Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Links Database Forum

» Database Journal Home
» Database Articles
» Database Tutorials
MS SQL
Oracle
DB2
MS Access
MySQL
» RESOURCES
Database Tools
SQL Scripts & Samples
Links
» Database Forum
» Sitemap
Free Newsletters:
DatabaseDaily  
News Via RSS Feed


follow us on Twitter
Database Journal |DBA Support |SQLCourse |SQLCourse2
 

Featured Database Articles

MS SQL

Posted Jun 29, 2005

Import Security event logs using Log parser and SQL Server - Page 2

By Muthusamy Anantha Kumar aka The MAK




Step 6


Create C:\LogParser\Logparserbatch.bat as shown in Fig 1.5


LogParser.exe "select * INTO Audit 
   from \\%5\security 
   WHERE TimeGenerated >= '%1 %2' and 
   TimeGenerated <= '%3 %4'" 
   -o:SQL -server:SQL  
   -database:SecurityLog 
   -driver:"SQL Server" 
   -username:TrainAudit 
   -password:ECE2F287 
   -createtable:OFF



Download Logparserbatch.bat_

Note: Please update the Server name SQL to your Server Name. If you had changed the database name, table name login name and password in Step 3, then use the new database name, table name, login name and pass word in the batch file.




Step 7


Execute C:\LogParser\Logparse.vbs as shown in Figure 1.6.


Cscript Logparse.vbs C:\LogParser\Servers.txt



Fig 1.6

When this VbScript is executed, it forms the following batch commands and executes them sequentially [Refer Fig 1.7]


Fig 1.7

These batch commands form the Logparser.exe statement dynamically by passing 'from date' and 'to date' as parameters. [Fig 1.8] The formed logparser statement brings yesterday's security data from the event log from every server listed in servers.txt from 12:00am to 11:59:59pm.

Step 8

Query the Audit table in SQL Server as shown in Fig 1.9.


Fig 1.9

Step 9

Schedule this C:\LogParser\Logparse.vbs to be executed every morning at 6:00 am as shown in the Fig 2.0 and Fig 2.1.


Fig 2.0


Fig 2.1

Conclusion

This article has illustrated how to use Microsoft Logparser 2.2, Windows Job Scheduler and SQL Server database to monitor the event logs, so that reports such as the Monthly, Weekly Low security events can be extracted from SQL Server database. The data collected in the SQL Server database satisfy the demands of General-Controls review by public auditors and regulatory agencies. If you want to collect data in a real time, you can update the VBScript and the job schedule to be executed to collect information every 15 minutes.

» See All Articles by Columnist MAK



MS SQL Archives

Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 




Latest Forum Threads
MS SQL Forum
Topic By Replies Updated
SQL 2005: SSIS: Error using SQL Server credentials poverty 3 August 17th, 07:43 AM
Need help changing table contents nkawtg 1 August 17th, 03:02 AM
SQL Server Memory confifuration bhosalenarayan 2 August 14th, 05:33 AM
SQL Server Primary Key and a Unique Key katty.jonh 2 July 25th, 10:36 AM