Sawmill Integration

From Swivel Knowledgebase
Jump to: navigation, search


Sawmill Integration with Swivel

Sawmill is a log analysis tool and can produce reports from Swivel logs. Log output from a syslog server can be also read by Sawmill.


Prerequisites

This article assumes you are running Swivel 3.2 or later and Sawmill Version 8

The Swivel Custom plugin for Sawmill (http://store.sawmill.co.uk/store/index.asp?pid=41) is also required

For Sawmill Enterprise Enterprise Edition a single copy license of the plug-in is provided for free, contact sales@sawmill.co.uk  for further information.


Baseline

Swivel 3.5

Sawmill 8.08


Architecture

Swivel produces XML log files, there are several deployment scenarios which can be used:

  1. These can be copied to a log server for analysis
  2. Pulled from the Sawmill server from the PINsafe server.
  3. Analysis of log files from Syslog log files.


Swivel Configuration

Ensure that the PINsafe logs are readable by the Sawmill server.


Sawmill Configuration

Copy Across PINsafe log filter files

The Log format files (swivel_pinsafe_xml.cfg and swivel_pinsafe_syslog.cfg) need to be copied to the Sawmill Server into Sawmill 8\LogAnalysisInfo\log_formats


Example:


C:\Program Files\Sawmill 8\LogAnalysisInfo\log_formats

Start the New Profile Wizard

From Profiles select Create New Profile


SawmillProfile.jpg

Enter the Log Source

Enter the log Source and any required information such as pathname for the PINsafe logs.

This setting will depend on which logs you are using, for example if Sawmill is deployed on the same server as PINsafe the path would be

\usr\local\apache-tomcat-x.xx\webapps\pinsafe\WEB-INF\logs\*log


Sawmillsource.jpg


Sawmill will automatically attempt to identify the correct log format options.


Select Log Format

Select the required log format, then click on Next

Sawmilllogsource.jpg


Complete Profile

The following steps complete the profile, these are standard Sawmill steps and deafuault settings are probably acceptable.

Enter the required Sawmill Database, then click on Next, then the Performance options.

Select the required Numerical Field options then click on Next.

Give a name for the profile, then click on Next.


Process Data and View Reports

Click on Process Data and View Reports to create the database and generate reports.

Sawmillreport.jpg


For scheduled processing of the PINsafe logs into the database, create a task in the Sawmill scheduler.


Verifying the Installation

Reports should show information, as in the above screen shot.


Troubleshooting

Check that the Swivel logs have some data in them, such as successful and failed login attempts..

View the Task log on the Sawmill server from Tasks/View Task Log, and check for any errors.


Known Issues and Limitations

If attempting to read PINsafe syslog output, the data needs to be sent to a syslog server first.


Additional Information

For assistance in the Swivel installation and configuration please firstly contact your reseller and then email Swivel Secure support at support@swivelsecure.com

For Sawmill assistance please contact support@sawmill.co.uk.