It might be handy to import Windows Events in a SQL database. This can be adapted to every database (just used MySQL as an example) as the target.
In this example we will import the Security log into the database.
Update February, 13 2019: I don’t know if this still works with newer Windows versions than XP or 7.
- Install Logparser from Microsoft: https://www.microsoft.com/en-us/download/details.aspx?id=24659
- An installed version of MySQL
- Installed 32bit version of the MySQL ODBC driver https://dev.mysql.com/downloads/connector/odbc/
Make sure you meet all requirements
Create a new database in MySQL, you can also reuse an existing one if you want to.
Create this database connection in the 32bit ODBC Manager (c:\windows\SysWOW64\odbcad32.exe) as a datasource (in this example we will name it WindowsLog32). Warning: On 64bit systems, don’t use the ODBC manager you find in the system tools, because this would give you problems.
Now try to import the data with
logparser "SELECT * FROM Security TO seclog" -i:EVT -o:SQL -createTable:ON -dsn:WindowsLog32 -server:localhost
-createTable:ONlogparser will try to create the table schema, but sometimes the created schema will have columns which are too short. This is because logparser doesn’t know MySQL. Therefore you’d get errors like “Data too long for column ‘Strings’ at row 1”. You’ll have to issue some
ALTER TABLEyourself to make those columns long enough.
Because you already have the table in your database you can leave out the
-createTable:ONparameter and it should import successfully. You need this param only for the first time. Subsequent imports won’t need that parameter.