From the Assign Filter and Action dialog select the new action and click the OK button. Close the Log Management Wizard and save your changes when prompted.
You have successfully completed this tutorial. Your process should now be fired every time an entry passes your filter.
Consolidating Logs to SQL Server
In this tutorial, we walk you through the process of configuring SQL Server. Once completed, we will configure SpectorSoft Log Manager to use SQL Server as its Event Log repository. Lastly, we will download logs to the SQL Server database and verify entries were written to the database.
Step 1: Create a new primary and archive database
From the Start menu, navigate to the Microsoft SQL Server shortcut folder and select Microsoft SQL Server Management Studio and login to your database server.
From the left pane called the Object Explorer, right click on Databases and select New Database.
Specify CBLM in the Database name text box. When you are finished you should see the following:
Create another database called CBLM_ARCHIVE with the same options.
Step 2: Create the database user
From the Object Explorer right click on Security and select New Login.
Specify the cblmuser in the Login name text box.
Select SQL Server authentication.
Specify a password.
De-select Enforce password policy.
In the Default database combo box select CBLM. When you are finished you should see the following:
Step 3: Assign the user to the CBLM and CBLM_ARCHIVE databases
From the Object Explorer expand Databases\CBLM. Right-click on Security and select New User.
Specify the cblmuser in the User name text box.
Specify the cblmuser in the Login name text box.
From within the Database Role Membership list check db_owner. When you are finished you should see the following:
Consolidating Logs to SQL Server
Repeat the above steps for the CBLM_ARCHIVE database.
Step 4: Initialize SQL Server to work with SpectorSoft Log Manager
Open SpectorSoft Log Manager, select Options from the Tools menu item and then select the Data Providers tab. Use this page to add the primary and archive log repositories (CBLM and
CBLM_ARCHIVE).
Create the primary log repository
Click the new data provider button .
Use the Name text box to specify a user friendly name that uniquely identifies the data provider, for example, SQL Server.
Under the Provider combo-box SQL Server.
Under the Type combo-box select Log Repository.
Use the Host text box to specify the host name the database resides. If you are using SQL Express use the following format: [HOSTNAME]\SQLExpress. For example,
servername\sqlexpress.
Type cblm in the Database text box.
Type cblmuser in the Username text box.
Type the password you assigned the user when created within SQL Server Management Studio.
Once complete click the Test Connection button. If you were unable to connect, verify you created and assigned the user to the database as well as typed the connection information correctly.
Once you have successfully tested the connection, click the Initialize button. When you are finished you should see the following:
When you clicked the Initializebutton SpectorSoft Log Manager should have created 6 tables. They are:
Table Description
level Contains a list of the Event Log levels (Information, Warning, Error, Audit Success, and Audit Failure).
facility Contains a list of the Syslog facilities.
priority Contains a list of the Syslog priorities.
event_logs Contains an index of consolidated Event Logs.
syslogs Contains an index of consolidated Syslogs.
text_logs Contains an index of consolidated Text Logs.
Each log file is consolidated to its own table. Event Log and Syslog tables follow the following naming conventions:
Event Log: [host]_evt_[log]
Syslog: [host]_syslog
Since the only thing that uniquely identifies a text log is the filename a GUID is used in place of the filename. The Text_Logs table maps the consolidated Text Log’s filename to the GUID.
Create the archive log repository
Consolidating Logs to SQL Server
Follow the steps above again but this time under the Type combo-box select Archive. After you have configured and initialized the database you should see the following:
Step 5: Test and verify the configuration
From the Navigation view within Log Manager, select the Configuration Explorer tab. Navigate to a server and highlight the Application log. From the File menu item select Download Event Logs.
Once the download is complete you will be prompted to display the log. Click Yes. When prompted to apply a filter, select all Levels and clear the filter option. You should now see all the newly downloaded Event Log entries.
Go back to your Microsoft SQL Server Management Studio, from the Object Explorerview expand Databases\cblm\Tables, right click on the Tables node, select Refresh then expand the Tables node. You should now see a new table called [servername]_evt_application where [servername] is the name of the server you downloaded the logs from. If you see this table, you have successfully downloaded the Event Log and saved it to your SQL Server database.