.\"Generated by db2man.xsl. Don't modify this, modify the source. .de Sh \" Subsection .br .if t .Sp .ne 5 .PP \fB\\$1\fR .PP .. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Ip \" List item .br .ie \\n(.$>=3 .ne \\$3 .el .ne 3 .IP "\\$1" \\$2 .. .TH "EVENTLOGADM" 8 "" "" "" .SH NAME eventlogadm \- push records into the Samba event log store .SH "SYNOPSIS" .ad l .hy 0 .HP 12 \fBeventlogadm\fR [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ addsource\ \fIEVENTLOG\fR\ \fISOURCENAME\fR\ \fIMSGFILE\fR .ad .hy .ad l .hy 0 .HP 12 \fBeventlogadm\fR [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ write\ \fIEVENTLOG\fR .ad .hy .SH "DESCRIPTION" .PP This tool is part of the \fBsamba\fR(1) suite\&. .PP \fBeventlogadm\fR is a filter that accepts formatted event log records on standard input and writes them to the Samba event log store\&. Windows client can then manipulate these record using the usual administration tools\&. .SH "OPTIONS" .TP \fB\-d\fR The \fB\-d\fR option causes \fBeventlogadm\fR to emit debugging information\&. .TP \fB\-o\fR addsource \fIEVENTLOG\fR \fISOURCENAME\fR \fIMSGFILE\fR The \fB\-o addsource\fR option creates a new event log source\&. .TP \fB\-o\fR write \fIEVENTLOG\fR The \fB\-o write\fR reads event log records from standard input and writes them to theSamba event log store named by EVENTLOG\&. .TP \fB\-h\fR Print usage information\&. .SH "EVENTLOG RECORD FORMAT" .PP For the write operation, \fBeventlogadm\fR expects to be able to read structured records from standard input\&. These records are a sequence of lines, with the record key and data separated by a colon character\&. Records are separated by at least one or more blank line\&. .PP The event log record field are: .TP 3 \(bu \fBLEN\fR \- This field should be 0, since \fBeventlogadm\fR will calculate this value\&. .TP \(bu \fBRS1\fR \- This must be the value 1699505740\&. .TP \(bu \fBRCN\fR \- This field should be 0\&. .TP \(bu \fBTMG\fR \- The time the eventlog record was generated; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&. .TP \(bu \fBTMW\fR \- The time the eventlog record was written; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&. .TP \(bu \fBEID\fR \- The eventlog ID\&. .TP \(bu \fBETP\fR \- The event type \-\- one of "INFO", "ERROR", "WARNING", "AUDIT SUCCESS" or "AUDIT FAILURE"\&. .TP \(bu \fBECT\fR \- The event category; this depends on the message file\&. It is primarily used as a means of filtering in the eventlog viewer\&. .TP \(bu \fBRS2\fR \- This field should be 0\&. .TP \(bu \fBCRN\fR \- This field should be 0\&. .TP \(bu \fBUSL\fR \- This field should be 0\&. .TP \(bu \fBSRC\fR \- This field contains the source name associated with the event log\&. If a message file is used with an event log, there will be a registry entry for associating this source name with a message file DLL\&. .TP \(bu \fBSRN\fR \- he name of the machine on which the eventlog was generated\&. This is typically the host name\&. .TP \(bu \fBSTR\fR \- The text associated with the eventlog\&. There may be more than one string in a record\&. .TP \(bu \fBDAT\fR \- This field should be left unset\&. .LP .SH "EXAMPLES" .PP An example of the record format accepted by \fBeventlogadm\fR: .nf LEN: 0 RS1: 1699505740 RCN: 0 TMG: 1128631322 TMW: 1128631322 EID: 1000 ETP: INFO ECT: 0 RS2: 0 CRN: 0 USL: 0 SRC: cron SRN: dmlinux STR: (root) CMD ( rm \-f /var/spool/cron/lastrun/cron\&.hourly) DAT: .fi .PP Set up an eventlog source, specifying a message file DLL: .nf eventlogadm \-o addsource Application MyApplication | \\\\ %SystemRoot%/system32/MyApplication\&.dll .fi .PP Filter messages from the system log into an event log: .nf tail \-f /var/log/messages | \\\\ my_program_to_parse_into_eventlog_records | \\\\ eventlogadm SystemLogEvents .fi .SH "VERSION" .PP This man page is correct for version 3\&.0\&.25 of the Samba suite\&. .SH "AUTHOR" .PP The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.