source: trunk/samba/docs/htmldocs/manpages/eventlogadm.8.html @ 30

Last change on this file since 30 was 22, checked in by Yuri Dario, 14 years ago

Source code upgrade to 3.0.25pre2.

File size: 6.9 KB
Line 
1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>eventlogadm</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.68.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="eventlogadm.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>eventlogadm &#8212; push records into the Samba event log store</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">eventlogadm</code>  [<code class="option">-d</code>] [<code class="option">-h</code><code class="option">-o</code>
2                <code class="literal">addsource</code>
3                <em class="replaceable"><code>EVENTLOG</code></em>
4                <em class="replaceable"><code>SOURCENAME</code></em>
5                <em class="replaceable"><code>MSGFILE</code></em>
6                 </p></div><div class="cmdsynopsis"><p><code class="command">eventlogadm</code>  [<code class="option">-d</code>] [<code class="option">-h</code><code class="option">-o</code>
7                <code class="literal">write</code>
8                <em class="replaceable"><code>EVENTLOG</code></em>
9                 </p></div></div><div class="refsect1" lang="en"><a name="id231177"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a href="samba.1.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(1)</span></a> suite.</p><p><span><strong class="command">eventlogadm</strong></span> is a filter that accepts
10        formatted event log records on standard input and writes them
11        to the Samba event log store. Windows client can then manipulate
12        these record using the usual administration tools.</p></div><div class="refsect1" lang="en"><a name="id231404"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term"><code class="option">-d</code></span></dt><dd><p>
13                The <span><strong class="command">-d</strong></span> option causes <span><strong class="command">eventlogadm</strong></span> to emit debugging
14                information.
15                </p></dd><dt><span class="term">
16                <code class="option">-o</code>
17                <code class="literal">addsource</code>
18                <em class="replaceable"><code>EVENTLOG</code></em>
19                <em class="replaceable"><code>SOURCENAME</code></em>
20                <em class="replaceable"><code>MSGFILE</code></em>
21                </span></dt><dd><p>
22                The <span><strong class="command">-o addsource</strong></span> option creates a
23                new event log source.
24                </p></dd><dt><span class="term">
25                <code class="option">-o</code>
26                <code class="literal">write</code>
27                <em class="replaceable"><code>EVENTLOG</code></em>
28                </span></dt><dd><p>
29                The <span><strong class="command">-o write</strong></span> reads event log
30                records from standard input and writes them to theSamba
31                event log store named by EVENTLOG.
32                </p></dd><dt><span class="term"><code class="option">-h</code></span></dt><dd><p>
33                Print usage information.
34                </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id231519"></a><h2>EVENTLOG RECORD FORMAT</h2><p>For the write operation, <span><strong class="command">eventlogadm</strong></span>
35        expects to be able to read structured records from standard
36        input. These records are a sequence of lines, with the record key
37        and data separated by a colon character. Records are separated
38        by at least one or more blank line.</p><p>The event log record field are:</p><div class="itemizedlist"><ul type="disc"><li><p>
39                <span><strong class="command">LEN</strong></span> - This field should be 0, since <span><strong class="command">eventlogadm</strong></span> will calculate this value.
40                </p></li><li><p>
41                <span><strong class="command">RS1</strong></span> - This must be the value 1699505740.
42                </p></li><li><p>
43                <span><strong class="command">RCN</strong></span> -  This field should be 0.
44                </p></li><li><p>
45                <span><strong class="command">TMG</strong></span> - The time the eventlog record
46                was generated; format is the number of seconds since
47                00:00:00 January 1, 1970, UTC.
48                </p></li><li><p>
49                <span><strong class="command">TMW</strong></span> - The time the eventlog record was
50                written; format is the number of seconds since 00:00:00
51                January 1, 1970, UTC.
52                </p></li><li><p>
53                <span><strong class="command">EID</strong></span> - The eventlog ID.
54                </p></li><li><p>
55                <span><strong class="command">ETP</strong></span> - The event type -- one of
56                "INFO",
57                "ERROR", "WARNING", "AUDIT
58                SUCCESS" or "AUDIT FAILURE".
59                </p></li><li><p>
60                <span><strong class="command">ECT</strong></span> - The event category; this depends
61                on the message file. It is primarily used as a means of
62                filtering in the eventlog viewer.
63                </p></li><li><p>
64                <span><strong class="command">RS2</strong></span> - This field should be 0.
65                </p></li><li><p>
66                <span><strong class="command">CRN</strong></span> - This field should be 0.
67                </p></li><li><p>
68                <span><strong class="command">USL</strong></span> - This field should be 0.
69                </p></li><li><p>
70                <span><strong class="command">SRC</strong></span> - This field contains the source
71                name associated with the event log. If a message file is
72                used with an event log, there will be a registry entry
73                for associating this source name with a message file DLL.
74                </p></li><li><p>
75                <span><strong class="command">SRN</strong></span> - he name of the machine on
76                which the eventlog was generated. This is typically the
77                host name.
78                </p></li><li><p>
79                <span><strong class="command">STR</strong></span> - The text associated with the
80                eventlog. There may be more than one string in a record.
81                </p></li><li><p>
82                <span><strong class="command">DAT</strong></span> - This field should be left unset.
83                </p></li></ul></div></div><div class="refsect1" lang="en"><a name="id271754"></a><h2>EXAMPLES</h2><p>An example of the record format accepted by <span><strong class="command">eventlogadm</strong></span>:</p><pre class="programlisting">
84        LEN: 0
85        RS1: 1699505740
86        RCN: 0
87        TMG: 1128631322
88        TMW: 1128631322
89        EID: 1000
90        ETP: INFO
91        ECT: 0
92        RS2: 0
93        CRN: 0
94        USL: 0
95        SRC: cron
96        SRN: dmlinux
97        STR: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
98        DAT:
99        </pre><p>Set up an eventlog source, specifying a message file DLL:</p><pre class="programlisting">
100        eventlogadm -o addsource Application MyApplication | \\
101                %SystemRoot%/system32/MyApplication.dll
102        </pre><p>Filter messages from the system log into an event log:</p><pre class="programlisting">
103        tail -f /var/log/messages | \\
104                my_program_to_parse_into_eventlog_records | \\
105                eventlogadm SystemLogEvents
106        </pre></div><div class="refsect1" lang="en"><a name="id271795"></a><h2>VERSION</h2><p>This man page is correct for version 3.0.25 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id271805"></a><h2>AUTHOR</h2><p> The original Samba software and related utilities were
107        created by Andrew Tridgell.  Samba is now developed by the
108        Samba Team as an Open Source project similar to the way the
109        Linux kernel is developed.</p></div></div></body></html>
Note: See TracBrowser for help on using the repository browser.