diff --git a/evtx2sql-convert2sql.php b/evtx2sql-convert2sql.php
index 833a006..e0932ed 100755
--- a/evtx2sql-convert2sql.php
+++ b/evtx2sql-convert2sql.php
@@ -25,7 +25,7 @@ class EventMeta {
 	public $servicename;
 	public $data;
 	public $status;
-	public $result;
+	public $result; 
 	function Clear() {
 		$this->eventrecordid = 0;
 		$this->time = 0;
@@ -47,6 +47,10 @@ class EventMeta {
 class EventData {
 	public $name;
 	public $value;
+	function Clear() {
+		$this->name = "";
+		$this->value = "";
+	}
 }
 
 $xmlelement = "";
@@ -66,11 +70,31 @@ function sql_addmeta ($data, $darray) {
 	}
 	else {
 		// default
-		if (isset ($darray['IpAddress'])) $data->server = $darray['IpAddress'];
+		if (isset ($darray['WorkstationName'])) {
+			if ($darray['WorkstationName'] != '-') 
+				$data->server = $darray['WorkstationName'];
+		}
+		else if (isset ($darray['Workstation'])) {
+			if ($darray['Workstation'] != '-')	
+				$data->server = $darray['Workstation'];
+		}
+		if (isset ($darray['IpAddress'])) {
+			if (strlen($data->server) > 0) $data->server = $data->server." [".$darray['IpAddress']."]";
+			else  $data->server = $darray['IpAddress'];
+		}
 		if (isset ($darray['TargetUserName'])) $data->username = $darray['TargetUserName'];
+		if (isset ($darray['SubjectUserName']))	{
+			if ($darray['SubjectUserName'] != '-')
+				$data->username = $data->username."[".$darray['SubjectUserName']."]";
+		}
 		if (isset ($darray['TargetDomainName'])) $data->domainname = $darray['TargetDomainName'];
+		if (isset ($darray['SubjectDomainName'])) {
+			if ($darray['SubjectDomainName'] != '-')
+				$data->domainname = $data->domainname."[".$darray['SubjectDomainName']."]";
+		}
 		if (isset ($darray['ServiceName'])) $data->servicename = $darray['ServiceName'];
 		if (isset ($darray['Status'])) $data->status = $darray['Status'];
+		if (isset ($darray['ProcessName'])) $data->data = $darray['ProcessName'];
 	}
 
 	printf ("INSERT INTO tbl_EventMeta (eventrecordid, time, eventid, task, level, keywords, computer, server, username, domainname, servicename, data, status) VALUES('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s');\n",
@@ -120,14 +144,14 @@ function xmlendhandler($parser, $name) {
 	global $edataelement;
 	global $edataarray;
 
-	if (strstr($xmlelement, "EVENT\tSYSTEM") <> false && strstr($name, "SYSTEM") <> false) {
+	if (strstr($xmlelement, "\tEVENT") <> false && strcmp($name, "EVENT") == 0) {
 		sql_addmeta ($emeta, $edataarray);
 		$edataarray = array();
 		$emata = new EventMeta();
 	}
-	if (strstr($xmlelement, "EVENT\tEVENTDATA\tDATA") <> false && strstr($name, "DATA") <> false) {
-		printf ("******************* %s    %s    %s\n", $name, $edataelement->name, $edataelement->value); 
+	if (strstr($xmlelement, "\tEVENT\tEVENTDATA\tDATA") <> false && strstr($name, "DATA") <> false) {
 		$edataarray[$edataelement->name] = $edataelement->value;
+		$edataelement->Clear();
 	}
 
 	$pos = strrpos ($xmlelement, "\t");