Send your events log to sql

Posted by Jason Mohan on Jul 1st, 2009 | 0 comments home title

Recently I had to turning on auditing on a file server. However turning on auditing was fine but what to do with the logs. The max recommended size for logs are 65Mb. However within 4 hours I was hitting that 65MB limit, and my oldest logs would start erasing. There are some tools out there that can help you, but nothing beats building your own. While I was researching how to archive my logs in a format I want, I stumbled on LogParser by Microsoft. This tools allows you to save your logs to SQL, CSV, TXT and provides only the information you want. All I wanted archived was the date/time stamp, the user, and what they did. This tool helped me accomplish that. I highly recommend you try it, if you need to archive, or audit logs. Click here to download from Microsoft, or here LogParser.msi to download from this site. Below is a code I used to extract the security log with the time stamp, eventid, sid, and the message into a file.

LogParser “SELECT TimeGenerated, EventID, SID, Message INTO c:\temp\security.txt FROM \\SERVERNAME\security” -resolveSIDs:ON

Leave a Reply home title

Welcome to my blog at jasonmohan.com. I am Jason Mohan, an IT professional who loves to stay on the leading edge of technology, and tries to tackle most commonly faced issues by computer users, and administrators through this blog. Whenever I faced a IT problem for which I didn't know the answer I'd research on the internet. Most of the time I found my answers through forums, and/or blogs which others posted. So in spirit of giving back I created this blog which was originally titled Netexceed, but recently I've moved the blog to free up resources at Netexceed.com. You may link to articles within this blog, but do not copy the articles (or at least rewrite them). Links to other computer educational resources.

Computer Blogs - BlogCatalog Blog Directory

Houston Technical Support

Netexceed Group