MS Access for the Business Environment: Analyze and Report from the Windows Event Log, Part I - Page 4
March 1, 2004
The command-line syntax for Elogdmp is simple, and is structured as follows:
elogdmp [-?] computername eventlogtype [> export filename]
The components of the syntax, together with amplifying comments, appear in Table 2.
Table 2: Elogdmp Syntax Components
The following example would export the contents of the Security log, as it exists upon a server named ELIAS; the output file, named 021404_Security.txt would be redirected to the EventLogs directory on the D: drive.
elogdmp ELIAS Security > D:\EventLogs\021404_Security.txt
For the details surrounding additional functionality with Elogdmp, such as its filtering and error reporting capabilities, consult the documentation that ships with the Windows 2000 Resource Kit. For now, we will practice with using Elogdmp to create a dump file, whose ultimate destination will be an MS Access database.
Practice: Using the Tool to Export the Event Log
To put Elogdmp into action, we have only to open a Command Prompt and issue the appropriate syntax. We will create a dump file for our destination database by taking the following steps:
1. Go to the Start button on the PC, and then navigate to Programs --> Accessories --> Command Prompt, as shown in Illustration 5.
Note: There are numerous ways of launching the Command Prompt. Select the way that you prefer.
2. Click Command Prompt to open the prompt.
The Command Prompt window opens.
3. From the directory housing Elogdmp.exe (the location depends upon where you chose to install the Windows 2000 Resource Kit, or where you placed the individual file after extracting it or otherwise placing it), type the following into the Command Prompt:
[Directory Housing the Event Log Tool]> Elogdmp [ComputerName] application > [Full file name you wish for the file]
I used the following syntax on my computer.
D:\Program File\Windows 2000 Resource Kit>Elogdmp ELIAS application > D:\temp\022004_app.txt
The command prompt window on my PC appears as depicted in Illustration 6.
4. Press ENTER.
The dump file is created instantaneously. If this is not the case, go back and check your typing, particularly the validity of the information that is contextually specific to your local computer.
5. Go to Windows Explorer and navigate to the folder into which you directed the Elogdmp output.
I specified that my file be called 022004_app.txt, and that it be placed within the D:\temp folder on my machine. Upon navigating to the folder, I see that the file has indeed been created, as shown in Illustration 7.
6. Close the Command Prompt when ready.
If we wish to do so, we can certainly open the file with Notepad.exe, or any number of other text editors. The file we have created will become the data source for our new Event Log database, and will be used in both its creation and population, as we will see when we move into the import stage in Part II of this article.
With this, Part I of a two-article lesson, we diverted from our typical focus of working with financial information in MS Access, and set our sights on using the RDBMS in a different role: the support of operational analysis and reporting with the wealth of statistics that can be obtained from the Event Log of the Windows operating system. After introducing the Event Log and discussing the data that it contains, we set about meeting our objective of creating an MS Access database and populating it with Event Log data.
We discussed the usefulness of manipulating Event Log data within a database, and then introduced the Elogdmp utility as an easy-to-use option for exporting Event Log data. Finally, we performed a hands-on exercise using the utility to dump an Application log in preparation for its import, in Part II, to an MS Access database for Analysis and Reporting.