Monthly Archives: December 2018

Using Event Log Explorer to access database events

Event Log Explorer 4.7 comes with new features to save events into SQL server database and load database events.

Saving events into a database gives you many advantages. You can consider event database as an event log backup. You can collect data from different computers in your network into one database and then use any reporting or analytical tools to create your own reports or carry out forensic analysis. You can view database events with Event Log Explorer like general Windows events, but Event Log Explorer uses power of SQL Server and deliver faster performance.

You should have Microsoft SQL Server 2008 or better or Microsoft SQL Server Express 2008 or better.

Event Log Explorer can use embedded into Windows Data Access Components (Windows DAC) to connect to SQL Server – it doesn’t require SQL Server Native Client. However, if you have Native Client installed, it will use it instead of Windows DAC.

Database connecting

To connect to the database, you should select Database -> Connect from the main menu.

Enter server instance name into database server. In most cases, you can enter the computer name of the database server. If you are connecting to SQL Server Express, use the computer name followed by \SQLEXPRESS.

Enable Use operating system authentication to connect using your Windows account. If your SQL server isn’t configured to support your Windows account, disable this option and enter SQL Server username and password.

Enter database name into Database name field. If you don’t have a database to store events, you can create it either with Event Log Explorer or with other tools.

If you want to create a database with Event Log Explorer, click Create new database button. Type server name and your credentials and click Connect button. Then type a new database name, fill in the database parameters and review the creation script. You can modify this script if you know what you do. Then click Create button to run the script and create the database.

Click Connect to connect the database.

Now you upload your events into database.

Saving events

Select Database -> Upload to table from the main menu.

Type table name in table name field

Enable option Export XML data if you want to get the most detailed information about event. Note that in this case, Event Log Explorer will extract XML information for each event and this may take a very, very long time. So, if you want to export XML data, we recommend using Event Log Database Export utility which comes with Event Log Explorer. I will describe this utility in another blog post.

Enable option Append if table exists if you want to add events to the existing table. In other case, if the table exists it will be overwritten.

Press OK to start uploading events.

Loading Events

To load events from the database table, select Database -> Load from table.

Select the required table from the list, then click OK.

Voila! Now you can work with the table as you work with a general event log.

Restrictions:

  1. Custom columns are not available for database events at the time
  2. Bookmarks are not available for database events at the time
  3. When filtering using regular expression (RegExp option), you cannot type the regular expression in PCRE format, you should type your regular expression as SQL Server LIKE template. E.g. if you want to find in description all events about DCOM error with the error code 298, you may type your template as
    %Unable to start a DCOM Server%298%

 

facebooktwittergoogle_plusredditpinterestlinkedinmail