Trend Micro Control Manager

Sawmill plug-ins allow Sawmill to read ASCII text based logs that are saved to a folder Sawmill can read locally (including mapped/mounted filesystems) or available remotely via (S)FTP and HTTP. Additionally an ODBC connection to an Oracle or MSSQL instance is possible. Alternately (or for advanced users) there is a command line option that allows a script or program to feed data into the Sawmill processing engine.

This plug-in provides analysis support within Sawmill for the above named log format. Using this plug-in Sawmill will be able to read and interpret log files in their original format and perform analysis, reporting and alerting based on the data contained within them. If Sawmill does not perform quite as expected it is possible the original vendor has changed the logging specification. Contact providing details and a sample of the log file.

During importing of log data the following fields are stored in the Sawmill database for subsequent processing and report generation:

Back to All Formats List

Numeric Fields

  • malicious events
  • virus events
  • workstation virus events
  • web virus events
  • email virus events
  • spyware events
  • web spyware events
  • workstation spyware events
  • web filtering events
  • email filtering events
  • admin events

Non-Numeric Fields

  • date/time
  • day of week
  • hour of day
  • event type
  • computer name
  • message ID
  • sender
  • recipient
  • subject
  • policy name
  • policy settings
  • action on content
  • action on message
  • infect source
  • infect destination
  • virus
  • product
  • pattern
  • engine
  • first action
  • first action result
  • second action
  • second action result
  • file name
  • file path
  • login user name
  • object name URL
  • file type
  • client IP
  • location
  • blocking type
  • blocking rule
  • event
  • severity
  • description
  • generation time zone