Thank you for your response. I didn't even think about the fact that I probably can't just 'add' to the host (Windows 2003 server) 'and' create a custom parser for the SQL entries. I am sure that this is still the case. I really hope that this is improved in 6.x.

Thank you again.

OK. I just got in this morning and build a 'test' custom parser. I appears that if I make this a software application, I can apply it to my previously defined Windows server and tell it that it will be receiving the information to be parsed via syslog. Does anyone have any experience doing this for SQL Server?

Thanks again.

while you can do that, I don't think it will work. At least it didn't work when I tried. As I recall, the problem is that the windows parser has a "catch-all" parser that maps to "generic windows event". This parser is applied before your custom parser.

OK. Thanks. That makes sense. I haven't been able to test this yet, so I appreciate you mentioning this.

Thanks.

I would still test it. It's been quite a few versions since I did. Let us know how it goes.

OK. I've been trying everything to see if I can get something to work here, but to no avail. It definitely reports it as a 'general windows application log' entry instead of running it through the custom parser. Every attempt to get any assistance through TAC (wondering about the order the devices were processed) yielded 'It is not supported'. Anyway, thank you very much for your input on this and unfortunately, I was not successful.

thanks for following up. Let's keep our fingers crossed that this is addressed in 6.x.