Collect System Event Logs in SQL server database
1) Create new query.
2) Select Log Input Type to Windows Event Log (on query toolbar). You can use this query to get top 100 logs from both servers:
SELECT TOP 100 * FROM \\SERVERNAME1\System, \\SERVERNAME2\System
You must have appropriate access permissions in order to query servers.
3)
Select Output format type from the toolbar to SQL Server.
4) Click on
"Output format properties" to set the properties for sql connection.
5) Write the query
SELECT TOP 100 *INTO tbEventLogs
FROM System
tbEventLogs is the name of the table (it will be auto created if you set that property to true).
6)
You can also create two queries for both serves like I explained before (SELECT *
INTO tbEventLogs FROM \\SERVERNAME1\System).
7) Click on input format properties. Set the iCheckpoint property (it is a path to a file that will save the last position of the query and next time will continue from there (not entire log). Please note that the file must be saved on writable location and, must be different for both servers). Test the queries and properties, after that delete the checkpoint files when you think it is ready for production.
8) Save both queries in a repository.
9) Open "All queries window". Check
both queries and click on "Run With Parameters".
10) Check the "Close
Application on Finish" flag.
11) There is a small button in the left bottom corner of the window (Copy command line to clipboard). It will copy the LPL command line to the clipboard. Click on it, then click on Cancel since you don't want to run these queries now.
12) Put this command in a Windows Scheduler to run whenever you want.