We are trying to ingest badge data from a Win7 desktop that uses an access control application called WinDSX. The data is stored in a .mdb file. How can I ingest this data? Would running odbcad32.exe to create a ODBC System DSN help or not? It doesn't look like Splunk 7 can hit up ODBC connections
Hello,
Curious if you solved this? We are attempting to do the exact same thing.
Thank you!
Bill
This was the only relevant Splunk Answer I found, however as noted in the question this will not work in Splunk 7.x onwards
https://answers.splunk.com/answers/74161/dbx-connection-to-microsoft-access.html
So instead I combined code from
https://code.google.com/archive/p/pypyodbc/wikis/pypyodbc_for_access_mdb_file.wiki
with code from
https://stackoverflow.com/questions/3620539/how-to-deal-with-mdb-access-files-with-python
and scheduled this Python script to run on a cron schedule:
import pypyodbc, csv
con = pypyodbc.win_connect_mdb("C:\WinDSX\Log.mdb")
cur = con.cursor()
# run a query and get the results
SQL = 'SELECT * FROM EvnLog;' # your query goes here
rows = cur.execute(SQL).fetchall()
cur.close()
con.close()
# you could change the mode from 'w' to 'a' (append) for any subsequent queries
with open('WINDSX_LOGS.csv', 'a', newline='') as fou:
csv_writer = csv.writer(fou) # default field-delimiter is ","
csv_writer.writerows(rows)
... and then monitored and ingested using a Splunk UF