Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

EventReader 3.0 SQL Configuration

Install and configure SQL server. The example below is using MS SQL Server 2005 Express Edition on a Windows XP Professional machine.

Using the SQL management interface, create a new database, in this example ER2:

Using the SQL management interface, create a login to be used by EventReader 3, in this example, er2saver:

Assign the new login the db_owner role to the ER2 database (the user should have enough permissions to create table, read and write data):

Start EventReader 3 and expand the Advanced settings section. Check the Save events in a database box and click on the ODBC settings.. button:

In the ODBC connections window click on New connection to create the connection to SQL database. Select the database type as MS SQL Server:

Enter a Connection name (something relevant to you). In this example, the name of the connection is ECO_SQL, ECO being the name of the computer where SQL Server is installed. In the Credentialssection, enter the login name and the password (as created in SQL). In the Sql Server settings section enter the SQL server name (in this example is ECO\SQLEXPRESS). Click on the Selected SQL Server database dropdown list and select the ER2 database (if there is an error at this step, then the user id / password or the server name is incorrect or there is no connectivity between EventReader 2 and the SQL server)

Click on Create new table to generate a new table within the ER2 database. Enter a table name (in this example the name is events):

Any error at this stage may indicate insufficient user rights. Click the >> button to select the new table as the one where the events are saved then click Ok to close the Create new ODBC connection screen:

Click Ok again to close the Create ODBC connection window. Once this step is completed, EventReader is able to save the event log content in the newly created database. To test it, collapse theAdvanced settings panel, select an existing event log and right click to bring up the contextual menu. Choose Export to database table option, make sure the ODBC connection is selected and click Ok:

Using the SQL management interface, verify that the log entries were saved in the database. In SQL Express, using the Management Studio Express it should look something like this:

Once these steps are completed, EventReader 3 will save all the new events matching the filter parameters in the database, after each refresh. To configure EventReader 3 to save the events only at the scheduled intervals, use the Schedule options panel, Actions..., and configure the ODBC settings in a similar fashion. You can create a new database or a new table. If the same database and table are used for Schedule and refresh event saving, one may end up with duplicate events. For Scheduled options you also need to complete the other settings like schedule times, user id and password, email, etc.. .

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.