Howtoforge posted a guide about using Sawmill Log Analyzer

SafeSquid produces four logs, one of them in NCSA / Extended log format. SafeSquid extended log contains lot more information, and allows you to analyze the filtering and Profiling functions of the proxy. For example, it allows you to analyze requests that were blocked by various filters (URL Filter, Keyword Filter, Mime Filter, Header Filter, etc.), what was the reason for blocking the request, who had made the request, when, what Anti Virus blocked which content, which virus was detected, who had accessed the infected content, etc. Additionally, using SafeSquid extended log, you can analyze SafeSquid 'Profiles' (user profiles like users / groups and application profiles). For example, you can produce some fantastic reports like, department wise bandwidth usage, what user / department is using what all application to access internet (browsers, chat, down-loaders, media players, etc.), what security breaches SafeSquid prevented and which user / department tried to breach them, etc.

  How To Use Sawmill Log Analyzer To Generate In Depth Analysis Reports From SafeSquid Proxy Server Logs