T
tr6boy
I would like to use WMI to pipe security events from all
DCs to a single SQL database so they are easier to
search. It's working, except for the most needed
field, "message" which is a "catch-all" for most of the
per-event data, such as "Target Account".
I can capture the whole "message" contents in a single
large varchar field, but because of the tabs and extra
formatting embedded in it, it's hard to make it useful
for searching. Same result if I save the event log to a
CSV ahead of time.
If anyone has tried this, I'd be interested in your
methods for dealing with the "message" field.
Thanks,
DCs to a single SQL database so they are easier to
search. It's working, except for the most needed
field, "message" which is a "catch-all" for most of the
per-event data, such as "Target Account".
I can capture the whole "message" contents in a single
large varchar field, but because of the tabs and extra
formatting embedded in it, it's hard to make it useful
for searching. Same result if I save the event log to a
CSV ahead of time.
If anyone has tried this, I'd be interested in your
methods for dealing with the "message" field.
Thanks,