Microsoft IAS Comma-Separated

Sawmill plug-ins allow Sawmill to read ASCII text based logs that are saved to a folder Sawmill can read locally (including mapped/mounted filesystems) or available remotely via (S)FTP and HTTP. Additionally an ODBC connection to an Oracle or MSSQL instance is possible. Alternately (or for advanced users) there is a command line option that allows a script or program to feed data into the Sawmill processing engine.

This plug-in provides analysis support within Sawmill for the above named log format. Using this plug-in Sawmill will be able to read and interpret log files in their original format and perform analysis, reporting and alerting based on the data contained within them. If Sawmill does not perform quite as expected it is possible the original vendor has changed the logging specification. Contact support@sawmill.co.uk providing details and a sample of the log file.

During importing of log data the following fields are stored in the Sawmill database for subsequent processing and report generation:

Back to All Formats List

Numeric Fields

  • events
  • unique client IPs
  • input octets
  • output octets
  • input packets
  • output packets

Non-Numeric Fields

  • date/time
  • day of week
  • hour of day
  • computer name
  • service name
  • packet type
  • username
  • fully qualified username
  • called station ID
  • calling station ID
  • callback number
  • framed IP address
  • NAS identifier
  • NAS IP address
  • NAS port
  • client vendor
  • client IP address
  • client friendly name
  • event timestamp
  • port limit
  • NAS port type
  • connect info
  • framed protocol
  • service type
  • authentication type
  • NP policy name
  • reason code
  • session timeout
  • idle timeout
  • termination action
  • EAP friendly name
  • status type
  • delay time
  • session ID
  • authentic
  • session time
  • terminate cause
  • multi ssn ID
  • link count
  • interim interval
  • tunnel type
  • tunnel medium type
  • tunnel client endpoint
  • tunnel server endpoint
  • tunnel connection
  • tunnel private group ID
  • tunnel assignment ID
  • tunnel preference
  • ms account auth type
  • ms account EAP type
  • ms ras version
  • ms ras vendor
  • ms chap error
  • ms chap domain
  • ms ppe encryption type
  • ms mppe encryption policy