SQL Stored Procedure with dynamic columns

Gana S 1 Reputation point
2022-05-11T12:30:56.777+00:00

Team

I am working on a project in which i need to get column names from Security event log (like ex: Security ID, Account Name, Account Domain, Logon ID) & this column count will increase based on security events.
I need this to read from one SQL Table & and get columns (1st event may have 4 columns, 2nd event may have 10 columns & so on) after reading it need to update it in new SQL table with the columns (each column should have each event & its values).
Any suggestion please.

I am happy to have this in SQL Query OR PowerShell too.

================================

1st Event Log:

Message
An account was logged off.

Subject:
Security ID: S-1-5-21-4092471901-707098849-2603905285-1002
Account Name: IUSR
Account Domain:
Logon ID: 0x2D6330DA

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

====================================

2nd Event log

Key file operation.

Subject:
Security ID: S-1-5-18
Account Name: ETS03$
Account Domain: LAB
Logon ID: 0x3E7

Process Information:
Process ID: 9672
Process Creation Time: ‎2022‎-‎04‎-‎15T00:49:59.688316600Z

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: UNKNOWN
Key Name: ConfigMgrPrimaryKey
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\Keys\f67681ddee923363c159c11a44f135de_670959a2-5d10-470b-952c-36572be379fb
Operation: Read persisted key from file.
Return Code: 0x0

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,575 questions
Transact-SQL
Transact-SQL
A Microsoft extension to the ANSI SQL language that includes procedural programming, local variables, and various support functions.
4,665 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Olaf Helper 45,291 Reputation points
    2022-05-12T06:24:45.06+00:00

    Security event log ...1st event may have 4 columns

    If you mean entries from Windows Security EventLog, there are no "columns", that's one plain text, someway separated with linebreaks.
    You would have to parse the text for the required information; no big fun in plain T-SQL. Better use an application/PowerShell for it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.