Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

eventlogadm.8

Visit:

Last change on this file was 989, checked in by Silvan Scherrer, 9 years ago
Samba Server: update vendor to version 4.4.7
File size: 6.5 KB

Line
1	'\" t
2	.\" Title: eventlogadm
3	.\" Author: [see the "AUTHOR" section]
4	.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
5	.\" Date: 10/25/2016
6	.\" Manual: System Administration tools
7	.\" Source: Samba 4.4
8	.\" Language: English
9	.\"
10	.TH "EVENTLOGADM" "8" "10/25/2016" "Samba 4\&.4" "System Administration tools"
11	.\" -----------------------------------------------------------------
12	.\" * Define some portability stuff
13	.\" -----------------------------------------------------------------
14	.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
15	.\" http://bugs.debian.org/507673
16	.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
17	.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
18	.ie \n(.g .ds Aq \(aq
19	.el .ds Aq '
20	.\" -----------------------------------------------------------------
21	.\" * set default formatting
22	.\" -----------------------------------------------------------------
23	.\" disable hyphenation
24	.nh
25	.\" disable justification (adjust text to left margin only)
26	.ad l
27	.\" -----------------------------------------------------------------
28	.\" * MAIN CONTENT STARTS HERE *
29	.\" -----------------------------------------------------------------
30	.SH "NAME"
31	eventlogadm \- push records into the Samba event log store
32	.SH "SYNOPSIS"
33	.HP \w'\ 'u
34	eventlogadm [\fB\-s\fR] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ addsource\ \fIEVENTLOG\fR\ \fISOURCENAME\fR\ \fIMSGFILE\fR
35	.HP \w'\ 'u
36	eventlogadm [\fB\-s\fR] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ write\ \fIEVENTLOG\fR
37	.HP \w'\ 'u
38	eventlogadm [\fB\-s\fR] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ dump\ \fIEVENTLOG\fR\ \fIRECORD_NUMBER\fR
39	.SH "DESCRIPTION"
40	.PP
41	This tool is part of the
42	\fBsamba\fR(1)
43	suite\&.
44	.PP
45	eventlogadm
46	is a filter that accepts formatted event log records on standard input and writes them to the Samba event log store\&. Windows client can then manipulate these record using the usual administration tools\&.
47	.SH "OPTIONS"
48	.PP
49	\fB\-s\fR \fIFILENAME\fR
50	.RS 4
51	The
52	\-s
53	option causes
54	eventlogadm
55	to load the configuration file given as FILENAME instead of the default one used by Samba\&.
56	.RE
57	.PP
58	\fB\-d\fR
59	.RS 4
60	The
61	\-d
62	option causes
63	eventlogadm
64	to emit debugging information\&.
65	.RE
66	.PP
67	\fB\-o\fR addsource \fIEVENTLOG\fR \fISOURCENAME\fR \fIMSGFILE\fR
68	.RS 4
69	The
70	\-o addsource
71	option creates a new event log source\&.
72	.RE
73	.PP
74	\fB\-o\fR write \fIEVENTLOG\fR
75	.RS 4
76	The
77	\-o write
78	reads event log records from standard input and writes them to the Samba event log store named by EVENTLOG\&.
79	.RE
80	.PP
81	\fB\-o\fR dump \fIEVENTLOG\fR \fIRECORD_NUMBER\fR
82	.RS 4
83	The
84	\-o dump
85	reads event log records from a EVENTLOG tdb and dumps them to standard output on screen\&.
86	.RE
87	.PP
88	\fB\-h\fR
89	.RS 4
90	Print usage information\&.
91	.RE
92	.SH "EVENTLOG RECORD FORMAT"
93	.PP
94	For the write operation,
95	eventlogadm
96	expects to be able to read structured records from standard input\&. These records are a sequence of lines, with the record key and data separated by a colon character\&. Records are separated by at least one or more blank line\&.
97	.PP
98	The event log record field are:
99	.sp
100	.RS 4
101	.ie n \{\
102	\h'-04'\(bu\h'+03'\c
103	.\}
104	.el \{\
105	.sp -1
106	.IP \(bu 2.3
107	.\}
108	LEN
109	\- This field should be 0, since
110	eventlogadm
111	will calculate this value\&.
112	.RE
113	.sp
114	.RS 4
115	.ie n \{\
116	\h'-04'\(bu\h'+03'\c
117	.\}
118	.el \{\
119	.sp -1
120	.IP \(bu 2.3
121	.\}
122	RS1
123	\- This must be the value 1699505740\&.
124	.RE
125	.sp
126	.RS 4
127	.ie n \{\
128	\h'-04'\(bu\h'+03'\c
129	.\}
130	.el \{\
131	.sp -1
132	.IP \(bu 2.3
133	.\}
134	RCN
135	\- This field should be 0\&.
136	.RE
137	.sp
138	.RS 4
139	.ie n \{\
140	\h'-04'\(bu\h'+03'\c
141	.\}
142	.el \{\
143	.sp -1
144	.IP \(bu 2.3
145	.\}
146	TMG
147	\- The time the eventlog record was generated; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
148	.RE
149	.sp
150	.RS 4
151	.ie n \{\
152	\h'-04'\(bu\h'+03'\c
153	.\}
154	.el \{\
155	.sp -1
156	.IP \(bu 2.3
157	.\}
158	TMW
159	\- The time the eventlog record was written; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
160	.RE
161	.sp
162	.RS 4
163	.ie n \{\
164	\h'-04'\(bu\h'+03'\c
165	.\}
166	.el \{\
167	.sp -1
168	.IP \(bu 2.3
169	.\}
170	EID
171	\- The eventlog ID\&.
172	.RE
173	.sp
174	.RS 4
175	.ie n \{\
176	\h'-04'\(bu\h'+03'\c
177	.\}
178	.el \{\
179	.sp -1
180	.IP \(bu 2.3
181	.\}
182	ETP
183	\- The event type \-\- one of "INFO", "ERROR", "WARNING", "AUDIT SUCCESS" or "AUDIT FAILURE"\&.
184	.RE
185	.sp
186	.RS 4
187	.ie n \{\
188	\h'-04'\(bu\h'+03'\c
189	.\}
190	.el \{\
191	.sp -1
192	.IP \(bu 2.3
193	.\}
194	ECT
195	\- The event category; this depends on the message file\&. It is primarily used as a means of filtering in the eventlog viewer\&.
196	.RE
197	.sp
198	.RS 4
199	.ie n \{\
200	\h'-04'\(bu\h'+03'\c
201	.\}
202	.el \{\
203	.sp -1
204	.IP \(bu 2.3
205	.\}
206	RS2
207	\- This field should be 0\&.
208	.RE
209	.sp
210	.RS 4
211	.ie n \{\
212	\h'-04'\(bu\h'+03'\c
213	.\}
214	.el \{\
215	.sp -1
216	.IP \(bu 2.3
217	.\}
218	CRN
219	\- This field should be 0\&.
220	.RE
221	.sp
222	.RS 4
223	.ie n \{\
224	\h'-04'\(bu\h'+03'\c
225	.\}
226	.el \{\
227	.sp -1
228	.IP \(bu 2.3
229	.\}
230	USL
231	\- This field should be 0\&.
232	.RE
233	.sp
234	.RS 4
235	.ie n \{\
236	\h'-04'\(bu\h'+03'\c
237	.\}
238	.el \{\
239	.sp -1
240	.IP \(bu 2.3
241	.\}
242	SRC
243	\- This field contains the source name associated with the event log\&. If a message file is used with an event log, there will be a registry entry for associating this source name with a message file DLL\&.
244	.RE
245	.sp
246	.RS 4
247	.ie n \{\
248	\h'-04'\(bu\h'+03'\c
249	.\}
250	.el \{\
251	.sp -1
252	.IP \(bu 2.3
253	.\}
254	SRN
255	\- The name of the machine on which the eventlog was generated\&. This is typically the host name\&.
256	.RE
257	.sp
258	.RS 4
259	.ie n \{\
260	\h'-04'\(bu\h'+03'\c
261	.\}
262	.el \{\
263	.sp -1
264	.IP \(bu 2.3
265	.\}
266	STR
267	\- The text associated with the eventlog\&. There may be more than one string in a record\&.
268	.RE
269	.sp
270	.RS 4
271	.ie n \{\
272	\h'-04'\(bu\h'+03'\c
273	.\}
274	.el \{\
275	.sp -1
276	.IP \(bu 2.3
277	.\}
278	DAT
279	\- This field should be left unset\&.
280	.RE
281	.SH "EXAMPLES"
282	.PP
283	An example of the record format accepted by
284	eventlogadm:
285	.sp
286	.if n \{\
287	.RS 4
288	.\}
289	.nf
290	LEN: 0
291	RS1: 1699505740
292	RCN: 0
293	TMG: 1128631322
294	TMW: 1128631322
295	EID: 1000
296	ETP: INFO
297	ECT: 0
298	RS2: 0
299	CRN: 0
300	USL: 0
301	SRC: cron
302	SRN: dmlinux
303	STR: (root) CMD ( rm \-f /var/spool/cron/lastrun/cron\&.hourly)
304	DAT:
305
306	.fi
307	.if n \{\
308	.RE
309	.\}
310	.PP
311	Set up an eventlog source, specifying a message file DLL:
312	.sp
313	.if n \{\
314	.RS 4
315	.\}
316	.nf
317	eventlogadm \-o addsource Application MyApplication \| \e\e
318	%SystemRoot%/system32/MyApplication\&.dll
319
320	.fi
321	.if n \{\
322	.RE
323	.\}
324	.PP
325	Filter messages from the system log into an event log:
326	.sp
327	.if n \{\
328	.RS 4
329	.\}
330	.nf
331	tail \-f /var/log/messages \| \e\e
332	my_program_to_parse_into_eventlog_records \| \e\e
333	eventlogadm SystemLogEvents
334
335	.fi
336	.if n \{\
337	.RE
338	.\}
339	.SH "VERSION"
340	.PP
341	This man page is correct for version 3\&.0\&.25 of the Samba suite\&.
342	.SH "AUTHOR"
343	.PP
344	The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format