It might be handy to import Windows Events in a SQL database. This can be adapted to every database (just used MySQL as an example) as the target.

In this example we will import the Security log into the database.

Update February, 13 2019: I don’t know if this still works with newer Windows versions than XP or 7.

Requirements

How

  1. Make sure you meet all requirements

  2. Create a new database in MySQL, you can also reuse an existing one if you want to.

  3. Create this database connection in the 32bit ODBC Manager (c:\windows\SysWOW64\odbcad32.exe) as a datasource (in this example we will name it WindowsLog32). Warning: On 64bit systems, don’t use the ODBC manager you find in the system tools, because this would give you problems.

  4. Now try to import the data with

    logparser "SELECT * FROM Security TO seclog" -i:EVT -o:SQL -createTable:ON -dsn:WindowsLog32 -server:localhost
    

    With param -createTable:ON logparser will try to create the table schema, but sometimes the created schema will have columns which are too short. This is because logparser doesn’t know MySQL. Therefore you’d get errors like “Data too long for column ‘Strings’ at row 1”. You’ll have to issue some ALTER TABLE yourself to make those columns long enough.

  5. Because you already have the table in your database you can leave out the -createTable:ON parameter and it should import successfully. You need this param only for the first time. Subsequent imports won’t need that parameter.