LinuxCommandLibrary

eventlogadm

Manage system event logs

SYNOPSIS

eventlogadm [-D] [-h] [-H host] [-l logname] [-L logname] [-m messagefile] [-N] [-s recordno] [-S server] [-t type] [-U username[%password]] [-w]

PARAMETERS

-D
    Disable the eventlog service

-h
    Display help and exit

-H host
    Connect to remote host

-l logname
    List records in specified log (Application, System, Security)

-L logname
    Add or recreate a new event log

-m messagefile
    Add message from file to log

-N
    Do not prompt for password

-s recordno
    Start listing from specific record number

-S server
    Specify target server name

-t type
    Event type: 1=Error, 2=Warning, 3=Information, 4=Audit Success, 5=Audit Failure

-U username[%password]
    Specify username and optional password for authentication

-w
    Clear (write zero records) the event log

DESCRIPTION

The eventlogadm command is a Samba utility for managing Windows-compatible event logs on Linux/Unix systems running Samba as a domain controller or file server. It allows administrators to add, list, clear, and manipulate event log entries, emulating Windows NT/2000 event logging for compatibility with Windows clients and tools.

Samba stores event logs in TDB files (e.g., eventlog.tdb) configured via smb.conf. eventlogadm supports operations like injecting messages, dumping logs, and disabling the service. It's essential for troubleshooting, testing event log replication in Active Directory environments, or scripting log maintenance.

Authentication uses Samba credentials, and it communicates via RPC with the eventlog service (eventlogrd daemon). Use it alongside rpcclient for remote access. Not for native Linux logging (use journalctl instead).

CAVEATS

Requires running Samba with eventlog backend enabled in smb.conf (eventlog: type = nt). Logs stored in private/ dir. Remote ops need winbind or proper auth. Not for high-volume production use; prefer Windows tools for full fidelity.

EXAMPLES

eventlogadm -Uadministrator -l System
List System log entries.

eventlogadm -Uadmin -m msg.txt -t 1 -l Application
Add error message from file to Application log.

CONFIGURATION

In smb.conf: [global]
eventlog: type = nt
Restart smbd/nmbd after changes.

HISTORY

Introduced in Samba 3.x (circa 2003) for PDC/BDC event log support. Enhanced in Samba 4.x for full AD DC compatibility, integrating with samlog backend.

SEE ALSO

rpcclient(1), smbclient(1), eventlogrd(8), pdbedit(8)

Copied to clipboard