SmartMaxSMTP
- SmoothWall
- SmoothWall SmoothGuardian 3.1
- SNARE Epilog Collected Oracle Listener
- Snare for AIX
- Snare for AIX Log Format (BETA)*
- Snare
- Snare Log Format (BETA)*
- SNMP Manager
- Snort 2 Log Format (syslog required)
- Snort Log Format (standalone, mm/dd dates)
- Snort Log Format (standalone, mm/dd/yy dates)
- Snort Log Format (syslog required)
- SNORT Portscan
- Socks 5
- Software602
- SonicWall 5
- SonicWall or 3COM Firewall
- SonicWall or 3COM Firewall (BETA)*
- Sonicwall TZ 170 Firewall
- Sophos Antispam Message
- Sophos Antispam PMX
- Sophos Antispam PMX*
- Sophos Mail Monitor for SMTP
- Sophos Web Appliance
- Sourcefire IDS
- Sourcefire IDS (BETA)*
- SpamAssassin
- spamd (SpamAssassin Daemon)
- Squid Common
- Squid Common Log Format - Syslog Required
- Squid Event Log
- Squid Guard
- Squid
- Squid Log Format With Full Headers
- Steel Belted Radius ACT*
- Steel Belted Radius ACT
- Stonegate
- Sun ONE / Netscape Directory Server
- Sun ONE Directory Server Audit
- Sun ONE Directory Server Error
- Symantec AntiVirus Corporate Edition
- Symantec AntiVirus Corporate Edition (VHIST Exporter)
- Symantec Antivirus
- Symantec Antivirus Log Format (BETA)*
- Symantec Enterprise Firewall 8
- Symantec Enterprise Firewall
- Symantec Gateway Security 2 (CSV)
- Symantec Gateway Security 400 Series
- Symantec Gateway Security Binary Log Format (SUPPORTED ONLY WITH TEXT EXPORT)
- Symantec Gateway Security Log Format (via syslog)
- Symantec Mail Security
- Symantec Mail Security Syslog Format
- Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0)
- Symantec Security Gateways Log Format (SGS 2.0/3.0 & SEF 8.0) (BETA)*
- Symantec System Console
- Symantec System Console Log Format (BETA)*
- Symantec Web Security
- Syslog (yyyymmdd hhmmss)
- Syslog NG (tab separated)
- Syslog NG
- Syslog NG Log Format (no date in log data; yyyymmdd date in filename)
- Syslog NG Log Format (no timezone)
- Syslog NG Messages
- Sysreset Mirc
- TACACS+ Accounting
- tcpdump
- tcpdump Log Format (-tt)
- tcpdump Log Format (-tt, with interface)
- tcpdump Log Format (-tt, with interface) Alternate
- Tellique
- TFS MailReport Extended
- Timestamp (mm dd hh:mm:ss)
- Tiny Personal Firewall
- Tipping Point IPS
- Tipping Point IPS Log Format (BETA)*
- Tipping Point SMS
- Tivoli Storage Manager TDP for SQL Server Format
- Tomcat
- TomcatAlt
- Trend Micro Control Manager
- Trend Micro Control Manager (BETA)*
- Trend Micro ScanMail For Exchange
- Trend ServerProtect CSV Admin
- Trend Webmanager
- TrendMicro/eManager Spam Filter
- Unicomp Guinevere
- Unicomp Guinevere Virus
- Unix Auth
- Unix Daemon Syslog Messages
- UNIX FTP
- UNIX Sendmail
- Unix Syslog
- Unix Syslog With Year
- Unreal Media Server
- URL-Scan (W3C)
- URLScan
- Useful Utilities EZproxy
- User Activity Tracking
- uw-imap
- Vamsoft Open Relay Filter Enterprise Edition
- VBrick EtherneTV Portal Server
- VICOM Gateway
- Vicomsoft Internet Gateway
- Vidius Combined
- Visonys Airlock
- W3C
- Wall Watcher
- WAP
- War FTP
- War FTP Log Format (Alternate)
- Watchguard Binary (WGL) Log Format (SUPPORTED ONLY AFTER TEXT EXPORT)
- Watchguard Firebox Export Header
- Watchguard Firebox Export Log Format (m/d/y format)
- Watchguard Firebox Export Log Format (y/m/d format)
- Watchguard Firebox V60
- Watchguard Firebox v60
- Watchguard Historical Reports Export
- Watchguard
- Watchguard SOHO
- Watchguard WELF
- Watchguard WSEP Text Exports Log Format (Firebox II & III & X)
- Watchguard XML
- Web Logic 8.1
- Web Sense
- Web Washer
- WebNibbler
- WebSEAL Audit
- WebSEAL Authorization (XML)
- WebSEAL CDAS
- WebSEAL Error
- WebSEAL Security Manager
- WebSEAL Wand Audit
- WebSEAL Warning
- WebSphere Business Integration Message Brokers User Trace
- WebSTAR FTP
- WebSTAR
- WebSTAR W3C Web Server
- Websweeper
- Webtrends Extended
- Webtrends Extended Log Format (Syslog)
- Welcome
- WELF date/time extraction (no syslog header)
- WELF Log Format (stand-alone; no syslog)
- Whatsup Syslog
- Whistle Blower Performance Metrics Log
- WhistleBlower (Sawmill 6.4)
- Win2K Performance Monitor
- Windows 2000/XP Event Log Format (export list-CSV) ddmmyyyy
- Windows 2000/XP Event Log Format (save as-CSV) dd/mm/yyyy
- Windows 2003 DNS
- Windows Event (Comma Delimited)
- Windows Event (Comma Delimited, m/d/yyyy days, h:mm:ss AM/PM times)
- Windows Event (Tab Delimited)
- Windows Event .evt Log Format (SUPPORTED ONLY AFTER CSV OR TEXT EXPORT)
- Windows Event Log (comma or tab delimited, no am/pm, 24h & ddmmyyyy)
- Windows Event Log Format (24 hour times, d/m/yyyy dates)
- Windows Event Log Format (ALTools export)
- Windows Event Log Format (dumpel.exe export)
- Windows Event Log Format (dumpevt.exe export)
- Windows NT Scheduler
- Windows NT Syslog
- Windows NT4 Event Log Format (save as-CSV)
- Windows Syslog Format
- Windows XP Event Log (Microsoft LogParser CSV Export)
- WinGate Log Format (no Traffic lines, dd/mm/yy dates)
- WinGate Log Format (no Traffic lines, mm/dd/yy dates)
- WinGate Log Format (with Traffic lines)
- Winproxy 5.1 Log Format (yyyy-mm-dd dates)
- WinProxy Alternate
- Winproxy Common
- Winproxy
- Winproxy Log Format (2-digit years)
- WinRoute Connection
- WinRoute Mail
- WinRoute Web
- WinSyslog
- Wipro Websecure Audit
- Wipro Websecure Auth (Alternate Dates)
- Wipro Websecure Auth
- Wipro Websecure Debug
- Wireshark (previously Ethereal)
- Wireshark/Ethereal/tcpdump Binary Log Format (SUPPORTED ONLY AFTER -r -tt CONVERSION)
- Wowza Media Server Pro
- WS_FTP
- WU-FTP
- WU-FTP Log Format (yyyy-mm-dd Dates, Server Domain)
- X-Stop
- XMail SMTP
- XMail Spam
- XWall
- XWall Log Format (BETA)*
- Yamaha RTX
- Youngzsoft CCProxy
- Zeus Extended
- Zeus Log Format (Alternate Dates)
- Zone Alarm
- ZyXEL Communications
- Zyxel Firewall
- Zyxel Firewall WELF
* BETA format. Formats marked with an asterisk are "beta" formats, which are experimental, have not been fully tested, and are not available in Sawmill Lite (they are available only in Sawmill Professional and Sawmill Enterprise).
If you want to analyze a log in a different format, Sawmill also lets you
specify a custom log format. If your log is generated by publicly-available software,
we'll do this for you-- just email a sample of your log file to
sawmill@flowerfire.com,
and we'll write you a log format descriptor that you can
plug right in to your copy of Sawmill.
We're continually adding new log formats, so the list above will keep
growing.
|
|
