Needed to create a 32-bit compatible ODBC DSN to output
Log Parser results from a 64-bit version of Windows to a MySQL instance.
Log Parser gave me an architecture mismatch error:
Error connecting to ODBC Server
SQL State: IM014
Native Error: 0
Error Message: [Microsoft][ODBC Driver Manager] The specified DSN contains
an architecture mismatch between the Driver and Application
|
NOTE: Log Parser did not work well with the more modern 32-bit
version 5.1 ODBC Connector so I had to use the 32-bit
version 3.51 ODBC Connector.
Then used the
[WindowsDir]\SysWOW64\odbcad32.exe to create a 32-bit System DSN. (See the
MS KB942976 for more detail.)
And finally, started pushing event logs into the MySQL database with the DSN created above. (Where X is the server name and XXX is the DSN name.)
LogParser “SELECT * INTO Events FROM *.evtx” –server:X –i:EVT –o:SQL –dsn:XXX –fixColNames:ON –maxStrFieldLen:2048 |
Or if you prefer from PowerShell. (Where X is the server name and XXX is the DSN name.)
dir *.evtx | foreach-object {LogParser “SELECT * INTO Events FROM ‘$_.’” –server:X –i:EVT –o:SQL –dsn:XXX –fixColNames:ON –maxStrFieldLen:2048} |
I used the PowerShell option because the event logs were rather large (~500K events each) so the connector kept running out of RAM with the *.evtx source. Also, I needed a specific timeframe from the event logs so I added a where clause to get:
dir *.evtx | foreach-object {LogParser “SELECT * INTO Events FROM '$_.' WHERE TimeGenerated > TIMESTAMP('2010-07-05 00:00:00','yyyy-MM-dd hh:mm:ss') AND TimeGenerated < TIMESTAMP('2010-07-21 00:00:00','yyyy-MM-dd hh:mm:ss')” –server:X –i:EVT –o:SQL –dsn:XXX –fixColNames:ON –maxStrFieldLen:2048} |