Fortinet Fortigate Firewall

Sawmill plug-ins allow Sawmill to read ASCII text based logs that are saved to a folder Sawmill can read locally (including mapped/mounted filesystems) or available remotely via (S)FTP and HTTP. Additionally an ODBC connection to an Oracle or MSSQL instance is possible. Alternately (or for advanced users) there is a command line option that allows a script or program to feed data into the Sawmill processing engine.

This plug-in provides analysis support within Sawmill for the above named log format. Using this plug-in Sawmill will be able to read and interpret log files in their original format and perform analysis, reporting and alerting based on the data contained within them. If Sawmill does not perform quite as expected it is possible the original vendor has changed the logging specification. Contact support@sawmill.co.uk providing details and a sample of the log file.

During importing of log data the following fields are stored in the Sawmill database for subsequent processing and report generation:

Back to All Formats List

Numeric Fields

  • accesses
  • visitors
  • sent
  • received
  • sent packets
  • received packets
  • duration

Non-Numeric Fields

  • URL
  • file type
  • device ID
  • level
  • device name
  • type
  • subtype
  • priority
  • category
  • category description
  • hostname
  • method
  • user
  • group
  • policy ID
  • source
  • location
  • source name
  • source port
  • source interface
  • destination
  • destination name
  • destination port
  • destination interface
  • translated IP
  • translated port
  • ICMP ID
  • ICMP type
  • ICMP code
  • status
  • protocol
  • service
  • vd
  • VPN
  • dir disp
  • translated disp
  • message
  • action
  • reason
  • virus
  • file
  • UI
  • aven
  • fcni
  • fdni
  • FTP
  • HTTP
  • idsdb
  • idsmn
  • idssn
  • IMAP
  • libav
  • POP3
  • SMTP
  • virdb
  • new action
  • new destination address
  • new destination interface
  • new log
  • new NAT
  • new source address
  • new schedule
  • new source interface
  • new server
  • old action
  • old destination address
  • old destination interface
  • old log
  • old NAT
  • old source address
  • old schedule
  • old source interface
  • old server
  • sequence
  • application type
  • destination country
  • source country
  • translated source IP
  • translated source port
  • rule
  • identidx
  • profile group
  • shaper drop sent
  • shaper drop received
  • perip drop
  • shaper_sent_name
  • shaper_rcvd_name
  • perip_name
  • VPN tunnel
  • application
  • application category
  • carrier EP
  • subapplication
  • subappcat
  • UTM action
  • UTM event
  • UTM subtype