Context Navigation

eventlogadm.8@ 759

Visit:

Last change on this file since 759 was 752, checked in by Silvan Scherrer, 13 years ago
Samba Server: updated trunk to 3.6.9 2nd part
File size: 6.4 KB

Line
1	'\" t
2	.\" Title: eventlogadm
3	.\" Author: [see the "AUTHOR" section]
4	.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
5	.\" Date: 10/29/2012
6	.\" Manual: System Administration tools
7	.\" Source: Samba 3.6
8	.\" Language: English
9	.\"
10	.TH "EVENTLOGADM" "8" "10/29/2012" "Samba 3\&.6" "System Administration tools"
11	.\" -----------------------------------------------------------------
12	.\" * set default formatting
13	.\" -----------------------------------------------------------------
14	.\" disable hyphenation
15	.nh
16	.\" disable justification (adjust text to left margin only)
17	.ad l
18	.\" -----------------------------------------------------------------
19	.\" * MAIN CONTENT STARTS HERE *
20	.\" -----------------------------------------------------------------
21	.SH "NAME"
22	eventlogadm \- push records into the Samba event log store
23	.SH "SYNOPSIS"
24	.HP \w'\ 'u
25	eventlogadm [\fB\-s\fR] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ addsource\ \fIEVENTLOG\fR\ \fISOURCENAME\fR\ \fIMSGFILE\fR
26	.HP \w'\ 'u
27	eventlogadm [\fB\-s\fR] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ write\ \fIEVENTLOG\fR
28	.HP \w'\ 'u
29	eventlogadm [\fB\-s\fR] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ dump\ \fIEVENTLOG\fR\ \fIRECORD_NUMBER\fR
30	.SH "DESCRIPTION"
31	.PP
32	This tool is part of the
33	\fBsamba\fR(1)
34	suite\&.
35	.PP
36	eventlogadm
37	is a filter that accepts formatted event log records on standard input and writes them to the Samba event log store\&. Windows client can then manipulate these record using the usual administration tools\&.
38	.SH "OPTIONS"
39	.PP
40	\fB\-s\fR \fIFILENAME\fR
41	.RS 4
42	The
43	\-s
44	option causes
45	eventlogadm
46	to load the configuration file given as FILENAME instead of the default one used by Samba\&.
47	.RE
48	.PP
49	\fB\-d\fR
50	.RS 4
51	The
52	\-d
53	option causes
54	eventlogadm
55	to emit debugging information\&.
56	.RE
57	.PP
58	\fB\-o\fR addsource \fIEVENTLOG\fR \fISOURCENAME\fR \fIMSGFILE\fR
59	.RS 4
60	The
61	\-o addsource
62	option creates a new event log source\&.
63	.RE
64	.PP
65	\fB\-o\fR write \fIEVENTLOG\fR
66	.RS 4
67	The
68	\-o write
69	reads event log records from standard input and writes them to the Samba event log store named by EVENTLOG\&.
70	.RE
71	.PP
72	\fB\-o\fR dump \fIEVENTLOG\fR \fIRECORD_NUMBER\fR
73	.RS 4
74	The
75	\-o dump
76	reads event log records from a EVENTLOG tdb and dumps them to standard output on screen\&.
77	.RE
78	.PP
79	\fB\-h\fR
80	.RS 4
81	Print usage information\&.
82	.RE
83	.SH "EVENTLOG RECORD FORMAT"
84	.PP
85	For the write operation,
86	eventlogadm
87	expects to be able to read structured records from standard input\&. These records are a sequence of lines, with the record key and data separated by a colon character\&. Records are separated by at least one or more blank line\&.
88	.PP
89	The event log record field are:
90	.sp
91	.RS 4
92	.ie n \{\
93	\h'-04'\(bu\h'+03'\c
94	.\}
95	.el \{\
96	.sp -1
97	.IP \(bu 2.3
98	.\}
99
100	LEN
101	\- This field should be 0, since
102	eventlogadm
103	will calculate this value\&.
104	.RE
105	.sp
106	.RS 4
107	.ie n \{\
108	\h'-04'\(bu\h'+03'\c
109	.\}
110	.el \{\
111	.sp -1
112	.IP \(bu 2.3
113	.\}
114
115	RS1
116	\- This must be the value 1699505740\&.
117	.RE
118	.sp
119	.RS 4
120	.ie n \{\
121	\h'-04'\(bu\h'+03'\c
122	.\}
123	.el \{\
124	.sp -1
125	.IP \(bu 2.3
126	.\}
127
128	RCN
129	\- This field should be 0\&.
130	.RE
131	.sp
132	.RS 4
133	.ie n \{\
134	\h'-04'\(bu\h'+03'\c
135	.\}
136	.el \{\
137	.sp -1
138	.IP \(bu 2.3
139	.\}
140
141	TMG
142	\- The time the eventlog record was generated; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
143	.RE
144	.sp
145	.RS 4
146	.ie n \{\
147	\h'-04'\(bu\h'+03'\c
148	.\}
149	.el \{\
150	.sp -1
151	.IP \(bu 2.3
152	.\}
153
154	TMW
155	\- The time the eventlog record was written; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
156	.RE
157	.sp
158	.RS 4
159	.ie n \{\
160	\h'-04'\(bu\h'+03'\c
161	.\}
162	.el \{\
163	.sp -1
164	.IP \(bu 2.3
165	.\}
166
167	EID
168	\- The eventlog ID\&.
169	.RE
170	.sp
171	.RS 4
172	.ie n \{\
173	\h'-04'\(bu\h'+03'\c
174	.\}
175	.el \{\
176	.sp -1
177	.IP \(bu 2.3
178	.\}
179
180	ETP
181	\- The event type \-\- one of "INFO", "ERROR", "WARNING", "AUDIT SUCCESS" or "AUDIT FAILURE"\&.
182	.RE
183	.sp
184	.RS 4
185	.ie n \{\
186	\h'-04'\(bu\h'+03'\c
187	.\}
188	.el \{\
189	.sp -1
190	.IP \(bu 2.3
191	.\}
192
193	ECT
194	\- The event category; this depends on the message file\&. It is primarily used as a means of filtering in the eventlog viewer\&.
195	.RE
196	.sp
197	.RS 4
198	.ie n \{\
199	\h'-04'\(bu\h'+03'\c
200	.\}
201	.el \{\
202	.sp -1
203	.IP \(bu 2.3
204	.\}
205
206	RS2
207	\- This field should be 0\&.
208	.RE
209	.sp
210	.RS 4
211	.ie n \{\
212	\h'-04'\(bu\h'+03'\c
213	.\}
214	.el \{\
215	.sp -1
216	.IP \(bu 2.3
217	.\}
218
219	CRN
220	\- This field should be 0\&.
221	.RE
222	.sp
223	.RS 4
224	.ie n \{\
225	\h'-04'\(bu\h'+03'\c
226	.\}
227	.el \{\
228	.sp -1
229	.IP \(bu 2.3
230	.\}
231
232	USL
233	\- This field should be 0\&.
234	.RE
235	.sp
236	.RS 4
237	.ie n \{\
238	\h'-04'\(bu\h'+03'\c
239	.\}
240	.el \{\
241	.sp -1
242	.IP \(bu 2.3
243	.\}
244
245	SRC
246	\- This field contains the source name associated with the event log\&. If a message file is used with an event log, there will be a registry entry for associating this source name with a message file DLL\&.
247	.RE
248	.sp
249	.RS 4
250	.ie n \{\
251	\h'-04'\(bu\h'+03'\c
252	.\}
253	.el \{\
254	.sp -1
255	.IP \(bu 2.3
256	.\}
257
258	SRN
259	\- The name of the machine on which the eventlog was generated\&. This is typically the host name\&.
260	.RE
261	.sp
262	.RS 4
263	.ie n \{\
264	\h'-04'\(bu\h'+03'\c
265	.\}
266	.el \{\
267	.sp -1
268	.IP \(bu 2.3
269	.\}
270
271	STR
272	\- The text associated with the eventlog\&. There may be more than one string in a record\&.
273	.RE
274	.sp
275	.RS 4
276	.ie n \{\
277	\h'-04'\(bu\h'+03'\c
278	.\}
279	.el \{\
280	.sp -1
281	.IP \(bu 2.3
282	.\}
283
284	DAT
285	\- This field should be left unset\&.
286	.RE
287	.SH "EXAMPLES"
288	.PP
289	An example of the record format accepted by
290	eventlogadm:
291	.sp
292	.if n \{\
293	.RS 4
294	.\}
295	.nf
296	LEN: 0
297	RS1: 1699505740
298	RCN: 0
299	TMG: 1128631322
300	TMW: 1128631322
301	EID: 1000
302	ETP: INFO
303	ECT: 0
304	RS2: 0
305	CRN: 0
306	USL: 0
307	SRC: cron
308	SRN: dmlinux
309	STR: (root) CMD ( rm \-f /var/spool/cron/lastrun/cron\&.hourly)
310	DAT:
311
312	.fi
313	.if n \{\
314	.RE
315	.\}
316	.PP
317	Set up an eventlog source, specifying a message file DLL:
318	.sp
319	.if n \{\
320	.RS 4
321	.\}
322	.nf
323	eventlogadm \-o addsource Application MyApplication \| \e\e
324	%SystemRoot%/system32/MyApplication\&.dll
325
326	.fi
327	.if n \{\
328	.RE
329	.\}
330	.PP
331	Filter messages from the system log into an event log:
332	.sp
333	.if n \{\
334	.RS 4
335	.\}
336	.nf
337	tail \-f /var/log/messages \| \e\e
338	my_program_to_parse_into_eventlog_records \| \e\e
339	eventlogadm SystemLogEvents
340
341	.fi
342	.if n \{\
343	.RE
344	.\}
345	.SH "VERSION"
346	.PP
347	This man page is correct for version 3\&.0\&.25 of the Samba suite\&.
348	.SH "AUTHOR"
349	.PP
350	The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format