--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="eventlogadm.8">
+
+<refmeta>
+ <refentrytitle>eventlogadm</refentrytitle>
+ <manvolnum>8</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+ <refname>eventlogadm</refname>
+ <refpurpose>push records into the Samba event log store</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+
+ <command>eventlogadm</command>
+ <arg><option>-d</option></arg>
+ <arg><option>-h</option></arg>
+ <arg choixe="plain"><option>-o</option>
+ <literal>addsource</literal>
+ <replaceable>EVENTLOG</replaceable>
+ <replaceable>SOURCENAME</replaceable>
+ <replaceable>MSGFILE</replaceable>
+ </arg>
+
+ </cmdsynopsis>
+ <cmdsynopsis>
+ <command>eventlogadm</command>
+ <arg><option>-d</option></arg>
+ <arg><option>-h</option></arg>
+ <arg choce="plain"><option>-o</option>
+ <literal>write</literal>
+ <replaceable>EVENTLOG</replaceable>
+ </arg>
+
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This tool is part of the
+ <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>1</manvolnum></citerefentry> suite.</para>
+
+ <para><command>eventlogadm</command> is a filter that accepts
+ formatted event log records on standard input and writes them
+ to the Samba event log store. Windows client can then manipulate
+ these record using the usual administration tools.</para>
+
+</refsect1>
+
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term><option>-d</option></term>
+ <listitem><para>
+ The <command>-d</command> option causes
+ <command>eventlogadm</command> to emit debugging
+ information.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>-o</option>
+ <literal>addsource</literal>
+ <replaceable>EVENTLOG</replaceable>
+ <replaceable>SOURCENAME</replaceable>
+ <replaceable>MSGFILE</replaceable>
+ </term>
+ <listitem><para>
+ The <command>-o addsource</command> option creates a
+ new event log source.
+ </para> </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>-o</option>
+ <literal>write</literal>
+ <replaceable>EVENTLOG</replaceable>
+ </term>
+ <listitem><para>
+ The <command>-o write</command> reads event log
+ records from standard input and writes them to theSamba
+ event log store named by EVENTLOG.
+ </para> </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-h</option></term>
+ <listitem><para>
+ Print usage information.
+ </para></listitem>
+ </varlistentry>
+
+ </variablelist>
+</refsect1>
+
+
+<refsect1>
+ <title>EVENTLOG RECORD FORMAT</title>
+
+ <para>For the write operation, <command>eventlogadm</command>
+ expects to be able to read structured records from standard
+ input. These records are a sequence of lines, with the record key
+ and data separated by a colon character. Records are separated
+ by at least one or more blank line.</para>
+
+ <para>The event log record field are:</para>
+ <itemizedlist>
+
+ <listitem><para>
+ <command>LEN</command> - This field should be 0, since
+ <command>eventlogadm</command> will calculate this value.
+ </para></listitem>
+
+ <listitem><para>
+ <command>RS1</command> - This must be the value 1699505740.
+ </para></listitem>
+
+ <listitem><para>
+ <command>RCN</command> - This field should be 0.
+ </para></listitem>
+
+ <listitem><para>
+ <command>TMG</command> - The time the eventlog record
+ was generated; format is the number of seconds since
+ 00:00:00 January 1, 1970, UTC.
+ </para></listitem>
+
+ <listitem><para>
+ <command>TMW</command> - The time the eventlog record was
+ written; format is the number of seconds since 00:00:00
+ January 1, 1970, UTC.
+ </para></listitem>
+
+ <listitem><para>
+ <command>EID</command> - The eventlog ID.
+ </para></listitem>
+
+ <listitem><para>
+ <command>ETP</command> - The event type -- one of
+ "INFO",
+ "ERROR", "WARNING", "AUDIT
+ SUCCESS" or "AUDIT FAILURE".
+ </para></listitem>
+
+ <listitem><para>
+ <command>ECT</command> - The event category; this depends
+ on the message file. It is primarily used as a means of
+ filtering in the eventlog viewer.
+ </para></listitem>
+
+ <listitem><para>
+ <command>RS2</command> - This field should be 0.
+ </para></listitem>
+
+ <listitem><para>
+ <command>CRN</command> - This field should be 0.
+ </para></listitem>
+
+ <listitem><para>
+ <command>USL</command> - This field should be 0.
+ </para></listitem>
+
+ <listitem><para>
+ <command>SRC</command> - This field contains the source
+ name associated with the event log. If a message file is
+ used with an event log, there will be a registry entry
+ for associating this source name with a message file DLL.
+ </para></listitem>
+
+ <listitem><para>
+ <command>SRN</command> - he name of the machine on
+ which the eventlog was generated. This is typically the
+ host name.
+ </para></listitem>
+
+ <listitem><para>
+ <command>STR</command> - The text associated with the
+ eventlog. There may be more than one string in a record.
+ </para></listitem>
+
+ <listitem><para>
+ <command>DAT</command> - This field should be left unset.
+ </para></listitem>
+
+ </itemizedlist>
+
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+ <para>An example of the record format accepted by
+ <command>eventlogadm</command>:</para>
+
+ <programlisting>
+ LEN: 0
+ RS1: 1699505740
+ RCN: 0
+ TMG: 1128631322
+ TMW: 1128631322
+ EID: 1000
+ ETP: INFO
+ ECT: 0
+ RS2: 0
+ CRN: 0
+ USL: 0
+ SRC: cron
+ SRN: dmlinux
+ STR: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
+ DAT:
+ </programlisting>
+
+ <para>Set up an eventlog source, specifying a message file DLL:</para>
+ <programlisting>
+ eventlogadm -o addsource Application MyApplication | \\
+ %SystemRoot%/system32/MyApplication.dll
+ </programlisting>
+
+ <para>Filter messages from the system log into an event log:</para>
+ <programlisting>
+ tail -f /var/log/messages | \\
+ my_program_to_parse_into_eventlog_records | \\
+ eventlogadm SystemLogEvents
+ </programlisting>
+
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+ <para>This man page is correct for version 3.0.25 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para> The original Samba software and related utilities were
+ created by Andrew Tridgell. Samba is now developed by the
+ Samba Team as an Open Source project similar to the way the
+ Linux kernel is developed.</para>
+</refsect1>
+
+</refentry>
git.samba.org / metze / samba / wip.git / commitdiff