Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Links Database Forum

» Database Journal Home
» Database Articles
» Database Tutorials
MS SQL
Oracle
DB2
MS Access
MySQL
» RESOURCES
Database Tools
SQL Scripts & Samples
Links
» Database Forum
» Sitemap
Free Newsletters:
DatabaseDaily  
News Via RSS Feed


follow us on Twitter
Database Journal |DBA Support |SQLCourse |SQLCourse2
 

Featured Database Articles

MS Access

Posted Mar 1, 2004

MS Access for the Business Environment: Analyze and Report from the Windows Event Log, Part I - Page 3

By William Pearson



The Event Log Query Tool



Microsoft Windows 2000 Server Resource Kit is the official home for the Event Log Query tool, otherwise known as Elogdmp.exe ("Elogdmp"). Elogdump requires a bit of practice to make it fit the needs of some, but it readily fills our immediate objective of exporting the data to a dump file we can easily import to MS Access. With the investment of a little development time, a macro / script can be assembled to call the tool for regularly scheduled exports of the logs to meet the needs of the organization.



Discussion



Elogdmp is a command-line tool that sends its output, the contents of the Event Log, to a PC Screen or to a file. The logs of a remote or local computer, whose identity is designated in the utility's syntax (see the next section for details) can be "dumped" using the tool, to a location specified in the syntax. Search of the output data is easy, as it is generated as a comma-delimited text file - a fact that also makes it readily importable into other applications.



The data that appears in the Elogdmp file includes the information depicted in Table 1.



Data Element

Description

 

Date

The date the event occurred, stored in Universal Time Coordinate (UTC).

 

Time

The time the event occurred, stored in UTC.

Source

The software logging the event, which can be a program name or the identifier of a system component / subcomponent of a larger program.

Type

Event severity classification:

Application and System Logs:

  • Error
  • Information
  • Warning

Security Log:

  • Success Audit
  • Failure Audit

Category

Primarily used in the Security log, the Category classifies events by event source. Often used as a grouping mechanism for event types that can be subjected to success / failure auditing in Windows 2000 Group Policy.

NOTE: Dumped log files contain "Something" or "None" in this field, and are thus not very useful.

Event

The particular event type for the respective source, identified by a number. The name of the event type is typically included in the first line of the description (often useful to support representatives, etc., using Source and Event data together, in troubleshooting exercises).

User

The name of the user on whose behalf the event occurred: the client ID if the event was caused by a server process or the primary ID if impersonation is not taking place. Where appropriate, Security log entries contain both primary and impersonation IDs, when the server allows a process to assume the security attributes of another.

Computer

The name of the computer upon which the event took place.

Details

Additional message details that sometimes appear in the dumped log file, depending upon the event.


Table 1: Event Log Information

For those of us using it for the first time, Elogdmp.exe can be found in a couple of places, depending upon whether you installed the Windows 2000 Resource Kit, or if you simply have the CD and do not wish to install the full kit on the computer. In the former case, the file can be located on the hard drive of the computer upon which the Resource Kit was installed (the search facility can be used, obviously, if you do not recall the location), in the location chosen at installation time. An example is partially shown in Illustration 2.


Illustration 2: Locating Elogdmp.exe on a Computer with the Resource Kit Installed

Elogdmp.exe can also be extracted from a file on the Windows 2000 Resource Kit, called compmgmt.cab, depicted in Illustration 3.


Illustration 3: The Compmgmt.cab on the CD, Home of Elogdmp.exe

We can be easily access our target in this compressed file via the more recent versions of WinZip, Once the contents of the .cab file are exposed, as partially depicted in Illustration 4, we can extract the file to any destination we choose.


Illustration 4: Preparing to Extract Elogdmp.exe from Compmgmt.cab on the CD

While any user on the network can use Elogdmp to view the contents of the Application log on any remote computer on the network (assuming basic access, etc., privileges), membership within the Domain Administrators / Administrators group on the computer is required to take advantage of opportunities to use Elogdmp as a remote administration tool to view the contents of a remote computer's System or Security log.



MS Access Archives

Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 




Latest Forum Threads
MS Access Forum
Topic By Replies Updated
Help With Microsoft Access kasy 0 September 4th, 07:35 PM
Linked table not sorting or filtering - ODBC error Java 1 August 28th, 10:37 AM
Use Parameter in select statement (Sql in Microsoft Access) katty.jonh 1 July 25th, 06:45 AM
Query Issue algebroni 7 July 23rd, 04:22 PM


















Thanks for your registration, follow us on our social networks to keep up-to-date