January 17, 2024 at 7:41 pm
There are a couple of excellent articles on the subject of importing Windows Event Log data to sql table.
Like this for example:
https://rcmtech.wordpress.com/2015/12/04/send-windows-event-logs-to-sql-database/
my TWO BIG QUESTIONS ARE:
1 - how important/useful (for what?) will such storage of Win Event log data in sql server table?
in what situation can it come in handy to query it for something that cannot be done in any other ways?
2 - What other ways exist to do the same thing NOT USING POWERSHELL?
thanks.
January 17, 2024 at 10:04 pm
for question 1, I personally don't see the point. The windows event log has all that data, so why bother moving it to a new location PLUS you would need to do it on a schedule otherwise the DB data will be out of sync with the actual log.
The ONLY use case where I can think it would be helpful is if you wanted to store the data from multiple servers in a single location that is quick and easy to query. But again, I haven't ever needed to do this and would much rather do this from the windows event log (or powershell itself) rather than duplicate the data (event log AND SQL) as that's just a waste of disk in my opinion.
To answer question 2, I am sure there are a ton of tools out there for reporting on things like the windows event log. That's another way to view the data, or you can use MMC and you can pull up the event log of your local system or any remote system with RPC enabled and appropriate permissions. You could also build your own application or I imagine SSIS could be used to pull the data from the windows log files, but coming back to point number 1, I've never seen a need to do this, so I don't have a good recommendation on how to do it.
The above is all just my opinion on what you should do.
As with all advice you find on a random internet forum - you shouldn't blindly follow it. Always test on a test server to see if there is negative side effects before making changes to live!
I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.
January 18, 2024 at 11:34 am
This was removed by the editor as SPAM
January 18, 2024 at 3:00 pm
YOUR TWO BIG QUESTIONS ARE:
1 - how important/useful (for what?) will such storage of Win Event log data in sql server table?
in what situation can it come in handy to query it for something that cannot be done in any other ways?
*** Unless there is some critical issue going on in your environment, and the management is looking for stats.
*** I agree with Mr. Gale, there is really no need.
On a tangent:
*** The sql command : EXEC sp_readerrorlog gives you some of errors that could appear in the server event viewer:
https://www.mssqltips.com/sqlservertip/1307/sql-server-error-log-find-errors/
DBASupport
January 27, 2024 at 11:53 am
This was removed by the editor as SPAM
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply