source: vendor/3.5.7/docs/htmldocs/manpages/eventlogadm.8.html

Last change on this file was 427, checked in by Silvan Scherrer, 16 years ago

Samba 3.5.x: update to 3.5.2
File size: 7.3 KB
Line 
1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>eventlogadm</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="eventlogadm.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>eventlogadm &#8212; push records into the Samba event log store</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="literal">eventlogadm</code> [<code class="option">-d</code>] [<code class="option">-h</code>] <code class="option">-o</code>
2 <code class="literal">addsource</code>
3 <em class="replaceable"><code>EVENTLOG</code></em>
4 <em class="replaceable"><code>SOURCENAME</code></em>
5 <em class="replaceable"><code>MSGFILE</code></em>
6 </p></div><div class="cmdsynopsis"><p><code class="literal">eventlogadm</code> [<code class="option">-d</code>] [<code class="option">-h</code>] <code class="option">-o</code>
7 <code class="literal">write</code>
8 <em class="replaceable"><code>EVENTLOG</code></em>
9 </p></div><div class="cmdsynopsis"><p><code class="literal">eventlogadm</code> [<code class="option">-d</code>] [<code class="option">-h</code>] <code class="option">-o</code>
10 <code class="literal">dump</code>
11 <em class="replaceable"><code>EVENTLOG</code></em>
12 <em class="replaceable"><code>RECORD_NUMBER</code></em>
13 </p></div></div><div class="refsect1" lang="en"><a name="id2483543"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a class="citerefentry" href="samba.1.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(1)</span></a> suite.</p><p><code class="literal">eventlogadm</code> is a filter that accepts
14 formatted event log records on standard input and writes them
15 to the Samba event log store. Windows client can then manipulate
16 these record using the usual administration tools.</p></div><div class="refsect1" lang="en"><a name="id2483573"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term"><code class="option">-d</code></span></dt><dd><p>
17 The <code class="literal">-d</code> option causes <code class="literal">eventlogadm</code> to emit debugging
18 information.
19 </p></dd><dt><span class="term">
20 <code class="option">-o</code>
21 <code class="literal">addsource</code>
22 <em class="replaceable"><code>EVENTLOG</code></em>
23 <em class="replaceable"><code>SOURCENAME</code></em>
24 <em class="replaceable"><code>MSGFILE</code></em>
25 </span></dt><dd><p>
26 The <code class="literal">-o addsource</code> option creates a
27 new event log source.
28 </p></dd><dt><span class="term">
29 <code class="option">-o</code>
30 <code class="literal">write</code>
31 <em class="replaceable"><code>EVENTLOG</code></em>
32 </span></dt><dd><p>
33 The <code class="literal">-o write</code> reads event log
34 records from standard input and writes them to the Samba
35 event log store named by EVENTLOG.
36 </p></dd><dt><span class="term">
37 <code class="option">-o</code>
38 <code class="literal">dump</code>
39 <em class="replaceable"><code>EVENTLOG</code></em>
40 <em class="replaceable"><code>RECORD_NUMBER</code></em>
41 </span></dt><dd><p>
42 The <code class="literal">-o dump</code> reads event log
43 records from a EVENTLOG tdb and dumps them to standard
44 output on screen.
45 </p></dd><dt><span class="term"><code class="option">-h</code></span></dt><dd><p>
46 Print usage information.
47 </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id2483724"></a><h2>EVENTLOG RECORD FORMAT</h2><p>For the write operation, <code class="literal">eventlogadm</code>
48 expects to be able to read structured records from standard
49 input. These records are a sequence of lines, with the record key
50 and data separated by a colon character. Records are separated
51 by at least one or more blank line.</p><p>The event log record field are:</p><div class="itemizedlist"><ul type="disc"><li><p>
52 <code class="literal">LEN</code> - This field should be 0, since <code class="literal">eventlogadm</code> will calculate this value.
53 </p></li><li><p>
54 <code class="literal">RS1</code> - This must be the value 1699505740.
55 </p></li><li><p>
56 <code class="literal">RCN</code> - This field should be 0.
57 </p></li><li><p>
58 <code class="literal">TMG</code> - The time the eventlog record
59 was generated; format is the number of seconds since
60 00:00:00 January 1, 1970, UTC.
61 </p></li><li><p>
62 <code class="literal">TMW</code> - The time the eventlog record was
63 written; format is the number of seconds since 00:00:00
64 January 1, 1970, UTC.
65 </p></li><li><p>
66 <code class="literal">EID</code> - The eventlog ID.
67 </p></li><li><p>
68 <code class="literal">ETP</code> - The event type -- one of
69 "INFO",
70 "ERROR", "WARNING", "AUDIT
71 SUCCESS" or "AUDIT FAILURE".
72 </p></li><li><p>
73 <code class="literal">ECT</code> - The event category; this depends
74 on the message file. It is primarily used as a means of
75 filtering in the eventlog viewer.
76 </p></li><li><p>
77 <code class="literal">RS2</code> - This field should be 0.
78 </p></li><li><p>
79 <code class="literal">CRN</code> - This field should be 0.
80 </p></li><li><p>
81 <code class="literal">USL</code> - This field should be 0.
82 </p></li><li><p>
83 <code class="literal">SRC</code> - This field contains the source
84 name associated with the event log. If a message file is
85 used with an event log, there will be a registry entry
86 for associating this source name with a message file DLL.
87 </p></li><li><p>
88 <code class="literal">SRN</code> - The name of the machine on
89 which the eventlog was generated. This is typically the
90 host name.
91 </p></li><li><p>
92 <code class="literal">STR</code> - The text associated with the
93 eventlog. There may be more than one string in a record.
94 </p></li><li><p>
95 <code class="literal">DAT</code> - This field should be left unset.
96 </p></li></ul></div></div><div class="refsect1" lang="en"><a name="id2481590"></a><h2>EXAMPLES</h2><p>An example of the record format accepted by <code class="literal">eventlogadm</code>:</p><pre class="programlisting">
97 LEN: 0
98 RS1: 1699505740
99 RCN: 0
100 TMG: 1128631322
101 TMW: 1128631322
102 EID: 1000
103 ETP: INFO
104 ECT: 0
105 RS2: 0
106 CRN: 0
107 USL: 0
108 SRC: cron
109 SRN: dmlinux
110 STR: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
111 DAT:
112 </pre><p>Set up an eventlog source, specifying a message file DLL:</p><pre class="programlisting">
113 eventlogadm -o addsource Application MyApplication | \\
114 %SystemRoot%/system32/MyApplication.dll
115 </pre><p>Filter messages from the system log into an event log:</p><pre class="programlisting">
116 tail -f /var/log/messages | \\
117 my_program_to_parse_into_eventlog_records | \\
118 eventlogadm SystemLogEvents
119 </pre></div><div class="refsect1" lang="en"><a name="id2481639"></a><h2>VERSION</h2><p>This man page is correct for version 3.0.25 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id2481650"></a><h2>AUTHOR</h2><p> The original Samba software and related utilities were
120 created by Andrew Tridgell. Samba is now developed by the
121 Samba Team as an Open Source project similar to the way the
122 Linux kernel is developed.</p></div></div></body></html>
Note: See TracBrowser for help on using the repository browser.