source: branches/samba-3.3.x/docs/manpages/eventlogadm.8@ 368

'\" t
.\"     Title: eventlogadm
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
.\"      Date: 01/14/2010
.\"    Manual: System Administration tools
.\"    Source: Samba 3.3
.\"  Language: English
.\"
.TH "EVENTLOGADM" "8" "01/14/2010" "Samba 3\&.3" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
eventlogadm \- push records into the Samba event log store
.SH "SYNOPSIS"
.HP \w'\ 'u
eventlogadm [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ addsource\ \fIEVENTLOG\fR\ \fISOURCENAME\fR\ \fIMSGFILE\fR
.HP \w'\ 'u
eventlogadm [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ write\ \fIEVENTLOG\fR
.SH "DESCRIPTION"
.PP
This tool is part of the
\fBsamba\fR(1)
suite\&.
.PP
eventlogadm
is a filter that accepts formatted event log records on standard input and writes them to the Samba event log store\&. Windows client can then manipulate these record using the usual administration tools\&.
.SH "OPTIONS"
.PP
\fB\-d\fR
.RS 4
The
\-d
option causes
eventlogadm
to emit debugging information\&.
.RE
.PP
\fB\-o\fR addsource \fIEVENTLOG\fR \fISOURCENAME\fR \fIMSGFILE\fR
.RS 4
The
\-o addsource
option creates a new event log source\&.
.RE
.PP
\fB\-o\fR write \fIEVENTLOG\fR
.RS 4
The
\-o write
reads event log records from standard input and writes them to the Samba event log store named by EVENTLOG\&.
.RE
.PP
\fB\-h\fR
.RS 4
Print usage information\&.
.RE
.SH "EVENTLOG RECORD FORMAT"
.PP
For the write operation,
eventlogadm
expects to be able to read structured records from standard input\&. These records are a sequence of lines, with the record key and data separated by a colon character\&. Records are separated by at least one or more blank line\&.
.PP
The event log record field are:
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}

LEN
\- This field should be 0, since
eventlogadm
will calculate this value\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}

RS1
\- This must be the value 1699505740\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}

RCN
\- This field should be 0\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}

TMG
\- The time the eventlog record was generated; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}

TMW
\- The time the eventlog record was written; format is the number of seconds since 00:00:00 January 1, 1970, UTC\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}

EID
\- The eventlog ID\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}

ETP
\- The event type \-\- one of "INFO", "ERROR", "WARNING", "AUDIT SUCCESS" or "AUDIT FAILURE"\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}

ECT
\- The event category; this depends on the message file\&. It is primarily used as a means of filtering in the eventlog viewer\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}

RS2
\- This field should be 0\&.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3