| 1 | ##
|
|---|
| 2 | ## Samba-EventLog-HOWTO.txt
|
|---|
| 3 | ## Brian Moran <[email protected]>
|
|---|
| 4 | ##
|
|---|
| 5 | ## Feature Introduced in Samba 3.0.21
|
|---|
| 6 | ##
|
|---|
| 7 |
|
|---|
| 8 | Samba and Eventlogs
|
|---|
| 9 | ===================
|
|---|
| 10 |
|
|---|
| 11 | Samba servers now support event logs -- this means that if
|
|---|
| 12 | Samba is configured correctly, the usual administration tools
|
|---|
| 13 | like event viewer will work against a Samba server.
|
|---|
| 14 |
|
|---|
| 15 | To minimally configure Samba to publish event logs, the
|
|---|
| 16 | eventlogs to list must be specified in smb.conf, and
|
|---|
| 17 | eventlog entries must be written to those eventlogs.
|
|---|
| 18 |
|
|---|
| 19 | Optionally, a message file can be registered for each
|
|---|
| 20 | of the eventlog 'sources' to pretty-print the eventlog
|
|---|
| 21 | messages in the eventlog viewer.
|
|---|
| 22 |
|
|---|
| 23 | Configuring smb.conf
|
|---|
| 24 | ====================
|
|---|
| 25 |
|
|---|
| 26 | To specify the list of eventlogs the eventlog list
|
|---|
| 27 | command is used. An example which will show four
|
|---|
| 28 | eventlogs is
|
|---|
| 29 |
|
|---|
| 30 | eventlog list = Application System Security SyslogLinux
|
|---|
| 31 |
|
|---|
| 32 | When Samba initially starts, it looks to see if the
|
|---|
| 33 | eventlog directory, and a particular log exists; if not,
|
|---|
| 34 | the directory and file are created under LOCK_DIR
|
|---|
| 35 |
|
|---|
| 36 | Writing EventLog Records
|
|---|
| 37 | ========================
|
|---|
| 38 |
|
|---|
| 39 | The eventlogadm command is used to write records
|
|---|
| 40 | into a particular eventlog. Eventlogadm expects records
|
|---|
| 41 | to be on STDIN in the following format
|
|---|
| 42 |
|
|---|
| 43 | LEN: 0
|
|---|
| 44 | RS1: 1699505740
|
|---|
| 45 | RCN: 0
|
|---|
| 46 | TMG: 1128631322
|
|---|
|
|---|
