source: trunk/samba-3.0.25pre1/docs/htmldocs/manpages/eventlogadm.8.html @ 1

Last change on this file since 1 was 1, checked in by Paul Smedley, 14 years ago

Initial code import

File size: 6.8 KB
Line 
1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>eventlogadm</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.68.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="eventlogadm.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>eventlogadm &#8212; push records into the Samba event log store</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">eventlogadm</code>  [<code class="option">-d</code>] [<code class="option">-h</code><code class="option">-o</code>
2                <code class="literal">addsource</code>
3                <em class="replaceable"><code>EVENTLOG</code></em>
4                <em class="replaceable"><code>SOURCENAME</code></em>
5                <em class="replaceable"><code>MSGFILE</code></em>
6                 </p></div><div class="cmdsynopsis"><p><code class="command">eventlogadm</code>  [<code class="option">-d</code>] [<code class="option">-h</code><code class="option">-o</code>
7                <code class="literal">write</code>
8                <em class="replaceable"><code>EVENTLOG</code></em>
9                 </p></div></div><div class="refsect1" lang="en"><a name="id231177"></a><h2>DESCRIPTION</h2><p>This tool is part of the
10        <a href="samba.1.html"><span class="citerefentry"><span class="refentrytitle">samba</span>(1)</span></a> suite.</p><p><span><strong class="command">eventlogadm</strong></span> is a filter that accepts
11        formatted event log records on standard input and writes them
12        to the Samba event log store. Windows client can then manipulate
13        these record using the usual administration tools.</p></div><div class="refsect1" lang="en"><a name="id231404"></a><h2>OPTIONS</h2><div class="variablelist"><dl><dt><span class="term"><code class="option">-d</code></span></dt><dd><p>
14                The <span><strong class="command">-d</strong></span> option causes
15                <span><strong class="command">eventlogadm</strong></span> to emit debugging
16                information.
17                </p></dd><dt><span class="term">
18                <code class="option">-o</code>
19                <code class="literal">addsource</code>
20                <em class="replaceable"><code>EVENTLOG</code></em>
21                <em class="replaceable"><code>SOURCENAME</code></em>
22                <em class="replaceable"><code>MSGFILE</code></em>
23                </span></dt><dd><p>
24                The <span><strong class="command">-o addsource</strong></span> option creates a
25                new event log source.
26                </p></dd><dt><span class="term">
27                <code class="option">-o</code>
28                <code class="literal">write</code>
29                <em class="replaceable"><code>EVENTLOG</code></em>
30                </span></dt><dd><p>
31                The <span><strong class="command">-o write</strong></span> reads event log
32                records from standard input and writes them to theSamba
33                event log store named by EVENTLOG.
34                </p></dd><dt><span class="term"><code class="option">-h</code></span></dt><dd><p>
35                Print usage information.
36                </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id231519"></a><h2>EVENTLOG RECORD FORMAT</h2><p>For the write operation, <span><strong class="command">eventlogadm</strong></span>
37        expects to be able to read structured records from standard
38        input. These records are a sequence of lines, with the record key
39        and data separated by a colon character. Records are separated
40        by at least one or more blank line.</p><p>The event log record field are:</p><div class="itemizedlist"><ul type="disc"><li><p>
41                <span><strong class="command">LEN</strong></span> - This field should be 0, since
42                <span><strong class="command">eventlogadm</strong></span> will calculate this value.
43                </p></li><li><p>
44                <span><strong class="command">RS1</strong></span> - This must be the value 1699505740.
45                </p></li><li><p>
46                <span><strong class="command">RCN</strong></span> -  This field should be 0.
47                </p></li><li><p>
48                <span><strong class="command">TMG</strong></span> - The time the eventlog record
49                was generated; format is the number of seconds since
50                00:00:00 January 1, 1970, UTC.
51                </p></li><li><p>
52                <span><strong class="command">TMW</strong></span> - The time the eventlog record was
53                written; format is the number of seconds since 00:00:00
54                January 1, 1970, UTC.
55                </p></li><li><p>
56                <span><strong class="command">EID</strong></span> - The eventlog ID.
57                </p></li><li><p>
58                <span><strong class="command">ETP</strong></span> - The event type -- one of
59                "INFO",
60                "ERROR", "WARNING", "AUDIT
61                SUCCESS" or "AUDIT FAILURE".
62                </p></li><li><p>
63                <span><strong class="command">ECT</strong></span> - The event category; this depends
64                on the message file. It is primarily used as a means of
65                filtering in the eventlog viewer.
66                </p></li><li><p>
67                <span><strong class="command">RS2</strong></span> - This field should be 0.
68                </p></li><li><p>
69                <span><strong class="command">CRN</strong></span> - This field should be 0.
70                </p></li><li><p>
71                <span><strong class="command">USL</strong></span> - This field should be 0.
72                </p></li><li><p>
73                <span><strong class="command">SRC</strong></span> - This field contains the source
74                name associated with the event log. If a message file is
75                used with an event log, there will be a registry entry
76                for associating this source name with a message file DLL.
77                </p></li><li><p>
78                <span><strong class="command">SRN</strong></span> - he name of the machine on
79                which the eventlog was generated. This is typically the
80                host name.
81                </p></li><li><p>
82                <span><strong class="command">STR</strong></span> - The text associated with the
83                eventlog. There may be more than one string in a record.
84                </p></li><li><p>
85                <span><strong class="command">DAT</strong></span> - This field should be left unset.
86                </p></li></ul></div></div><div class="refsect1" lang="en"><a name="id271754"></a><h2>EXAMPLES</h2><p>An example of the record format accepted by
87        <span><strong class="command">eventlogadm</strong></span>:</p><pre class="programlisting">
88        LEN: 0
89        RS1: 1699505740
90        RCN: 0
91        TMG: 1128631322
92        TMW: 1128631322
93        EID: 1000
94        ETP: INFO
95        ECT: 0
96        RS2: 0
97        CRN: 0
98        USL: 0
99        SRC: cron
100        SRN: dmlinux
101        STR: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
102        DAT:
103        </pre><p>Set up an eventlog source, specifying a message file DLL:</p><pre class="programlisting">
104        eventlogadm -o addsource Application MyApplication | \\
105                %SystemRoot%/system32/MyApplication.dll
106        </pre><p>Filter messages from the system log into an event log:</p><pre class="programlisting">
107        tail -f /var/log/messages | \\
108                my_program_to_parse_into_eventlog_records | \\
109                eventlogadm SystemLogEvents
110        </pre></div><div class="refsect1" lang="en"><a name="id271795"></a><h2>VERSION</h2><p>This man page is correct for version 3.0.25 of the Samba suite.</p></div><div class="refsect1" lang="en"><a name="id271805"></a><h2>AUTHOR</h2><p> The original Samba software and related utilities were
111        created by Andrew Tridgell.  Samba is now developed by the
112        Samba Team as an Open Source project similar to the way the
113        Linux kernel is developed.</p></div></div></body></html>
Note: See TracBrowser for help on using the repository browser.