- Unix Commands Reference
- Unix Commands - Home
eventlogadm Command in Linux
eventlogadm command in Linux is a part of Samba suit that is used to manage events logs (records of system and application events). With eventlogadm command, you can add event log sources, write event log records and dump event log records to the screen. Essentially, it helps you in logging and managing events, thus making it easier for administrators to track and troubleshoot issues.
Table of Contents
Here is a comprehensive guide to the options available with the eventlogadm command −
- Installation of eventlogadm Command in Linux
- Syntax for eventlogadm Command in Linux
- Different Options Available for eventlogadm Command
- Record Format for eventlogadm
- Examples of eventlogadm Command in Linux
Installation of eventlogadm Command in Linux
The eventlogadm command is not preinstalled on Linux systems, however, you can easily install it as a part of Samba suite from your default package manager.
On Ubuntu, Debian, Linux Mint and other such Debian-based systems, you can install eventlogadm from the following command −
sudo apt install samba
On Red-HAT systems like CentOS and Fedora, you can install the eventlogadm utility by running the following command −
sudo yum install samba
The Arch Linux users can use the below-given command to install the eventlogadm on their systems −
sudo pacman -S samba
If you are using SUSE Linux, you can install the eventlogadm through the below-given command −
sudo zypper install samba
Syntax for eventlogadm Command in Linux
The basic syntax to use the eventlogadm command in Linux is given below −
eventlogadm [options] -o operation [parameters]
Where,
- [options] are different available options that can be used with the command for modifying the behavior.
- operation specifies the operation to perform, such as addsource, write, or dump.
- [parameters] are additional parameters required for the specified operation, such as event log name, source name, or record number.
Different Options Available for eventlogadm Command in Linux
With eventlogadm command, you can use different options, these are discussed in the table below −
| Option | Description |
|---|---|
| -d | Emit debugging information |
| -h | Print usage information. |
| -s FILENAME | Load the specified configuration file instead of the default one. |
| -o addsource EVENTLOG SOURCENAME MSGFILE | Create a new event log source. You need to specify the event log name, source name, and the associated message file. |
| -o write EVENTLOG | Read event log records from standard input and save them to the designated Samba event log store specified by EVENTLOG. |
| -o dump EVENTLOG RECORD_NUMBER | Fetch event log records from a specified event log database (EVENTLOG) and display them on the screen. |
Record Format for eventlogadm
For the write operation, eventlogadm requires structured records to be read from standard input. These records are composed of lines where each line has a record key and data separated by a colon. Additionally, these records are also separated by one or more blank lines.
| Field | Description |
|---|---|
| LEN | The value of this field must be set to 0, as eventlogadm will calculate this value. |
| RS1 | You must set its value to 1699505740. |
| RCN | Ensure setting this value to 0. |
| TMG | The timestamp when the event log entry was created, measured in seconds from 00:00:00 on January 1, 1970, UTC. |
| TMW | The timestamp when the event log entry was recorded, measured in seconds from 00:00:00 on January 1, 1970, UTC. |
| EID | The event log ID. |
| ETP | The event type, which can be “INFO”, “WARNING”, “ERROR”, “AUDIT SUCCESS”, or “AUDIT FAILURE”. |
| ECT | The event category that is determined by the message file, and is used for filtering within the event log viewer. |
| RS2 | The value must be set to 0. |
| CRN | The value should be set to 0. |
| USL | The value must be set to 0. |
| SRC | The source name linked to the event log. If a message file is utilized, a registry entry will connect this source name to a message file with DLL format. |
| SRN | The machine’s name where the event log was created, usually the host name. |
| STR | The text linked with the event log and there can be multiple strings in a record. |
| DAT | This field must be left unset. |
Examples of eventlogadm Command in Linux
Let’s explore a few examples of eventlogadm command −
- Adding a New Event Log Source
- Writing an Event Log Record
- Dumping Event Log Records
Adding a New Event Log Source
To add a new event log source, you can use the addsource operation with the eventlogadm command. For example −
sudo eventlogadm -o addsource "Application" "MyAppSource" "/path/to/message/file"
The above command will add a new source named “MyAppSource” to the “Application” event log, using the specified message file.
Writing an Event Log Record
To write an event log record, you can use the write operation with eventlogadm command. For example −
echo "LEN:0 RS1:1699505740 RCN:0 TMG:$(date +%s) TMW:$(date +%s) EID:1001 ETP:INFO ECT:0 RS2:0 CRN:0 USL:0 SRC:MyAppSource SRN:$(hostname) STR:This is a test event log entry. DAT:" | sudo eventlogadm -o write "Application"
The above command writes a structured event log record to the “Application” event log.
Dumping Event Log Records
You can also use the eventlogadm command to dump event log records to the screen, for that purpose, dump operation is used. For example −
sudo eventlogadm -o dump "Application"
The above command will display all records from the “Application” event log.
Conclusion
The eventlogadm command is a part of the Samba suite used in Linux for managing event logs. It helps you add sources, write records, view logs and aids in effective event tracking and troubleshooting.
This tutorial has provided the necessary instructions and examples to help you use the eventlogadm command effectively. By mastering the eventlogadm command, you can significantly enhance your ability to manage and troubleshoot event logs on Linux systems.