Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

eventlogadm.8@ 4

Visit:

Last change on this file since 4 was 1, checked in by Paul Smedley, 18 years ago
Initial code import
File size: 4.1 KB

Line
1	.\"Generated by db2man.xsl. Don't modify this, modify the source.
2	.de Sh \" Subsection
3	.br
4	.if t .Sp
5	.ne 5
6	.PP
7	\fB\\$1\fR
8	.PP
9	..
10	.de Sp \" Vertical space (when we can't use .PP)
11	.if t .sp .5v
12	.if n .sp
13	..
14	.de Ip \" List item
15	.br
16	.ie \\n(.$>=3 .ne \\$3
17	.el .ne 3
18	.IP "\\$1" \\$2
19	..
20	.TH "EVENTLOGADM" 8 "" "" ""
21	.SH NAME
22	eventlogadm \- push records into the Samba event log store
23	.SH "SYNOPSIS"
24	.ad l
25	.hy 0
26	.HP 12
27	\fBeventlogadm\fR [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ addsource\ \fIEVENTLOG\fR\ \fISOURCENAME\fR\ \fIMSGFILE\fR
28	.ad
29	.hy
30	.ad l
31	.hy 0
32	.HP 12
33	\fBeventlogadm\fR [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ write\ \fIEVENTLOG\fR
34	.ad
35	.hy
36
37	.SH "DESCRIPTION"
38
39	.PP
40	This tool is part of the\fBsamba\fR(1) suite\&.
41
42	.PP
43	\fBeventlogadm\fR is a filter that accepts formatted event log records on standard input and writes them to the Samba event log store\&. Windows client can then manipulate these record using the usual administration tools\&.
44
45	.SH "OPTIONS"
46
47	.TP
48	\fB\-d\fR
49	The \fB\-d\fR option causes\fBeventlogadm\fR to emit debugging information\&.
50
51	.TP
52	\fB\-o\fR addsource \fIEVENTLOG\fR \fISOURCENAME\fR \fIMSGFILE\fR
53	The \fB\-o addsource\fR option creates a new event log source\&.
54
55	.TP
56	\fB\-o\fR write \fIEVENTLOG\fR
57	The \fB\-o write\fR reads event log records from standard input and writes them to theSamba event log store named by EVENTLOG\&.
58
59	.TP
60	\fB\-h\fR
61	Print usage information\&.
62
63	.SH "EVENTLOG RECORD FORMAT"
64
65	.PP
66	For the write operation, \fBeventlogadm\fR expects to be able to read structured records from standard input\&. These records are a sequence of lines, with the record key and data separated by a colon character\&. Records are separated by at least one or more blank line\&.
67
68	.PP
69	The event log record field are:
70
71	.TP 3
72	\(bu
73	\fBLEN\fR \- This field should be 0, since\fBeventlogadm\fR will calculate this value\&.
74	.TP
75	\(bu
76	\fBRS1\fR \- This must be the value 1699505740\&.
77	.TP
78	\(bu
79	\fBRCN\fR \- This field should be 0\&.
80	.TP
81	\(bu
82	\fBTMG\fR \- The time the eventlog record was generated; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
83	.TP
84	\(bu
85	\fBTMW\fR \- The time the eventlog record was written; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
86	.TP
87	\(bu
88	\fBEID\fR \- The eventlog ID\&.
89	.TP
90	\(bu
91	\fBETP\fR \- The event type \-\- one of "INFO", "ERROR", "WARNING", "AUDIT SUCCESS" or "AUDIT FAILURE"\&.
92	.TP
93	\(bu
94	\fBECT\fR \- The event category; this depends on the message file\&. It is primarily used as a means of filtering in the eventlog viewer\&.
95	.TP
96	\(bu
97	\fBRS2\fR \- This field should be 0\&.
98	.TP
99	\(bu
100	\fBCRN\fR \- This field should be 0\&.
101	.TP
102	\(bu
103	\fBUSL\fR \- This field should be 0\&.
104	.TP
105	\(bu
106	\fBSRC\fR \- This field contains the source name associated with the event log\&. If a message file is used with an event log, there will be a registry entry for associating this source name with a message file DLL\&.
107	.TP
108	\(bu
109	\fBSRN\fR \- he name of the machine on which the eventlog was generated\&. This is typically the host name\&.
110	.TP
111	\(bu
112	\fBSTR\fR \- The text associated with the eventlog\&. There may be more than one string in a record\&.
113	.TP
114	\(bu
115	\fBDAT\fR \- This field should be left unset\&.
116	.LP
117
118	.SH "EXAMPLES"
119
120	.PP
121	An example of the record format accepted by\fBeventlogadm\fR:
122
123	.nf
124
125	LEN: 0
126	RS1: 1699505740
127	RCN: 0
128	TMG: 1128631322
129	TMW: 1128631322
130	EID: 1000
131	ETP: INFO
132	ECT: 0
133	RS2: 0
134	CRN: 0
135	USL: 0
136	SRC: cron
137	SRN: dmlinux
138	STR: (root) CMD ( rm \-f /var/spool/cron/lastrun/cron\&.hourly)
139	DAT:
140
141	.fi
142
143	.PP
144	Set up an eventlog source, specifying a message file DLL:
145
146	.nf
147
148	eventlogadm \-o addsource Application MyApplication \| \\\\
149	%SystemRoot%/system32/MyApplication\&.dll
150
151	.fi
152
153	.PP
154	Filter messages from the system log into an event log:
155
156	.nf
157
158	tail \-f /var/log/messages \| \\\\
159	my_program_to_parse_into_eventlog_records \| \\\\
160	eventlogadm SystemLogEvents
161
162	.fi
163
164	.SH "VERSION"
165
166	.PP
167	This man page is correct for version 3\&.0\&.25 of the Samba suite\&.
168
169	.SH "AUTHOR"
170
171	.PP
172	The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
173

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format