source: trunk/server/docs/manpages/eventlogadm.8@ 637

Last change on this file since 637 was 620, checked in by Herwig Bauernfeind, 14 years ago

Samba 3.5: Update trunk to 3.5.11

File size: 6.2 KB
Line 
1'\" t
2.\" Title: eventlogadm
3.\" Author: [see the "AUTHOR" section]
4.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
5.\" Date: 08/02/2011
6.\" Manual: System Administration tools
7.\" Source: Samba 3.5
8.\" Language: English
9.\"
10.TH "EVENTLOGADM" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
11.\" -----------------------------------------------------------------
12.\" * set default formatting
13.\" -----------------------------------------------------------------
14.\" disable hyphenation
15.nh
16.\" disable justification (adjust text to left margin only)
17.ad l
18.\" -----------------------------------------------------------------
19.\" * MAIN CONTENT STARTS HERE *
20.\" -----------------------------------------------------------------
21.SH "NAME"
22eventlogadm \- push records into the Samba event log store
23.SH "SYNOPSIS"
24.HP \w'\ 'u
25eventlogadm [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ addsource\ \fIEVENTLOG\fR\ \fISOURCENAME\fR\ \fIMSGFILE\fR
26.HP \w'\ 'u
27eventlogadm [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ write\ \fIEVENTLOG\fR
28.HP \w'\ 'u
29eventlogadm [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ dump\ \fIEVENTLOG\fR\ \fIRECORD_NUMBER\fR
30.SH "DESCRIPTION"
31.PP
32This tool is part of the
33\fBsamba\fR(1)
34suite\&.
35.PP
36eventlogadm
37is a filter that accepts formatted event log records on standard input and writes them to the Samba event log store\&. Windows client can then manipulate these record using the usual administration tools\&.
38.SH "OPTIONS"
39.PP
40\fB\-d\fR
41.RS 4
42The
43\-d
44option causes
45eventlogadm
46to emit debugging information\&.
47.RE
48.PP
49\fB\-o\fR addsource \fIEVENTLOG\fR \fISOURCENAME\fR \fIMSGFILE\fR
50.RS 4
51The
52\-o addsource
53option creates a new event log source\&.
54.RE
55.PP
56\fB\-o\fR write \fIEVENTLOG\fR
57.RS 4
58The
59\-o write
60reads event log records from standard input and writes them to the Samba event log store named by EVENTLOG\&.
61.RE
62.PP
63\fB\-o\fR dump \fIEVENTLOG\fR \fIRECORD_NUMBER\fR
64.RS 4
65The
66\-o dump
67reads event log records from a EVENTLOG tdb and dumps them to standard output on screen\&.
68.RE
69.PP
70\fB\-h\fR
71.RS 4
72Print usage information\&.
73.RE
74.SH "EVENTLOG RECORD FORMAT"
75.PP
76For the write operation,
77eventlogadm
78expects to be able to read structured records from standard input\&. These records are a sequence of lines, with the record key and data separated by a colon character\&. Records are separated by at least one or more blank line\&.
79.PP
80The event log record field are:
81.sp
82.RS 4
83.ie n \{\
84\h'-04'\(bu\h'+03'\c
85.\}
86.el \{\
87.sp -1
88.IP \(bu 2.3
89.\}
90
91LEN
92\- This field should be 0, since
93eventlogadm
94will calculate this value\&.
95.RE
96.sp
97.RS 4
98.ie n \{\
99\h'-04'\(bu\h'+03'\c
100.\}
101.el \{\
102.sp -1
103.IP \(bu 2.3
104.\}
105
106RS1
107\- This must be the value 1699505740\&.
108.RE
109.sp
110.RS 4
111.ie n \{\
112\h'-04'\(bu\h'+03'\c
113.\}
114.el \{\
115.sp -1
116.IP \(bu 2.3
117.\}
118
119RCN
120\- This field should be 0\&.
121.RE
122.sp
123.RS 4
124.ie n \{\
125\h'-04'\(bu\h'+03'\c
126.\}
127.el \{\
128.sp -1
129.IP \(bu 2.3
130.\}
131
132TMG
133\- The time the eventlog record was generated; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
134.RE
135.sp
136.RS 4
137.ie n \{\
138\h'-04'\(bu\h'+03'\c
139.\}
140.el \{\
141.sp -1
142.IP \(bu 2.3
143.\}
144
145TMW
146\- The time the eventlog record was written; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
147.RE
148.sp
149.RS 4
150.ie n \{\
151\h'-04'\(bu\h'+03'\c
152.\}
153.el \{\
154.sp -1
155.IP \(bu 2.3
156.\}
157
158EID
159\- The eventlog ID\&.
160.RE
161.sp
162.RS 4
163.ie n \{\
164\h'-04'\(bu\h'+03'\c
165.\}
166.el \{\
167.sp -1
168.IP \(bu 2.3
169.\}
170
171ETP
172\- The event type \-\- one of "INFO", "ERROR", "WARNING", "AUDIT SUCCESS" or "AUDIT FAILURE"\&.
173.RE
174.sp
175.RS 4
176.ie n \{\
177\h'-04'\(bu\h'+03'\c
178.\}
179.el \{\
180.sp -1
181.IP \(bu 2.3
182.\}
183
184ECT
185\- The event category; this depends on the message file\&. It is primarily used as a means of filtering in the eventlog viewer\&.
186.RE
187.sp
188.RS 4
189.ie n \{\
190\h'-04'\(bu\h'+03'\c
191.\}
192.el \{\
193.sp -1
194.IP \(bu 2.3
195.\}
196
197RS2
198\- This field should be 0\&.
199.RE
200.sp
201.RS 4
202.ie n \{\
203\h'-04'\(bu\h'+03'\c
204.\}
205.el \{\
206.sp -1
207.IP \(bu 2.3
208.\}
209
210CRN
211\- This field should be 0\&.
212.RE
213.sp
214.RS 4
215.ie n \{\
216\h'-04'\(bu\h'+03'\c
217.\}
218.el \{\
219.sp -1
220.IP \(bu 2.3
221.\}
222
223USL
224\- This field should be 0\&.
225.RE
226.sp
227.RS 4
228.ie n \{\
229\h'-04'\(bu\h'+03'\c
230.\}
231.el \{\
232.sp -1
233.IP \(bu 2.3
234.\}
235
236SRC
237\- This field contains the source name associated with the event log\&. If a message file is used with an event log, there will be a registry entry for associating this source name with a message file DLL\&.
238.RE
239.sp
240.RS 4
241.ie n \{\
242\h'-04'\(bu\h'+03'\c
243.\}
244.el \{\
245.sp -1
246.IP \(bu 2.3
247.\}
248
249SRN
250\- The name of the machine on which the eventlog was generated\&. This is typically the host name\&.
251.RE
252.sp
253.RS 4
254.ie n \{\
255\h'-04'\(bu\h'+03'\c
256.\}
257.el \{\
258.sp -1
259.IP \(bu 2.3
260.\}
261
262STR
263\- The text associated with the eventlog\&. There may be more than one string in a record\&.
264.RE
265.sp
266.RS 4
267.ie n \{\
268\h'-04'\(bu\h'+03'\c
269.\}
270.el \{\
271.sp -1
272.IP \(bu 2.3
273.\}
274
275DAT
276\- This field should be left unset\&.
277.SH "EXAMPLES"
278.PP
279An example of the record format accepted by
280eventlogadm:
281.sp
282.if n \{\
283.RS 4
284.\}
285.nf
286 LEN: 0
287 RS1: 1699505740
288 RCN: 0
289 TMG: 1128631322
290 TMW: 1128631322
291 EID: 1000
292 ETP: INFO
293 ECT: 0
294 RS2: 0
295 CRN: 0
296 USL: 0
297 SRC: cron
298 SRN: dmlinux
299 STR: (root) CMD ( rm \-f /var/spool/cron/lastrun/cron\&.hourly)
300 DAT:
301
302.fi
303.if n \{\
304.RE
305.\}
306.PP
307Set up an eventlog source, specifying a message file DLL:
308.sp
309.if n \{\
310.RS 4
311.\}
312.nf
313 eventlogadm \-o addsource Application MyApplication | \e\e
314 %SystemRoot%/system32/MyApplication\&.dll
315
316.fi
317.if n \{\
318.RE
319.\}
320.PP
321Filter messages from the system log into an event log:
322.sp
323.if n \{\
324.RS 4
325.\}
326.nf
327 tail \-f /var/log/messages | \e\e
328 my_program_to_parse_into_eventlog_records | \e\e
329 eventlogadm SystemLogEvents
330
331.fi
332.if n \{\
333.RE
334.\}
335.SH "VERSION"
336.PP
337This man page is correct for version 3\&.0\&.25 of the Samba suite\&.
338.SH "AUTHOR"
339.PP
340The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
Note: See TracBrowser for help on using the repository browser.