Sawmill Integration

From Swivel Knowledgebase Wiki

Contents 1 Sawmill Integration with PINsafe 2 Prerequisites 3 Baseline 4 Architecture 5 PINsafe Configuration 6 Sawmill Configuration 7 Process Data and View Reports 8 Verifying the Installation 9 Troubleshooting 10 Known Issues and Limitations 11 Additional Information

Sawmill Integration with PINsafe

Sawmill is a log analysis tool and can produce reports from PINsafe logs. Log output from a syslog server can be also read by Sawmill.

Prerequisites

This article assumes you are running PINsafe 3.2 or later and Sawmill Version 8

The Swivel Custom plugin for Sawmill (http://store.sawmill.co.uk/store/index.asp?pid=41) is also required

For Sawmill Enterprise Enterprise Edition a single copy license of the plug-in is provided for free, contact sales@sawmill.co.uk  for further information.

Baseline

PINsafe 3.5

Sawmill 8.08

Architecture

PINsafe produces XML log files, there are several deployment scenarios which can be used:

1. These can be copied to a log server for analysis
2. Pulled from the Sawmill server from the PINsafe server.
3. Analysis of log files from Syslog log files.

PINsafe Configuration

Ensure that the PINsafe logs are readable by the Sawmill server.

Sawmill Configuration

Copy Across PINsafe log filter files

The Log format files (swivel_pinsafe_xml.cfg and swivel_pinsafe_syslog.cfg) need to be copied to the Sawmill Server into Sawmill 8\LogAnalysisInfo\log_formats

Example:

C:\Program Files\Sawmill 8\LogAnalysisInfo\log_formats

Start the New Profile Wizard

From Profiles select Create New Profile

Enter the Log Source

Enter the log Source and any required information such as pathname for the PINsafe logs.

This setting will depend on which logs you are using, for example if Sawmill is deployed on the same server as PINsafe the path would be

\usr\local\apache-tomcat-x.xx\webapps\pinsafe\WEB-INF\logs\*log

Sawmill will automatically attempt to identify the correct log format options.

Select Log Format

Select the required log format, then click on Next

Complete Profile

The following steps complete the profile, these are standard Sawmill steps and deafuault settings are probably acceptable.

Enter the required Sawmill Database, then click on Next, then the Performance options.

Select the required Numerical Field options then click on Next.

Give a name for the profile, then click on Next.

Process Data and View Reports

Click on Process Data and View Reports to create the database and generate reports.

For scheduled processing of the PINsafe logs into the database, create a task in the Sawmill scheduler.

Verifying the Installation

Reports should show information, as in the above screen shot.

Troubleshooting

Check that the PINsafe logs have some data in them, such as successful and failed login attempts.. View the Task log on the Sawmill server from Tasks/View Task Log, and check for any errors.

Known Issues and Limitations

If attempting to read PINsafe syslog output, the data needs to be sent to a syslog server first.

Additional Information

For assistance in the PINsafe installation and configuration please firstly contact your reseller and then email Swivel Secure support at support@swivelsecure.com

For Sawmill assistance please contact support@sawmill.co.uk.