Sometimes it would be cool to have all events from the Windows Event Log in a SQL database. This can be adapted to every database (just used MySQL as an example).

In this example we will import the Security log into the database.

Update February, 13 2019: I don’t know if this still works with newer Windows versions than XP or 7.

Requirements

How

  1. Make sure you meet all requirements

  2. Create a new database in MySQL, you can also reuse an existing one if you want to.

  3. Create this database connection in the 32bit ODBC Manager (c:\windows\SysWOW64\odbcad32.exe) as a datasource (in this example we will name it WindowsLog32). Warning: On 64bit systems, don’t use the ODBC manager you find in the system tools, because this would give you problems.

  4. Now try to import the data with

    logparser "SELECT * FROM Security TO seclog" -i:EVT -o:SQL -createTable:ON -dsn:WindowsLog32 -server:localhost

    With param -createTable:ON logparser will try to create the table schema, but sometimes the created schema will have columns which are too short. This is because logparser doesn’t know MySQL. Therefore you’d get errors like “Data too long for column ‘Strings’ at row 1”. You’ll have to issue some ALTER TABLE yourself to make long enought columns.

  5. Because now you already have the table you can leave out the -createTable:ON parameter and it should import successfully. You need this param only for the first time. Subsequent imports won’t need that parameter.