All Apps and Add-ons

Can Splunk ingest Microsoft Access Database (.mdb) files?

nick405060
Motivator

We are trying to ingest badge data from a Win7 desktop that uses an access control application called WinDSX. The data is stored in a .mdb file. How can I ingest this data? Would running odbcad32.exe to create a ODBC System DSN help or not? It doesn't look like Splunk 7 can hit up ODBC connections

0 Karma

nick405060
Motivator

This was the only relevant Splunk Answer I found, however as noted in the question this will not work in Splunk 7.x onwards

https://answers.splunk.com/answers/74161/dbx-connection-to-microsoft-access.html

So instead I combined code from

https://code.google.com/archive/p/pypyodbc/wikis/pypyodbc_for_access_mdb_file.wiki

with code from

https://stackoverflow.com/questions/3620539/how-to-deal-with-mdb-access-files-with-python

and scheduled this Python script to run on a cron schedule:

import pypyodbc, csv
con = pypyodbc.win_connect_mdb("C:\WinDSX\Log.mdb")
cur = con.cursor()

# run a query and get the results 
SQL = 'SELECT * FROM EvnLog;' # your query goes here
rows = cur.execute(SQL).fetchall()
cur.close()
con.close()

# you could change the mode from 'w' to 'a' (append) for any subsequent queries
with open('WINDSX_LOGS.csv', 'a', newline='') as fou:
    csv_writer = csv.writer(fou) # default field-delimiter is ","
    csv_writer.writerows(rows)

... and then monitored and ingested using a Splunk UF

0 Karma