source: vendor/3.6.23/docs/manpages/eventlogadm.8

Last change on this file was 860, checked in by Silvan Scherrer, 11 years ago

Samba 3.6: updated vendor to latest version
File size: 6.5 KB
Line 
1'\" t
2.\" Title: eventlogadm
3.\" Author: [see the "AUTHOR" section]
4.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
5.\" Date: 09/18/2013
6.\" Manual: System Administration tools
7.\" Source: Samba 3.6
8.\" Language: English
9.\"
10.TH "EVENTLOGADM" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
11.\" -----------------------------------------------------------------
12.\" * Define some portability stuff
13.\" -----------------------------------------------------------------
14.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
15.\" http://bugs.debian.org/507673
16.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
17.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
18.ie \n(.g .ds Aq \(aq
19.el .ds Aq '
20.\" -----------------------------------------------------------------
21.\" * set default formatting
22.\" -----------------------------------------------------------------
23.\" disable hyphenation
24.nh
25.\" disable justification (adjust text to left margin only)
26.ad l
27.\" -----------------------------------------------------------------
28.\" * MAIN CONTENT STARTS HERE *
29.\" -----------------------------------------------------------------
30.SH "NAME"
31eventlogadm \- push records into the Samba event log store
32.SH "SYNOPSIS"
33.HP \w'\ 'u
34eventlogadm [\fB\-s\fR] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ addsource\ \fIEVENTLOG\fR\ \fISOURCENAME\fR\ \fIMSGFILE\fR
35.HP \w'\ 'u
36eventlogadm [\fB\-s\fR] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ write\ \fIEVENTLOG\fR
37.HP \w'\ 'u
38eventlogadm [\fB\-s\fR] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ dump\ \fIEVENTLOG\fR\ \fIRECORD_NUMBER\fR
39.SH "DESCRIPTION"
40.PP
41This tool is part of the
42\fBsamba\fR(1)
43suite\&.
44.PP
45eventlogadm
46is a filter that accepts formatted event log records on standard input and writes them to the Samba event log store\&. Windows client can then manipulate these record using the usual administration tools\&.
47.SH "OPTIONS"
48.PP
49\fB\-s\fR \fIFILENAME\fR
50.RS 4
51The
52\-s
53option causes
54eventlogadm
55to load the configuration file given as FILENAME instead of the default one used by Samba\&.
56.RE
57.PP
58\fB\-d\fR
59.RS 4
60The
61\-d
62option causes
63eventlogadm
64to emit debugging information\&.
65.RE
66.PP
67\fB\-o\fR addsource \fIEVENTLOG\fR \fISOURCENAME\fR \fIMSGFILE\fR
68.RS 4
69The
70\-o addsource
71option creates a new event log source\&.
72.RE
73.PP
74\fB\-o\fR write \fIEVENTLOG\fR
75.RS 4
76The
77\-o write
78reads event log records from standard input and writes them to the Samba event log store named by EVENTLOG\&.
79.RE
80.PP
81\fB\-o\fR dump \fIEVENTLOG\fR \fIRECORD_NUMBER\fR
82.RS 4
83The
84\-o dump
85reads event log records from a EVENTLOG tdb and dumps them to standard output on screen\&.
86.RE
87.PP
88\fB\-h\fR
89.RS 4
90Print usage information\&.
91.RE
92.SH "EVENTLOG RECORD FORMAT"
93.PP
94For the write operation,
95eventlogadm
96expects to be able to read structured records from standard input\&. These records are a sequence of lines, with the record key and data separated by a colon character\&. Records are separated by at least one or more blank line\&.
97.PP
98The event log record field are:
99.sp
100.RS 4
101.ie n \{\
102\h'-04'\(bu\h'+03'\c
103.\}
104.el \{\
105.sp -1
106.IP \(bu 2.3
107.\}
108
109LEN
110\- This field should be 0, since
111eventlogadm
112will calculate this value\&.
113.RE
114.sp
115.RS 4
116.ie n \{\
117\h'-04'\(bu\h'+03'\c
118.\}
119.el \{\
120.sp -1
121.IP \(bu 2.3
122.\}
123
124RS1
125\- This must be the value 1699505740\&.
126.RE
127.sp
128.RS 4
129.ie n \{\
130\h'-04'\(bu\h'+03'\c
131.\}
132.el \{\
133.sp -1
134.IP \(bu 2.3
135.\}
136
137RCN
138\- This field should be 0\&.
139.RE
140.sp
141.RS 4
142.ie n \{\
143\h'-04'\(bu\h'+03'\c
144.\}
145.el \{\
146.sp -1
147.IP \(bu 2.3
148.\}
149
150TMG
151\- The time the eventlog record was generated; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
152.RE
153.sp
154.RS 4
155.ie n \{\
156\h'-04'\(bu\h'+03'\c
157.\}
158.el \{\
159.sp -1
160.IP \(bu 2.3
161.\}
162
163TMW
164\- The time the eventlog record was written; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
165.RE
166.sp
167.RS 4
168.ie n \{\
169\h'-04'\(bu\h'+03'\c
170.\}
171.el \{\
172.sp -1
173.IP \(bu 2.3
174.\}
175
176EID
177\- The eventlog ID\&.
178.RE
179.sp
180.RS 4
181.ie n \{\
182\h'-04'\(bu\h'+03'\c
183.\}
184.el \{\
185.sp -1
186.IP \(bu 2.3
187.\}
188
189ETP
190\- The event type \-\- one of "INFO", "ERROR", "WARNING", "AUDIT SUCCESS" or "AUDIT FAILURE"\&.
191.RE
192.sp
193.RS 4
194.ie n \{\
195\h'-04'\(bu\h'+03'\c
196.\}
197.el \{\
198.sp -1
199.IP \(bu 2.3
200.\}
201
202ECT
203\- The event category; this depends on the message file\&. It is primarily used as a means of filtering in the eventlog viewer\&.
204.RE
205.sp
206.RS 4
207.ie n \{\
208\h'-04'\(bu\h'+03'\c
209.\}
210.el \{\
211.sp -1
212.IP \(bu 2.3
213.\}
214
215RS2
216\- This field should be 0\&.
217.RE
218.sp
219.RS 4
220.ie n \{\
221\h'-04'\(bu\h'+03'\c
222.\}
223.el \{\
224.sp -1
225.IP \(bu 2.3
226.\}
227
228CRN
229\- This field should be 0\&.
230.RE
231.sp
232.RS 4
233.ie n \{\
234\h'-04'\(bu\h'+03'\c
235.\}
236.el \{\
237.sp -1
238.IP \(bu 2.3
239.\}
240
241USL
242\- This field should be 0\&.
243.RE
244.sp
245.RS 4
246.ie n \{\
247\h'-04'\(bu\h'+03'\c
248.\}
249.el \{\
250.sp -1
251.IP \(bu 2.3
252.\}
253
254SRC
255\- This field contains the source name associated with the event log\&. If a message file is used with an event log, there will be a registry entry for associating this source name with a message file DLL\&.
256.RE
257.sp
258.RS 4
259.ie n \{\
260\h'-04'\(bu\h'+03'\c
261.\}
262.el \{\
263.sp -1
264.IP \(bu 2.3
265.\}
266
267SRN
268\- The name of the machine on which the eventlog was generated\&. This is typically the host name\&.
269.RE
270.sp
271.RS 4
272.ie n \{\
273\h'-04'\(bu\h'+03'\c
274.\}
275.el \{\
276.sp -1
277.IP \(bu 2.3
278.\}
279
280STR
281\- The text associated with the eventlog\&. There may be more than one string in a record\&.
282.RE
283.sp
284.RS 4
285.ie n \{\
286\h'-04'\(bu\h'+03'\c
287.\}
288.el \{\
289.sp -1
290.IP \(bu 2.3
291.\}
292
293DAT
294\- This field should be left unset\&.
295.RE
296.SH "EXAMPLES"
297.PP
298An example of the record format accepted by
299eventlogadm:
300.sp
301.if n \{\
302.RS 4
303.\}
304.nf
305 LEN: 0
306 RS1: 1699505740
307 RCN: 0
308 TMG: 1128631322
309 TMW: 1128631322
310 EID: 1000
311 ETP: INFO
312 ECT: 0
313 RS2: 0
314 CRN: 0
315 USL: 0
316 SRC: cron
317 SRN: dmlinux
318 STR: (root) CMD ( rm \-f /var/spool/cron/lastrun/cron\&.hourly)
319 DAT:
320
321.fi
322.if n \{\
323.RE
324.\}
325.PP
326Set up an eventlog source, specifying a message file DLL:
327.sp
328.if n \{\
329.RS 4
330.\}
331.nf
332 eventlogadm \-o addsource Application MyApplication | \e\e
333 %SystemRoot%/system32/MyApplication\&.dll
334
335.fi
336.if n \{\
337.RE
338.\}
339.PP
340Filter messages from the system log into an event log:
341.sp
342.if n \{\
343.RS 4
344.\}
345.nf
346 tail \-f /var/log/messages | \e\e
347 my_program_to_parse_into_eventlog_records | \e\e
348 eventlogadm SystemLogEvents
349
350.fi
351.if n \{\
352.RE
353.\}
354.SH "VERSION"
355.PP
356This man page is correct for version 3\&.0\&.25 of the Samba suite\&.
357.SH "AUTHOR"
358.PP
359The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
Note: See TracBrowser for help on using the repository browser.