Context Navigation

source: trunk/samba/docs/htmldocs/manpages/eventlogadm.8.html @ 39

Last change on this file since 39 was 39, checked in by Paul Smedley, 14 years ago
Upgrade source to 3.0.25a
File size: 6.9 KB

Line
1	<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>eventlogadm</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.71.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="eventlogadm.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>eventlogadm — push records into the Samba event log store</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">eventlogadm</code> [<code class="option">-d</code>] [<code class="option">-h</code>] <code class="option">-o</code>
2	<code class="literal">addsource</code>
3	<em class="replaceable"><code>EVENTLOG</code></em>
4	<em class="replaceable"><code>SOURCENAME</code></em>
5	<em class="replaceable"><code>MSGFILE</code></em>
6	</p></div><div class="cmdsynopsis"><p><code class="command">eventlogadm</code> [<code class="option">-d</code>] [<code class="option">-h</code>] <code class="option">-o</code>
7	<code class="literal">write</code>
8	<em class="replaceable"><code>EVENTLOG</code></em>
9	</p></div></div><div class="refsect1" lang="en"><a name="id259595"></a><h2>DESCRIPTION</h2><p>This tool is part of the <a href="samba.1.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(1)</span></a> suite.</p><p><span><strong class="command">eventlogadm</strong></span> is a filter that accepts
10	formatted event log records on standard input and writes them
11	to the Samba event log store. Windows client can then manipulate
12	these record using the usual administration tools.</p></div><div class="refsect1" lang="en"><a name="id259373"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term"><code class="option">-d</code></span></dt><dd><p>
13	The <span><strong class="command">-d</strong></span> option causes <span><strong class="command">eventlogadm</strong></span> to emit debugging
14	information.
15	</p></dd><dt><span class="term">
16	<code class="option">-o</code>
17	<code class="literal">addsource</code>
18	<em class="replaceable"><code>EVENTLOG</code></em>
19	<em class="replaceable"><code>SOURCENAME</code></em>
20	<em class="replaceable"><code>MSGFILE</code></em>
21	</span></dt><dd><p>
22	The <span><strong class="command">-o addsource</strong></span> option creates a
23	new event log source.
24	</p></dd><dt><span class="term">
25	<code class="option">-o</code>
26	<code class="literal">write</code>
27	<em class="replaceable"><code>EVENTLOG</code></em>
28	</span></dt><dd><p>
29	The <span><strong class="command">-o write</strong></span> reads event log
30	records from standard input and writes them to theSamba
31	event log store named by EVENTLOG.
32	</p></dd><dt><span class="term"><code class="option">-h</code></span></dt><dd><p>
33	Print usage information.
34	</p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id260402"></a><h2>EVENTLOG RECORD FORMAT</h2><p>For the write operation, <span><strong class="command">eventlogadm</strong></span>
35	expects to be able to read structured records from standard
36	input. These records are a sequence of lines, with the record key
37	and data separated by a colon character. Records are separated
38	by at least one or more blank line.</p><p>The event log record field are:</p><div class="itemizedlist"><ul type="disc"><li><p>
39	<span><strong class="command">LEN</strong></span> - This field should be 0, since <span><strong class="command">eventlogadm</strong></span> will calculate this value.
40	</p></li><li><p>
41	<span><strong class="command">RS1</strong></span> - This must be the value 1699505740.
42	</p></li><li><p>
43	<span><strong class="command">RCN</strong></span> - This field should be 0.
44	</p></li><li><p>
45	<span><strong class="command">TMG</strong></span> - The time the eventlog record
46	was generated; format is the number of seconds since
47	00:00:00 January 1, 1970, UTC.
48	</p></li><li><p>
49	<span><strong class="command">TMW</strong></span> - The time the eventlog record was
50	written; format is the number of seconds since 00:00:00
51	January 1, 1970, UTC.
52	</p></li><li><p>
53	<span><strong class="command">EID</strong></span> - The eventlog ID.
54	</p></li><li><p>
55	<span><strong class="command">ETP</strong></span> - The event type -- one of
56	"INFO",
57	"ERROR", "WARNING", "AUDIT
58	SUCCESS" or "AUDIT FAILURE".
59	</p></li><li><p>
60	<span><strong class="command">ECT</strong></span> - The event category; this depends
61	on the message file. It is primarily used as a means of
62	filtering in the eventlog viewer.
63	</p></li><li><p>
64	<span><strong class="command">RS2</strong></span> - This field should be 0.
65	</p></li><li><p>
66	<span><strong class="command">CRN</strong></span> - This field should be 0.
67	</p></li><li><p>
68	<span><strong class="command">USL</strong></span> - This field should be 0.
69	</p></li><li><p>
70	<span><strong class="command">SRC</strong></span> - This field contains the source
71	name associated with the event log. If a message file is
72	used with an event log, there will be a registry entry
73	for associating this source name with a message file DLL.
74	</p></li><li><p>
75	<span><strong class="command">SRN</strong></span> - he name of the machine on
76	which the eventlog was generated. This is typically the
77	host name.
78	</p></li><li><p>
79	<span><strong class="command">STR</strong></span> - The text associated with the
80	eventlog. There may be more than one string in a record.
81	</p></li><li><p>
82	<span><strong class="command">DAT</strong></span> - This field should be left unset.
83	</p></li></ul></div></div><div class="refsect1" lang="en"><a name="id300454"></a><h2>EXAMPLES</h2><p>An example of the record format accepted by <span><strong class="command">eventlogadm</strong></span>:</p><pre class="programlisting">
84	LEN: 0
85	RS1: 1699505740
86	RCN: 0
87	TMG: 1128631322
88	TMW: 1128631322
89	EID: 1000
90	ETP: INFO
91	ECT: 0
92	RS2: 0
93	CRN: 0
94	USL: 0
95	SRC: cron
96	SRN: dmlinux
97	STR: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
98	DAT:
99	</pre><p>Set up an eventlog source, specifying a message file DLL:</p><pre class="programlisting">
100	eventlogadm -o addsource Application MyApplication \| \\
101	%SystemRoot%/system32/MyApplication.dll
102	</pre><p>Filter messages from the system log into an event log:</p><pre class="programlisting">
103	tail -f /var/log/messages \| \\
104	my_program_to_parse_into_eventlog_records \| \\
105	eventlogadm SystemLogEvents
106	</pre></div><div class="refsect1" lang="en"><a name="id300495"></a><h2>VERSION</h2><p>This man page is correct for version 3.0.25 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id300505"></a><h2>AUTHOR</h2><p> The original Samba software and related utilities were
107	created by Andrew Tridgell. Samba is now developed by the
108	Samba Team as an Open Source project similar to the way the
109	Linux kernel is developed.</p></div></div></body></html>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: