Sawmill Integration with Swivel
Sawmill is a log analysis tool and can produce reports from Swivel logs. Log output from a syslog server can be also read by Sawmill.
This article assumes you are running Swivel 3.2 or later and Sawmill Version 8
The Swivel Custom plugin for Sawmill (http://store.sawmill.co.uk/store/index.asp?pid=41) is also required
For Sawmill Enterprise Enterprise Edition a single copy license of the plug-in is provided for free, contact email@example.com for further information.
Swivel produces XML log files, there are several deployment scenarios which can be used:
- These can be copied to a log server for analysis
- Pulled from the Sawmill server from the PINsafe server.
- Analysis of log files from Syslog log files.
Ensure that the PINsafe logs are readable by the Sawmill server.
Copy Across PINsafe log filter files
The Log format files (swivel_pinsafe_xml.cfg and swivel_pinsafe_syslog.cfg) need to be copied to the Sawmill Server into Sawmill 8\LogAnalysisInfo\log_formats
C:\Program Files\Sawmill 8\LogAnalysisInfo\log_formats
Start the New Profile Wizard
From Profiles select Create New Profile
Enter the Log Source
Enter the log Source and any required information such as pathname for the PINsafe logs.
This setting will depend on which logs you are using, for example if Sawmill is deployed on the same server as PINsafe the path would be
Sawmill will automatically attempt to identify the correct log format options.
Select Log Format
Select the required log format, then click on Next
The following steps complete the profile, these are standard Sawmill steps and deafuault settings are probably acceptable.
Enter the required Sawmill Database, then click on Next, then the Performance options.
Select the required Numerical Field options then click on Next.
Give a name for the profile, then click on Next.
Process Data and View Reports
Click on Process Data and View Reports to create the database and generate reports.
For scheduled processing of the PINsafe logs into the database, create a task in the Sawmill scheduler.
Verifying the Installation
Reports should show information, as in the above screen shot.
Check that the Swivel logs have some data in them, such as successful and failed login attempts..
View the Task log on the Sawmill server from Tasks/View Task Log, and check for any errors.
Known Issues and Limitations
If attempting to read PINsafe syslog output, the data needs to be sent to a syslog server first.
For assistance in the Swivel installation and configuration please firstly contact your reseller and then email Swivel Secure support at firstname.lastname@example.org
For Sawmill assistance please contact email@example.com.