source: branches/samba-3.0/docs/manpages/eventlogadm.8@ 770

Last change on this file since 770 was 336, checked in by Herwig Bauernfeind, 16 years ago

Update 3.0 to 3.0.37 (unsupported security update)

File size: 9.8 KB
Line 
1.\" Title: eventlogadm
2.\" Author: [see the "AUTHOR" section]
3.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
4.\" Date: 09/30/2009
5.\" Manual: System Administration tools
6.\" Source: Samba 3.0
7.\" Language: English
8.\"
9.TH "EVENTLOGADM" "8" "09/30/2009" "Samba 3\&.0" "System Administration tools"
10.\" -----------------------------------------------------------------
11.\" * (re)Define some macros
12.\" -----------------------------------------------------------------
13.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
14.\" toupper - uppercase a string (locale-aware)
15.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
16.de toupper
17.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
18\\$*
19.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
20..
21.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22.\" SH-xref - format a cross-reference to an SH section
23.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
24.de SH-xref
25.ie n \{\
26.\}
27.toupper \\$*
28.el \{\
29\\$*
30.\}
31..
32.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
33.\" SH - level-one heading that works better for non-TTY output
34.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
35.de1 SH
36.\" put an extra blank line of space above the head in non-TTY output
37.if t \{\
38.sp 1
39.\}
40.sp \\n[PD]u
41.nr an-level 1
42.set-an-margin
43.nr an-prevailing-indent \\n[IN]
44.fi
45.in \\n[an-margin]u
46.ti 0
47.HTML-TAG ".NH \\n[an-level]"
48.it 1 an-trap
49.nr an-no-space-flag 1
50.nr an-break-flag 1
51\." make the size of the head bigger
52.ps +3
53.ft B
54.ne (2v + 1u)
55.ie n \{\
56.\" if n (TTY output), use uppercase
57.toupper \\$*
58.\}
59.el \{\
60.nr an-break-flag 0
61.\" if not n (not TTY), use normal case (not uppercase)
62\\$1
63.in \\n[an-margin]u
64.ti 0
65.\" if not n (not TTY), put a border/line under subheading
66.sp -.6
67\l'\n(.lu'
68.\}
69..
70.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
71.\" SS - level-two heading that works better for non-TTY output
72.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
73.de1 SS
74.sp \\n[PD]u
75.nr an-level 1
76.set-an-margin
77.nr an-prevailing-indent \\n[IN]
78.fi
79.in \\n[IN]u
80.ti \\n[SN]u
81.it 1 an-trap
82.nr an-no-space-flag 1
83.nr an-break-flag 1
84.ps \\n[PS-SS]u
85\." make the size of the head bigger
86.ps +2
87.ft B
88.ne (2v + 1u)
89.if \\n[.$] \&\\$*
90..
91.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
92.\" BB/BE - put background/screen (filled box) around block of text
93.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
94.de BB
95.if t \{\
96.sp -.5
97.br
98.in +2n
99.ll -2n
100.gcolor red
101.di BX
102.\}
103..
104.de EB
105.if t \{\
106.if "\\$2"adjust-for-leading-newline" \{\
107.sp -1
108.\}
109.br
110.di
111.in
112.ll
113.gcolor
114.nr BW \\n(.lu-\\n(.i
115.nr BH \\n(dn+.5v
116.ne \\n(BHu+.5v
117.ie "\\$2"adjust-for-leading-newline" \{\
118\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
119.\}
120.el \{\
121\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
122.\}
123.in 0
124.sp -.5v
125.nf
126.BX
127.in
128.sp .5v
129.fi
130.\}
131..
132.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
133.\" BM/EM - put colored marker in margin next to block of text
134.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
135.de BM
136.if t \{\
137.br
138.ll -2n
139.gcolor red
140.di BX
141.\}
142..
143.de EM
144.if t \{\
145.br
146.di
147.ll
148.gcolor
149.nr BH \\n(dn
150.ne \\n(BHu
151\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
152.in 0
153.nf
154.BX
155.in
156.fi
157.\}
158..
159.\" -----------------------------------------------------------------
160.\" * set default formatting
161.\" -----------------------------------------------------------------
162.\" disable hyphenation
163.nh
164.\" disable justification (adjust text to left margin only)
165.ad l
166.\" -----------------------------------------------------------------
167.\" * MAIN CONTENT STARTS HERE *
168.\" -----------------------------------------------------------------
169.SH "Name"
170eventlogadm \- push records into the Samba event log store
171.SH "Synopsis"
172.fam C
173.HP \w'\ 'u
174\FCeventlogadm\F[] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ \FCaddsource\F[]\ \fIEVENTLOG\fR\ \fISOURCENAME\fR\ \fIMSGFILE\fR
175.fam
176.fam C
177.HP \w'\ 'u
178\FCeventlogadm\F[] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ \FCwrite\F[]\ \fIEVENTLOG\fR
179.fam
180.SH "DESCRIPTION"
181.PP
182This tool is part of the
183\fBsamba\fR(1)
184suite\&.
185.PP
186\FCeventlogadm\F[]
187is a filter that accepts formatted event log records on standard input and writes them to the Samba event log store\&. Windows client can then manipulate these record using the usual administration tools\&.
188.SH "OPTIONS"
189.PP
190\fB\-d\fR
191.RS 4
192The
193\FC\-d\F[]
194option causes
195\FCeventlogadm\F[]
196to emit debugging information\&.
197.RE
198.PP
199\fB\-o\fR \FCaddsource\F[] \fIEVENTLOG\fR \fISOURCENAME\fR \fIMSGFILE\fR
200.RS 4
201The
202\FC\-o addsource\F[]
203option creates a new event log source\&.
204.RE
205.PP
206\fB\-o\fR \FCwrite\F[] \fIEVENTLOG\fR
207.RS 4
208The
209\FC\-o write\F[]
210reads event log records from standard input and writes them to theSamba event log store named by EVENTLOG\&.
211.RE
212.PP
213\fB\-h\fR
214.RS 4
215Print usage information\&.
216.RE
217.SH "EVENTLOG RECORD FORMAT"
218.PP
219For the write operation,
220\FCeventlogadm\F[]
221expects to be able to read structured records from standard input\&. These records are a sequence of lines, with the record key and data separated by a colon character\&. Records are separated by at least one or more blank line\&.
222.PP
223The event log record field are:
224.sp
225.RS 4
226.ie n \{\
227\h'-04'\(bu\h'+03'\c
228.\}
229.el \{\
230.sp -1
231.IP \(bu 2.3
232.\}
233
234\FCLEN\F[]
235\- This field should be 0, since
236\FCeventlogadm\F[]
237will calculate this value\&.
238.RE
239.sp
240.RS 4
241.ie n \{\
242\h'-04'\(bu\h'+03'\c
243.\}
244.el \{\
245.sp -1
246.IP \(bu 2.3
247.\}
248
249\FCRS1\F[]
250\- This must be the value 1699505740\&.
251.RE
252.sp
253.RS 4
254.ie n \{\
255\h'-04'\(bu\h'+03'\c
256.\}
257.el \{\
258.sp -1
259.IP \(bu 2.3
260.\}
261
262\FCRCN\F[]
263\- This field should be 0\&.
264.RE
265.sp
266.RS 4
267.ie n \{\
268\h'-04'\(bu\h'+03'\c
269.\}
270.el \{\
271.sp -1
272.IP \(bu 2.3
273.\}
274
275\FCTMG\F[]
276\- The time the eventlog record was generated; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
277.RE
278.sp
279.RS 4
280.ie n \{\
281\h'-04'\(bu\h'+03'\c
282.\}
283.el \{\
284.sp -1
285.IP \(bu 2.3
286.\}
287
288\FCTMW\F[]
289\- The time the eventlog record was written; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
290.RE
291.sp
292.RS 4
293.ie n \{\
294\h'-04'\(bu\h'+03'\c
295.\}
296.el \{\
297.sp -1
298.IP \(bu 2.3
299.\}
300
301\FCEID\F[]
302\- The eventlog ID\&.
303.RE
304.sp
305.RS 4
306.ie n \{\
307\h'-04'\(bu\h'+03'\c
308.\}
309.el \{\
310.sp -1
311.IP \(bu 2.3
312.\}
313
314\FCETP\F[]
315\- The event type \-\- one of "INFO", "ERROR", "WARNING", "AUDIT SUCCESS" or "AUDIT FAILURE"\&.
316.RE
317.sp
318.RS 4
319.ie n \{\
320\h'-04'\(bu\h'+03'\c
321.\}
322.el \{\
323.sp -1
324.IP \(bu 2.3
325.\}
326
327\FCECT\F[]
328\- The event category; this depends on the message file\&. It is primarily used as a means of filtering in the eventlog viewer\&.
329.RE
330.sp
331.RS 4
332.ie n \{\
333\h'-04'\(bu\h'+03'\c
334.\}
335.el \{\
336.sp -1
337.IP \(bu 2.3
338.\}
339
340\FCRS2\F[]
341\- This field should be 0\&.
342.RE
343.sp
344.RS 4
345.ie n \{\
346\h'-04'\(bu\h'+03'\c
347.\}
348.el \{\
349.sp -1
350.IP \(bu 2.3
351.\}
352
353\FCCRN\F[]
354\- This field should be 0\&.
355.RE
356.sp
357.RS 4
358.ie n \{\
359\h'-04'\(bu\h'+03'\c
360.\}
361.el \{\
362.sp -1
363.IP \(bu 2.3
364.\}
365
366\FCUSL\F[]
367\- This field should be 0\&.
368.RE
369.sp
370.RS 4
371.ie n \{\
372\h'-04'\(bu\h'+03'\c
373.\}
374.el \{\
375.sp -1
376.IP \(bu 2.3
377.\}
378
379\FCSRC\F[]
380\- This field contains the source name associated with the event log\&. If a message file is used with an event log, there will be a registry entry for associating this source name with a message file DLL\&.
381.RE
382.sp
383.RS 4
384.ie n \{\
385\h'-04'\(bu\h'+03'\c
386.\}
387.el \{\
388.sp -1
389.IP \(bu 2.3
390.\}
391
392\FCSRN\F[]
393\- he name of the machine on which the eventlog was generated\&. This is typically the host name\&.
394.RE
395.sp
396.RS 4
397.ie n \{\
398\h'-04'\(bu\h'+03'\c
399.\}
400.el \{\
401.sp -1
402.IP \(bu 2.3
403.\}
404
405\FCSTR\F[]
406\- The text associated with the eventlog\&. There may be more than one string in a record\&.
407.RE
408.sp
409.RS 4
410.ie n \{\
411\h'-04'\(bu\h'+03'\c
412.\}
413.el \{\
414.sp -1
415.IP \(bu 2.3
416.\}
417
418\FCDAT\F[]
419\- This field should be left unset\&.
420.SH "EXAMPLES"
421.PP
422An example of the record format accepted by
423\FCeventlogadm\F[]:
424.sp
425.if n \{\
426.RS 4
427.\}
428.fam C
429.ps -1
430.nf
431.if t \{\
432.sp -1
433.\}
434.BB lightgray adjust-for-leading-newline
435.sp -1
436
437 LEN: 0
438 RS1: 1699505740
439 RCN: 0
440 TMG: 1128631322
441 TMW: 1128631322
442 EID: 1000
443 ETP: INFO
444 ECT: 0
445 RS2: 0
446 CRN: 0
447 USL: 0
448 SRC: cron
449 SRN: dmlinux
450 STR: (root) CMD ( rm \-f /var/spool/cron/lastrun/cron\&.hourly)
451 DAT:
452
453.EB lightgray adjust-for-leading-newline
454.if t \{\
455.sp 1
456.\}
457.fi
458.fam
459.ps +1
460.if n \{\
461.RE
462.\}
463.PP
464Set up an eventlog source, specifying a message file DLL:
465.sp
466.if n \{\
467.RS 4
468.\}
469.fam C
470.ps -1
471.nf
472.if t \{\
473.sp -1
474.\}
475.BB lightgray adjust-for-leading-newline
476.sp -1
477
478 eventlogadm \-o addsource Application MyApplication | \e\e
479 %SystemRoot%/system32/MyApplication\&.dll
480
481.EB lightgray adjust-for-leading-newline
482.if t \{\
483.sp 1
484.\}
485.fi
486.fam
487.ps +1
488.if n \{\
489.RE
490.\}
491.PP
492Filter messages from the system log into an event log:
493.sp
494.if n \{\
495.RS 4
496.\}
497.fam C
498.ps -1
499.nf
500.if t \{\
501.sp -1
502.\}
503.BB lightgray adjust-for-leading-newline
504.sp -1
505
506 tail \-f /var/log/messages | \e\e
507 my_program_to_parse_into_eventlog_records | \e\e
508 eventlogadm SystemLogEvents
509
510.EB lightgray adjust-for-leading-newline
511.if t \{\
512.sp 1
513.\}
514.fi
515.fam
516.ps +1
517.if n \{\
518.RE
519.\}
520.SH "VERSION"
521.PP
522This man page is correct for version 3\&.0\&.25 of the Samba suite\&.
523.SH "AUTHOR"
524.PP
525The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
Note: See TracBrowser for help on using the repository browser.