View previous topic :: View next topic |
Author |
Message |
Bitwaba n00b
Joined: 10 Mar 2005 Posts: 34
|
Posted: Tue Jan 03, 2006 5:51 pm Post subject: Parse windows event logs to SQL server |
|
|
Hi,
I've been working on this project at my company for a while. There is a logparser program that windows released that does exactly what we need.
The plan is to have a sql server set up on a freebsd or gentoo box, and also have one of those machines run the log parser program.
I was able to install the LogParser.msi file fine using msiexec. I had to copy the MFC42u.dll from my windows machine to get it to register the logparser.dll properly, but everything worked after the second install attempt.
Just to test it out, I ran:
Code: | $ wine LogParser.exe "SELECT * INTO output.csv FROM \\bflowers\System" -i:EVT -o:SQL
Error: Error enumerating event log registry keys: File not found
|
I'm not really sure what this error is. I think it might have something to do with not having the proper software to access windows system logs, but I'm not sure.
Does anyone have any experience with running this program on a *nix box, or can someone point me in the right direction? |
|
Back to top |
|
|
think4urs11 Bodhisattva
Joined: 25 Jun 2003 Posts: 6659 Location: above the cloud
|
Posted: Tue Jan 03, 2006 8:38 pm Post subject: |
|
|
maybe this one is an alternative path you could take to centralize your event logs
PHP-Syslog-NG
Thats what we use (in conjunction with Snare Agent on windows boxes) for approx. 150+ boxes (*nix+Win+etc).
It utilizes a mysql database as backend for the syslog messages.
Any chance to get more informations about your log parser program? _________________ Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
Back to top |
|
|
Bitwaba n00b
Joined: 10 Mar 2005 Posts: 34
|
Posted: Tue Jan 03, 2006 9:13 pm Post subject: |
|
|
No, I haven't come across any more information concerning log parser except more way for it to not work.
I still think I dont have the right software that will allow logparser to connect to the systemlog.
Thanks for the links though. Snare Agent looks like it might be a good alternative to what i was trying to do with logparser. |
|
Back to top |
|
|
Bitwaba n00b
Joined: 10 Mar 2005 Posts: 34
|
Posted: Wed Jan 04, 2006 1:57 pm Post subject: |
|
|
Hmm. Snare agent was a good attempt, but unfortunatly it won't work on all of our servers.
Our WINS, DHCP, and DNS servers are run off one machine, and its event logging is set to high. When snare agent runs, it eats the CPU, and our hostname resolution drops considerably, along with other noticeable side effects.
Anyone know a way to get around this? or should i just keep looking? |
|
Back to top |
|
|
|