1EVENTLOGADM(8) EVENTLOGADM(8)
2
6 eventlogadm - push records into the Samba event log store
7
9 eventlogadm [-d] [-h] -o addsource EVENTLOG SOURCENAME MSGFILE
10 eventlogadm [-d] [-h] -o write EVENTLOG
12
14 This tool is part of the samba(1) suite.
15 eventlogadm is a filter that accepts formatted event log records on
17 standard input and writes them to the Samba event log store. Windows
18 client can then manipulate these record using the usual administration
19 tools.
20
22 -d
23 The -d option causes eventlogadm to emit debugging information.
24 -o addsource EVENTLOG SOURCENAME MSGFILE
26 The -o addsource option creates a new event log source.
27 -o write EVENTLOG
29 The -o write reads event log records from standard input and writes
30 them to theSamba event log store named by EVENTLOG.
31 -h
33 Print usage information.
34
36 For the write operation, eventlogadm expects to be able to read struc‐
37 tured records from standard input. These records are a sequence of
38 lines, with the record key and data separated by a colon character.
39 Records are separated by at least one or more blank line.
40 The event log record field are:
42 ·
44 LEN - This field should be 0, since eventlogadm will calculate this
46 value.
47 ·
49 RS1 - This must be the value 1699505740.
51 ·
53 RCN - This field should be 0.
55 ·
57 TMG - The time the eventlog record was generated; format is the num‐
59 ber of seconds since 00:00:00 January 1, 1970, UTC.
60 ·
62 TMW - The time the eventlog record was written; format is the number
64 of seconds since 00:00:00 January 1, 1970, UTC.
65 ·
67 EID - The eventlog ID.
69 ·
71 ETP - The event type -- one of "INFO", "ERROR", "WARNING", "AUDIT
73 SUCCESS" or "AUDIT FAILURE".
74 ·
76 ECT - The event category; this depends on the message file. It is
78 primarily used as a means of filtering in the eventlog viewer.
79 ·
81 RS2 - This field should be 0.
83 ·
85 CRN - This field should be 0.
87 ·
89 USL - This field should be 0.
91 ·
93 SRC - This field contains the source name associated with the event
95 log. If a message file is used with an event log, there will be a
96 registry entry for associating this source name with a message file
97 DLL.
98 ·
100 SRN - he name of the machine on which the eventlog was generated.
102 This is typically the host name.
103 ·
105 STR - The text associated with the eventlog. There may be more than
107 one string in a record.
108 ·
110 DAT - This field should be left unset.
112
114 An example of the record format accepted by eventlogadm:
115 LEN: 0
118 RS1: 1699505740
119 RCN: 0
120 TMG: 1128631322
121 TMW: 1128631322
122 EID: 1000
123 ETP: INFO
124 ECT: 0
125 RS2: 0
126 CRN: 0
127 USL: 0
128 SRC: cron
129 SRN: dmlinux
130 STR: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
131 DAT:
132 Set up an eventlog source, specifying a message file DLL:
135 eventlogadm -o addsource Application MyApplication | \
138 %SystemRoot%/system32/MyApplication.dll
139 Filter messages from the system log into an event log:
142 tail -f /var/log/messages | \
145 my_program_to_parse_into_eventlog_records | \
146 eventlogadm SystemLogEvents
147
150 This man page is correct for version 3.0.25 of the Samba suite.
151
153 The original Samba software and related utilities were created by
154 Andrew Tridgell. Samba is now developed by the Samba Team as an Open
155 Source project similar to the way the Linux kernel is developed.
156 EVENTLOGADM(8)