All Apps and Add-ons

Can Splunk ingest Microsoft Access Database (.mdb) files?

nick405060
Motivator

We are trying to ingest badge data from a Win7 desktop that uses an access control application called WinDSX. The data is stored in a .mdb file. How can I ingest this data? Would running odbcad32.exe to create a ODBC System DSN help or not? It doesn't look like Splunk 7 can hit up ODBC connections

0 Karma

bheafey
New Member

Hello,

Curious if you solved this?  We are attempting to do the exact same thing.

Thank you!

Bill

0 Karma

nick405060
Motivator

This was the only relevant Splunk Answer I found, however as noted in the question this will not work in Splunk 7.x onwards

https://answers.splunk.com/answers/74161/dbx-connection-to-microsoft-access.html

So instead I combined code from

https://code.google.com/archive/p/pypyodbc/wikis/pypyodbc_for_access_mdb_file.wiki

with code from

https://stackoverflow.com/questions/3620539/how-to-deal-with-mdb-access-files-with-python

and scheduled this Python script to run on a cron schedule:

import pypyodbc, csv
con = pypyodbc.win_connect_mdb("C:\WinDSX\Log.mdb")
cur = con.cursor()

# run a query and get the results 
SQL = 'SELECT * FROM EvnLog;' # your query goes here
rows = cur.execute(SQL).fetchall()
cur.close()
con.close()

# you could change the mode from 'w' to 'a' (append) for any subsequent queries
with open('WINDSX_LOGS.csv', 'a', newline='') as fou:
    csv_writer = csv.writer(fou) # default field-delimiter is ","
    csv_writer.writerows(rows)

... and then monitored and ingested using a Splunk UF

0 Karma
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

<P style=" text-align: center; "><span class="lia-inline-image-display-wrapper lia-image-align-center" ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

<FONT size="5"><FONT size="5" color="#FF00FF">Get the latest news and updates from the Splunk Community ...