Context Navigation

eventlogadm.8@ 201

Visit:

Last change on this file since 201 was 201, checked in by Herwig Bauernfeind, 17 years ago
Update to Samba 3.2.3
File size: 5.4 KB

Rev	Line
[201]	1	.\" Title: eventlogadm
	2	.\" Author:
	3	.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
	4	.\" Date: 08/27/2008
	5	.\" Manual: System Administration tools
	6	.\" Source: Samba 3.2
	7	.\"
	8	.TH "EVENTLOGADM" "8" "08/27/2008" "Samba 3\.2" "System Administration tools"
	9	.\" disable hyphenation
	10	.nh
	11	.\" disable justification (adjust text to left margin only)
	12	.ad l
	13	.SH "NAME"
	14	eventlogadm - push records into the Samba event log store
	15	.SH "SYNOPSIS"
	16	.HP 1
	17	eventlogadm [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ addsource\ \fIEVENTLOG\fR\ \fISOURCENAME\fR\ \fIMSGFILE\fR
	18	.HP 1
	19	eventlogadm [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ write\ \fIEVENTLOG\fR
	20	.SH "DESCRIPTION"
	21	.PP
	22	This tool is part of the
	23	\fBsamba\fR(1)
	24	suite\.
	25	.PP
	26	eventlogadm
	27	is a filter that accepts formatted event log records on standard input and writes them to the Samba event log store\. Windows client can then manipulate these record using the usual administration tools\.
	28	.SH "OPTIONS"
	29	.PP
	30	\fB\-d\fR
	31	.RS 4
	32	The
	33	\-d
	34	option causes
	35	eventlogadm
	36	to emit debugging information\.
	37	.RE
	38	.PP
	39	\fB\-o\fR addsource \fIEVENTLOG\fR \fISOURCENAME\fR \fIMSGFILE\fR
	40	.RS 4
	41	The
	42	\-o addsource
	43	option creates a new event log source\.
	44	.RE
	45	.PP
	46	\fB\-o\fR write \fIEVENTLOG\fR
	47	.RS 4
	48	The
	49	\-o write
	50	reads event log records from standard input and writes them to theSamba event log store named by EVENTLOG\.
	51	.RE
	52	.PP
	53	\fB\-h\fR
	54	.RS 4
	55	Print usage information\.
	56	.RE
	57	.SH "EVENTLOG RECORD FORMAT"
	58	.PP
	59	For the write operation,
	60	eventlogadm
	61	expects to be able to read structured records from standard input\. These records are a sequence of lines, with the record key and data separated by a colon character\. Records are separated by at least one or more blank line\.
	62	.PP
	63	The event log record field are:
	64	.sp
	65	.RS 4
	66	.ie n \{\
	67	\h'-04'\(bu\h'+03'\c
	68	.\}
	69	.el \{\
	70	.sp -1
	71	.IP \(bu 2.3
	72	.\}
	73
	74	LEN
	75	\- This field should be 0, since
	76	eventlogadm
	77	will calculate this value\.
	78	.RE
	79	.sp
	80	.RS 4
	81	.ie n \{\
	82	\h'-04'\(bu\h'+03'\c
	83	.\}
	84	.el \{\
	85	.sp -1
	86	.IP \(bu 2.3
	87	.\}
	88
	89	RS1
	90	\- This must be the value 1699505740\.
	91	.RE
	92	.sp
	93	.RS 4
	94	.ie n \{\
	95	\h'-04'\(bu\h'+03'\c
	96	.\}
	97	.el \{\
	98	.sp -1
	99	.IP \(bu 2.3
	100	.\}
	101
	102	RCN
	103	\- This field should be 0\.
	104	.RE
	105	.sp
	106	.RS 4
	107	.ie n \{\
	108	\h'-04'\(bu\h'+03'\c
	109	.\}
	110	.el \{\
	111	.sp -1
	112	.IP \(bu 2.3
	113	.\}
	114
	115	TMG
	116	\- The time the eventlog record was generated; format is the number of seconds since 00:00:00 January 1, 1970, UTC\.
	117	.RE
	118	.sp
	119	.RS 4
	120	.ie n \{\
	121	\h'-04'\(bu\h'+03'\c
	122	.\}
	123	.el \{\
	124	.sp -1
	125	.IP \(bu 2.3
	126	.\}
	127
	128	TMW
	129	\- The time the eventlog record was written; format is the number of seconds since 00:00:00 January 1, 1970, UTC\.
	130	.RE
	131	.sp
	132	.RS 4
	133	.ie n \{\
	134	\h'-04'\(bu\h'+03'\c
	135	.\}
	136	.el \{\
	137	.sp -1
	138	.IP \(bu 2.3
	139	.\}
	140
	141	EID
	142	\- The eventlog ID\.
	143	.RE
	144	.sp
	145	.RS 4
	146	.ie n \{\
	147	\h'-04'\(bu\h'+03'\c
	148	.\}
	149	.el \{\
	150	.sp -1
	151	.IP \(bu 2.3
	152	.\}
	153
	154	ETP
	155	\- The event type \-\- one of "INFO", "ERROR", "WARNING", "AUDIT SUCCESS" or "AUDIT FAILURE"\.
	156	.RE
	157	.sp
	158	.RS 4
	159	.ie n \{\
	160	\h'-04'\(bu\h'+03'\c
	161	.\}
	162	.el \{\
	163	.sp -1
	164	.IP \(bu 2.3
	165	.\}
	166
	167	ECT
	168	\- The event category; this depends on the message file\. It is primarily used as a means of filtering in the eventlog viewer\.
	169	.RE
	170	.sp
	171	.RS 4
	172	.ie n \{\
	173	\h'-04'\(bu\h'+03'\c
	174	.\}
	175	.el \{\
	176	.sp -1
	177	.IP \(bu 2.3
	178	.\}
	179
	180	RS2
	181	\- This field should be 0\.
	182	.RE
	183	.sp
	184	.RS 4
	185	.ie n \{\
	186	\h'-04'\(bu\h'+03'\c
	187	.\}
	188	.el \{\
	189	.sp -1
	190	.IP \(bu 2.3
	191	.\}
	192
	193	CRN
	194	\- This field should be 0\.
	195	.RE
	196	.sp
	197	.RS 4
	198	.ie n \{\
	199	\h'-04'\(bu\h'+03'\c
	200	.\}
	201	.el \{\
	202	.sp -1
	203	.IP \(bu 2.3
	204	.\}
	205
	206	USL
	207	\- This field should be 0\.
	208	.RE
	209	.sp
	210	.RS 4
	211	.ie n \{\
	212	\h'-04'\(bu\h'+03'\c
	213	.\}
	214	.el \{\
	215	.sp -1
	216	.IP \(bu 2.3
	217	.\}
	218
	219	SRC
	220	\- This field contains the source name associated with the event log\. If a message file is used with an event log, there will be a registry entry for associating this source name with a message file DLL\.
	221	.RE
	222	.sp
	223	.RS 4
	224	.ie n \{\
	225	\h'-04'\(bu\h'+03'\c
	226	.\}
	227	.el \{\
	228	.sp -1
	229	.IP \(bu 2.3
	230	.\}
	231
	232	SRN
	233	\- he name of the machine on which the eventlog was generated\. This is typically the host name\.
	234	.RE
	235	.sp
	236	.RS 4
	237	.ie n \{\
	238	\h'-04'\(bu\h'+03'\c
	239	.\}
	240	.el \{\
	241	.sp -1
	242	.IP \(bu 2.3
	243	.\}
	244
	245	STR
	246	\- The text associated with the eventlog\. There may be more than one string in a record\.
	247	.RE
	248	.sp
	249	.RS 4
	250	.ie n \{\
	251	\h'-04'\(bu\h'+03'\c
	252	.\}
	253	.el \{\
	254	.sp -1
	255	.IP \(bu 2.3
	256	.\}
	257
	258	DAT
	259	\- This field should be left unset\.
	260	.SH "EXAMPLES"
	261	.PP