Sawmill Analytics

Sawmill, the multi-discipline customizable log file analysis and reporting software, a multi-processing analytics engine for the concurrent analysis of multiple log files and event logs. Sawmill hosts securely on your own servers (Unix, Linux, Mac, Windows) providing the most secure environment for your most valuable data.

Sawmill analyses text log files from any source and any location, producing highly readable and actionable reports and alerts – condensing the extracted data into customised dashboards to make event recognition and trend utilisation so much quicker to assimilate and use. Sawmill analyze, monitor and alert a wide range of systems. Sawmill provides extensive log processing and reporting features to get the best possible insight into your network data.

Sawmill Dashboard is normally the default report in Sawmill and consists of a group of report pages combined on a single screen. The user can determine how a dashboard is constructed (i.e. what report pages it contains) so that the most important data is collectively displayed on a single screen for immediate assimilation and action by the user. A Report can have multiple dashboards. see below Sawmill Dashboard.

sawmill analytics dashboard

 Who uses Sawmill

Anyone who needs to understand how their business works, how safe it is, how company’s resources are being used, how their customers are being served, their internet bandwidth, who is consuming the bandwidth and how, what visitors are looking at on their website, what is being purchased, who has accessed which fileservers and which files, who is on their network and who is logged-in, websites being surfed by their employees, how many threats were blocked, etc. etc. etc. This type of information is needed by every manager or business owner hoping to keep better control of his business and his employees in this interconnected world by reducing risks and staying legal.

 What host platforms are supportted

The downloadable trial version contains binaries for Linux, Windows and Macintosh, plus encrypted source code for compiling to other platforms. Hardware specifications for the Sawmill server are dependent on the size of the log files and the ‘live data’ retention period, plus the pattern and type of use (live reports, static reports, report requests and request frequency etc.). Memory should be 2GB for each processor core, but more memory is always a bonus. Good processor platforms for Sawmill are Intel or AMD, with Windows and Solaris on Intel/ AMD also very good. Sawmill is also installable in a virtual machine environment.

Sawmill Versions:
Sawmill Lite
Sawmill Professional
Sawmill Enterprise

Sawmill Features by Edition:

Current Production Version
Host platform options Microsoft Windows, Apple MacOS X, UNIX, GNU/Linux. Current download list available here
Deployment Local or Remote
Licensing Single Copy, Profiles
License delivery Key by email
License sizes (profiles) 1, 5, 10, 25 > > unlimited 1
License size upgrades (profiles) Yes no
License edition upgrades (by key) Yes
Software delivery User Download
User limit Unlimited
Supported log file types 1022
LDAP Authentication Yes
Microsoft SQL Server1 (Database & Log Source) Yes
Oracle1 (Database & Log Source) Yes
MySQL2 (Database & Log Source) Yes
Multi-Processor Log Processing Yes
GUI customization 3 Yes (complete via Salang) (report features only)
Role-based access control4 Yes (limited)
Network Actions (API/RPC) Yes Yes
Custom Report Columns Yes Yes
Save Report From Reports Yes Yes
Email Report From Reports Yes Yes
Filter/Report Bookmarks Yes Yes
Multiple Log Source Yes Yes
Script Language (Salang) Yes Yes
Log Filters Editor (input) Yes Yes
DNS Lookup Yes Yes
HTTP Log Source Yes Yes
Command Line Log Source Yes Yes
Report Editor Yes Yes
User Management Editor Yes Yes
Log Format auto-detection (with override option) (with override option)
Internal database support Yes Yes Yes
Reports Drill Down (ZOOM) Yes Yes Yes
Report Filters Editor (output) Yes Yes Yes
Sawmill Scheduler Yes Yes (database update only)
Local (file) Log Source Yes Yes Yes
FTP/SFTP Log Source Yes Yes Yes
Integrated web server Yes Yes Yes
External SQL Queries Yes Yes Yes
GeoLite™ Database Yes Yes Yes
Language Modules Yes Yes Yes


How does Sawmill access log files

Sawmill is agent-free. Logs stored on a network accessible drive are accessed pointing and clicking on the file containing the logs to give Sawmill the path. When a Profile runs Sawmill will automatically import the incremental logs not already imported. Logs stored remotely can be accessed by ftp/sftp. When logs are imported they are pre-processed by a plug-in and parsed into the normalised Sawmill internal format and entered into the database. Each Profile creates and maintains its own database.

  • Customize the user interface
  • Create your own reporting strategy
  • Create custom reports with calculated columns
  • Combine external metadata into reports
  • Role Based Access Controls for unlimited users
  • Grant privileged access rights to authenticated users
  • LDAP/AD (Active Directory) support
  • View reports via HTTPS
  • A Sawmill license is forever
  • No licensing limit on users
  • No licensing limit on hits, visitors, sessions
  • No licensing limit on log sizes