source: trunk/server/docs-xml/manpages-3/eventlogadm.8.xml@ 660

Last change on this file since 660 was 414, checked in by Herwig Bauernfeind, 16 years ago

Samba 3.5.0: Initial import
File size: 7.1 KB
Line 
1<?xml version="1.0" encoding="iso-8859-1"?>
2<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
3<refentry id="eventlogadm.8">
4
5<refmeta>
6 <refentrytitle>eventlogadm</refentrytitle>
7 <manvolnum>8</manvolnum>
8 <refmiscinfo class="source">Samba</refmiscinfo>
9 <refmiscinfo class="manual">System Administration tools</refmiscinfo>
10 <refmiscinfo class="version">3.5</refmiscinfo>
11</refmeta>
12
13
14<refnamediv>
15 <refname>eventlogadm</refname>
16 <refpurpose>push records into the Samba event log store</refpurpose>
17</refnamediv>
18
19<refsynopsisdiv>
20 <cmdsynopsis>
21
22 <command>eventlogadm</command>
23 <arg><option>-d</option></arg>
24 <arg><option>-h</option></arg>
25 <arg choice="plain"><option>-o</option>
26 <literal>addsource</literal>
27 <replaceable>EVENTLOG</replaceable>
28 <replaceable>SOURCENAME</replaceable>
29 <replaceable>MSGFILE</replaceable>
30 </arg>
31
32 </cmdsynopsis>
33 <cmdsynopsis>
34 <command>eventlogadm</command>
35 <arg><option>-d</option></arg>
36 <arg><option>-h</option></arg>
37 <arg choice="plain"><option>-o</option>
38 <literal>write</literal>
39 <replaceable>EVENTLOG</replaceable>
40 </arg>
41
42 </cmdsynopsis>
43 <cmdsynopsis>
44 <command>eventlogadm</command>
45 <arg><option>-d</option></arg>
46 <arg><option>-h</option></arg>
47 <arg choice="plain"><option>-o</option>
48 <literal>dump</literal>
49 <replaceable>EVENTLOG</replaceable>
50 <replaceable>RECORD_NUMBER</replaceable>
51 </arg>
52
53 </cmdsynopsis>
54
55</refsynopsisdiv>
56
57<refsect1>
58 <title>DESCRIPTION</title>
59
60 <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
61 <manvolnum>1</manvolnum></citerefentry> suite.</para>
62
63 <para><command>eventlogadm</command> is a filter that accepts
64 formatted event log records on standard input and writes them
65 to the Samba event log store. Windows client can then manipulate
66 these record using the usual administration tools.</para>
67
68</refsect1>
69
70
71<refsect1>
72 <title>OPTIONS</title>
73
74 <variablelist>
75
76 <varlistentry>
77 <term><option>-d</option></term>
78 <listitem><para>
79 The <command>-d</command> option causes <command>eventlogadm</command> to emit debugging
80 information.
81 </para></listitem>
82 </varlistentry>
83
84 <varlistentry>
85 <term>
86 <option>-o</option>
87 <literal>addsource</literal>
88 <replaceable>EVENTLOG</replaceable>
89 <replaceable>SOURCENAME</replaceable>
90 <replaceable>MSGFILE</replaceable>
91 </term>
92 <listitem><para>
93 The <command>-o addsource</command> option creates a
94 new event log source.
95 </para> </listitem>
96 </varlistentry>
97
98 <varlistentry>
99 <term>
100 <option>-o</option>
101 <literal>write</literal>
102 <replaceable>EVENTLOG</replaceable>
103 </term>
104 <listitem><para>
105 The <command>-o write</command> reads event log
106 records from standard input and writes them to the Samba
107 event log store named by EVENTLOG.
108 </para> </listitem>
109 </varlistentry>
110
111 <varlistentry>
112 <term>
113 <option>-o</option>
114 <literal>dump</literal>
115 <replaceable>EVENTLOG</replaceable>
116 <replaceable>RECORD_NUMBER</replaceable>
117 </term>
118 <listitem><para>
119 The <command>-o dump</command> reads event log
120 records from a EVENTLOG tdb and dumps them to standard
121 output on screen.
122 </para> </listitem>
123 </varlistentry>
124
125 <varlistentry>
126 <term><option>-h</option></term>
127 <listitem><para>
128 Print usage information.
129 </para></listitem>
130 </varlistentry>
131
132 </variablelist>
133</refsect1>
134
135
136<refsect1>
137 <title>EVENTLOG RECORD FORMAT</title>
138
139 <para>For the write operation, <command>eventlogadm</command>
140 expects to be able to read structured records from standard
141 input. These records are a sequence of lines, with the record key
142 and data separated by a colon character. Records are separated
143 by at least one or more blank line.</para>
144
145 <para>The event log record field are:</para>
146 <itemizedlist>
147
148 <listitem><para>
149 <command>LEN</command> - This field should be 0, since <command>eventlogadm</command> will calculate this value.
150 </para></listitem>
151
152 <listitem><para>
153 <command>RS1</command> - This must be the value 1699505740.
154 </para></listitem>
155
156 <listitem><para>
157 <command>RCN</command> - This field should be 0.
158 </para></listitem>
159
160 <listitem><para>
161 <command>TMG</command> - The time the eventlog record
162 was generated; format is the number of seconds since
163 00:00:00 January 1, 1970, UTC.
164 </para></listitem>
165
166 <listitem><para>
167 <command>TMW</command> - The time the eventlog record was
168 written; format is the number of seconds since 00:00:00
169 January 1, 1970, UTC.
170 </para></listitem>
171
172 <listitem><para>
173 <command>EID</command> - The eventlog ID.
174 </para></listitem>
175
176 <listitem><para>
177 <command>ETP</command> - The event type -- one of
178 &quot;INFO&quot;,
179 &quot;ERROR&quot;, &quot;WARNING&quot;, &quot;AUDIT
180 SUCCESS&quot; or &quot;AUDIT FAILURE&quot;.
181 </para></listitem>
182
183 <listitem><para>
184 <command>ECT</command> - The event category; this depends
185 on the message file. It is primarily used as a means of
186 filtering in the eventlog viewer.
187 </para></listitem>
188
189 <listitem><para>
190 <command>RS2</command> - This field should be 0.
191 </para></listitem>
192
193 <listitem><para>
194 <command>CRN</command> - This field should be 0.
195 </para></listitem>
196
197 <listitem><para>
198 <command>USL</command> - This field should be 0.
199 </para></listitem>
200
201 <listitem><para>
202 <command>SRC</command> - This field contains the source
203 name associated with the event log. If a message file is
204 used with an event log, there will be a registry entry
205 for associating this source name with a message file DLL.
206 </para></listitem>
207
208 <listitem><para>
209 <command>SRN</command> - The name of the machine on
210 which the eventlog was generated. This is typically the
211 host name.
212 </para></listitem>
213
214 <listitem><para>
215 <command>STR</command> - The text associated with the
216 eventlog. There may be more than one string in a record.
217 </para></listitem>
218
219 <listitem><para>
220 <command>DAT</command> - This field should be left unset.
221 </para></listitem>
222
223 </itemizedlist>
224
225</refsect1>
226
227<refsect1>
228 <title>EXAMPLES</title>
229 <para>An example of the record format accepted by <command>eventlogadm</command>:</para>
230
231 <programlisting>
232 LEN: 0
233 RS1: 1699505740
234 RCN: 0
235 TMG: 1128631322
236 TMW: 1128631322
237 EID: 1000
238 ETP: INFO
239 ECT: 0
240 RS2: 0
241 CRN: 0
242 USL: 0
243 SRC: cron
244 SRN: dmlinux
245 STR: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
246 DAT:
247 </programlisting>
248
249 <para>Set up an eventlog source, specifying a message file DLL:</para>
250 <programlisting>
251 eventlogadm -o addsource Application MyApplication | \\
252 %SystemRoot%/system32/MyApplication.dll
253 </programlisting>
254
255 <para>Filter messages from the system log into an event log:</para>
256 <programlisting>
257 tail -f /var/log/messages | \\
258 my_program_to_parse_into_eventlog_records | \\
259 eventlogadm SystemLogEvents
260 </programlisting>
261
262</refsect1>
263
264<refsect1>
265 <title>VERSION</title>
266 <para>This man page is correct for version 3.0.25 of the Samba suite.</para>
267</refsect1>
268
269<refsect1>
270 <title>AUTHOR</title>
271
272 <para> The original Samba software and related utilities were
273 created by Andrew Tridgell. Samba is now developed by the
274 Samba Team as an Open Source project similar to the way the
275 Linux kernel is developed.</para>
276</refsect1>
277
278</refentry>
Note: See TracBrowser for help on using the repository browser.