Navigation: Management Console / Utilities > Event Log Database Import Utility |
Using the EventSentry Database Import Utility, you can import previously backed up event log files (.evt) or log files (e.g. IIS, DHCP, etc.) into a EventSentry database so that you can search them in the web-based reports.
Benefits The EventSentry Database Import Utility is useful for administrators who backup all their event logs automatically with EventSentry on a regular basis but with limited database storage. Using the utility, the backed up .evt files can be imported into the database anytime. You can also use the utility to import EVT files have been backed before you started using EventSentry.
You can also use the utility to import delimited and non-delimited log files into the EventSentry database. Since the utility supports command-line parameters and can run silently, it is particularly useful for importing log files on a scheduled basis.
Start the utility on a computer where you installed EventSentry with the setup application, including the management console component. You can then either start the utility through the start menu (Start -> Programs -> EventSentry -> EventSentry Database Import Utility) or by selecting "Tools -> Utilities -> Database Import Utility".
If you are importing an event log back file then you can also right-click the "Event Log Viewer (Local)" container in the management console and select "Import Log File to Database".
Importing Event Log Backup Files Select the event log backup (.evt) file and select the type of event log the file contains. If the file name contains either the strings "app", "sec", "sys", "dns", "rep" or "dir", then EventSentry will automatically detect the event log and pre-select the event log. Making sure that the event log selection is correct is important, so that the database import utility knows how to translate event log IDs into real messages.
Limitations If the total number of EventSentry licenses you purchased is less than 10, then the computer from where you are importing the event log backup file, needs to be present in an EventSentry group. If the computer is not present, then you will need to add the computer to a group using the management console and restart the utility.
Importing Delimited and Non-Delimited Log Files Select a delimited or non-delimited log file to import. If you are importing a delimited log file then a log file definition will need to exist in order to correctly import the file. If no definition exists then you will need to close the utility and create a log file definition first.
The database import utility will automatically update the "Number of lines" and "File Size" values in the "Import Progress" section after a file was selected with the "Browse" button. The utility will also detect automatically if a file contains a Unix line separator and import those files correctly as well.
Destination Select the database notification action that you wish to write the data to. If your EventSentry installation contains only one database notification action, then it will automatically be selected and the pull-down menu will be grayed out.
Import Progress Once you have verified that your selection is correct you can click the "Start Import" button to start the import. This area also shows you the size of the event log backup file you are about to import, and the number of event log records contained in the event log backup file.
The progress bar will show you how much data has been imported so far and you can abort the import anytime.
Command-Line Options The EventSentry Database Import Utility supports the following command-line options:
For example, to automatically record the security event log from file DBSRV01_SEC-062006.evt to the mssql action, execute the following command:
eventsentry_db_import.exe /file:DBSRV01_SEC-062006.evt /eventlog:Security /action:mssql
If you need to import multiple log files into the database, then you can create a batch file, for example:
eventsentry_db_import.exe /file:DBSRV01_SEC-062006.evt /eventlog:Security /action:mssql eventsentry_db_import.exe /file:DBSRV01_SEC-072006.evt /eventlog:Security /action:mssql eventsentry_db_import.exe /file:DBSRV01_SEC-082006.evt /eventlog:Security /action:mssql
To import an IIS log file, which is a delimited log file, into the database, execute the following command:
eventsentry_db_import.exe /file:ex070828.log /filedefinition:IIS6 /action:mssql
|