Parse windows event logs to SQL server

[Bitwaba]

Hi,

I've been working on this project at my company for a while. There is a logparser program that windows released that does exactly what we need.

The plan is to have a sql server set up on a freebsd or gentoo box, and also have one of those machines run the log parser program.

I was able to install the LogParser.msi file fine using msiexec. I had to copy the MFC42u.dll from my windows machine to get it to register the logparser.dll properly, but everything worked after the second install attempt.

Just to test it out, I ran:

[think4urs11]

maybe this one is an alternative path you could take to centralize your event logs

PHP-Syslog-NG

Thats what we use (in conjunction with Snare Agent on windows boxes) for approx. 150+ boxes (*nix+Win+etc).
It utilizes a mysql database as backend for the syslog messages.

Any chance to get more informations about your log parser program?
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself

[Bitwaba]

No, I haven't come across any more information concerning log parser except more way for it to not work.

I still think I dont have the right software that will allow logparser to connect to the systemlog.

Thanks for the links though. Snare Agent looks like it might be a good alternative to what i was trying to do with logparser.

[Bitwaba]

Hmm. Snare agent was a good attempt, but unfortunatly it won't work on all of our servers.

Our WINS, DHCP, and DNS servers are run off one machine, and its event logging is set to high. When snare agent runs, it eats the CPU, and our hostname resolution drops considerably, along with other noticeable side effects.

Anyone know a way to get around this? or should i just keep looking?