Microsoft IAS/NPS

Sawmill plug-ins allow Sawmill to read ASCII text based logs that are saved to a folder Sawmill can read locally (including mapped/mounted filesystems) or available remotely via (S)FTP and HTTP. Additionally an ODBC connection to an Oracle or MSSQL instance is possible. Alternately (or for advanced users) there is a command line option that allows a script or program to feed data into the Sawmill processing engine.

This plug-in provides analysis support within Sawmill for the above named log format. Using this plug-in Sawmill will be able to read and interpret log files in their original format and perform analysis, reporting and alerting based on the data contained within them. If Sawmill does not perform quite as expected it is possible the original vendor has changed the logging specification. Contact support@sawmill.co.uk providing details and a sample of the log file.

During importing of log data the following fields are stored in the Sawmill database for subsequent processing and report generation:

Back to All Formats List

Numeric Fields

  • events
  • input octets
  • output octets
  • session time

Non-Numeric Fields

  • date/time
  • day of week
  • hour of day
  • server
  • service
  • hostname
  • domain description
  • location
  • authenticated user
  • username
  • NAS IP address
  • NAS port
  • service type
  • framed protocol
  • framed IP address
  • framed IP netmask
  • framed routing
  • filter IP
  • framed MTU
  • framed compression
  • login IP host
  • login service
  • login TCP port
  • reply message
  • callback number
  • callback ID
  • framed route
  • framed IPX network
  • class
  • vendor specific
  • session timeout
  • idle timeout
  • termination action
  • called station ID
  • calling station ID
  • NAS identifier
  • login LAT service
  • login LAT node
  • login LAT group
  • framed appletalk link
  • framed appletalk network
  • framed appletalk zone
  • status type
  • delay time
  • session ID
  • authentic
  • terminate clause
  • multi ssn ID
  • link count
  • event timestamp
  • NAS port type
  • port limit
  • login LAT port
  • tunnel type
  • tunnel medium type
  • tunnel client endpoint
  • tunnel server endpoint
  • tunnel connection
  • password retry
  • prompt
  • connect info
  • configuration token
  • tunnel private group ID
  • tunnel assignment ID
  • tunnel preference
  • interim interval
  • ascend
  • saved radius framed route
  • client IP address
  • RAS Client Name
  • NAS manufacturer
  • ms chap error
  • authentication type
  • client friendly name
  • SAM account name
  • fully qualified username
  • EAP friendly name
  • packet type
  • source IP
  • source port
  • destination IP
  • destination port
  • NP policy name