File: eventlogadm.8.xml

package info (click to toggle)
samba 2%3A3.2.5-4lenny15
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 124,704 kB
  • ctags: 69,181
  • sloc: ansic: 564,153; xml: 219,271; sh: 11,039; perl: 4,458; makefile: 4,301; python: 1,975; cpp: 1,224; exp: 1,147; yacc: 881; awk: 557; csh: 58; sed: 45
file content (252 lines) | stat: -rw-r--r-- 6,860 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<refentry id="eventlogadm.8">

<refmeta>
	<refentrytitle>eventlogadm</refentrytitle>
	<manvolnum>8</manvolnum>
	<refmiscinfo class="source">Samba</refmiscinfo>
	<refmiscinfo class="manual">System Administration tools</refmiscinfo>
	<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>


<refnamediv>
	<refname>eventlogadm</refname>
	<refpurpose>push records into the Samba event log store</refpurpose>
</refnamediv>

<refsynopsisdiv>
	<cmdsynopsis sepchar=" ">

		<literal>eventlogadm</literal>
		<arg choice="opt" rep="norepeat"><option>-d</option></arg>
		<arg choice="opt" rep="norepeat"><option>-h</option></arg>
		<arg choice="plain" rep="norepeat"><option>-o</option>
		<literal moreinfo="none">addsource</literal>
		<replaceable>EVENTLOG</replaceable>
		<replaceable>SOURCENAME</replaceable>
		<replaceable>MSGFILE</replaceable>
		</arg>

	</cmdsynopsis>
	<cmdsynopsis sepchar=" ">
		<literal>eventlogadm</literal>
		<arg choice="opt" rep="norepeat"><option>-d</option></arg>
		<arg choice="opt" rep="norepeat"><option>-h</option></arg>
		<arg choice="plain" rep="norepeat"><option>-o</option>
		<literal moreinfo="none">write</literal>
		<replaceable>EVENTLOG</replaceable>
		</arg>

	</cmdsynopsis>
</refsynopsisdiv>

<refsect1>
	<title>DESCRIPTION</title>

	<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
	<manvolnum>1</manvolnum></citerefentry> suite.</para>

	<para><literal>eventlogadm</literal> is a filter that accepts
	formatted event log records on standard input and writes them
	to the Samba event log store. Windows client can then manipulate
	these record using the usual administration tools.</para>

</refsect1>


<refsect1>
	<title>OPTIONS</title>

	<variablelist>

		<varlistentry>
		<term><option>-d</option></term>
		<listitem><para>
		The <literal>-d</literal> option causes <literal>eventlogadm</literal> to emit debugging
		information.
		</para></listitem>
		</varlistentry>

		<varlistentry>
		<term>
		<option>-o</option>
		<literal moreinfo="none">addsource</literal>
		<replaceable>EVENTLOG</replaceable>
		<replaceable>SOURCENAME</replaceable>
		<replaceable>MSGFILE</replaceable>
		</term>
		<listitem><para>
		The <literal>-o addsource</literal> option creates a
		new event log source.
		</para> </listitem>
		</varlistentry>

		<varlistentry>
		<term>
		<option>-o</option>
		<literal moreinfo="none">write</literal>
		<replaceable>EVENTLOG</replaceable>
		</term>
		<listitem><para>
		The <literal>-o write</literal> reads event log
		records from standard input and writes them to theSamba
		event log store named by EVENTLOG.
		</para> </listitem>
		</varlistentry>

		<varlistentry>
		<term><option>-h</option></term>
		<listitem><para>
		Print usage information.
		</para></listitem>
		</varlistentry>

	</variablelist>
</refsect1>


<refsect1>
	<title>EVENTLOG RECORD FORMAT</title>

	<para>For the write operation, <literal>eventlogadm</literal>
	expects to be able to read structured records from standard
	input. These records are a sequence of lines, with the record key
	and data separated by a colon character. Records are separated
	by at least one or more blank line.</para>

	<para>The event log record field are:</para>
	<itemizedlist>

		<listitem><para>
		<literal>LEN</literal> - This field should be 0, since <literal>eventlogadm</literal> will calculate this value.
		</para></listitem>

		<listitem><para>
		<literal>RS1</literal> - This must be the value 1699505740.
		</para></listitem>

		<listitem><para>
		<literal>RCN</literal> -  This field should be 0.
		</para></listitem>

		<listitem><para>
		<literal>TMG</literal> - The time the eventlog record
		was generated; format is the number of seconds since
		00:00:00 January 1, 1970, UTC.
		</para></listitem>

		<listitem><para>
		<literal>TMW</literal> - The time the eventlog record was
		written; format is the number of seconds since 00:00:00
		January 1, 1970, UTC.
		</para></listitem>

		<listitem><para>
		<literal>EID</literal> - The eventlog ID.
		</para></listitem>

		<listitem><para>
		<literal>ETP</literal> - The event type -- one of
		"INFO",
		"ERROR", "WARNING", "AUDIT
		SUCCESS" or "AUDIT FAILURE".
		</para></listitem>

		<listitem><para>
		<literal>ECT</literal> - The event category; this depends
		on the message file. It is primarily used as a means of
		filtering in the eventlog viewer.
		</para></listitem>

		<listitem><para>
		<literal>RS2</literal> - This field should be 0.
		</para></listitem>

		<listitem><para>
		<literal>CRN</literal> - This field should be 0.
		</para></listitem>

		<listitem><para>
		<literal>USL</literal> - This field should be 0.
		</para></listitem>

		<listitem><para>
		<literal>SRC</literal> - This field contains the source
		name associated with the event log. If a message file is
		used with an event log, there will be a registry entry
		for associating this source name with a message file DLL.
		</para></listitem>

		<listitem><para>
		<literal>SRN</literal> - he name of the machine on
		which the eventlog was generated. This is typically the
		host name.
		</para></listitem>

		<listitem><para>
		<literal>STR</literal> - The text associated with the
		eventlog. There may be more than one string in a record.
		</para></listitem>

		<listitem><para>
		<literal>DAT</literal> - This field should be left unset.
		</para></listitem>

	</itemizedlist>

</refsect1>

<refsect1>
	<title>EXAMPLES</title>
	<para>An example of the record format accepted by <literal>eventlogadm</literal>:</para>

	<programlisting format="linespecific">
	LEN: 0
	RS1: 1699505740
	RCN: 0
	TMG: 1128631322
	TMW: 1128631322
	EID: 1000
	ETP: INFO
	ECT: 0
	RS2: 0
	CRN: 0
	USL: 0
	SRC: cron
	SRN: dmlinux
	STR: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
	DAT:
	</programlisting>

	<para>Set up an eventlog source, specifying a message file DLL:</para>
	<programlisting format="linespecific">
	eventlogadm -o addsource Application MyApplication | \\
	    	%SystemRoot%/system32/MyApplication.dll
	</programlisting>

	<para>Filter messages from the system log into an event log:</para>
	<programlisting format="linespecific">
	tail -f /var/log/messages | \\
		my_program_to_parse_into_eventlog_records | \\
	      	eventlogadm SystemLogEvents
	</programlisting>

</refsect1>

<refsect1>
	<title>VERSION</title>
	<para>This man page is correct for version 3.0.25 of the Samba suite.</para>
</refsect1>

<refsect1>
	<title>AUTHOR</title>

	<para> The original Samba software and related utilities were
	created by Andrew Tridgell.  Samba is now developed by the
	Samba Team as an Open Source project similar to the way the
	Linux kernel is developed.</para>
</refsect1>

</refentry>