eventlogadm

eventlogadm [GLOBAL_OPTIONS] ACTION <eventlog name> [ACTION_OPTIONS]

ACTION
    Specifies the primary operation to perform on the event log. Common actions include:
dump: Dumps the contents of the specified event log.
clear: Clears all entries from the specified event log. Use with caution!
info: Displays information about the specified event log (e.g., size, number of records).
delete: Deletes the specified event log entirely. Use with caution!

<eventlog name>
    The name of the event log to operate on (e.g., Application, System, Security).

GLOBAL_OPTIONS
    Options that apply globally to the eventlogadm command, regardless of the action.
-s, --configfile=FILE: Specifies the path to the Samba configuration file (smb.conf).
-l, --logfile=FILE: Specifies the path to the Samba log file.
-D, --debuglevel=LEVEL: Sets the debug level for Samba operations (0-10, higher means more verbose output).
-V, --version: Prints the Samba version information.
-?, --help: Displays a help message with usage information.
--usage: Displays a brief usage message.
--option-name: Prints known option names for internal use.

ACTION_OPTIONS
    Options specific to the chosen ACTION.
--file=FILE: Used with dump to specify an output file for the log content instead of standard output.
--xml: Used with dump to output the log content in XML format.
--format=FORMAT: Specifies the output format for dumped logs (e.g., text, raw, xml).

The `eventlogadm` command is a utility provided as part of the Samba suite on Linux and Unix-like operating systems. It is designed to manage event logs that Samba itself maintains, mimicking the functionality of Windows Event Log management. This tool allows administrators to view, clear, delete, and gather information about event logs stored by a Samba server. This is particularly useful in environments where Samba acts as a domain controller or a file server for Windows clients, and it needs to host Windows-compatible event logs (e.g., Application, System, Security logs). It provides a command-line interface to interact with Samba's internal event log database, enabling scriptable log management and integration into broader system administration tasks.

This command is specifically designed for managing event logs hosted by Samba, not general Windows event logs on remote Windows machines. Its functionality relies on a correctly configured Samba installation. Operations like clear and delete are destructive and should be used with extreme care, as they permanently remove log data. The exact behavior and available options might vary slightly between different Samba versions.

Typical event log names you might manage include Application, System, Security, Directory Service, and File Replication Service. These correspond to the standard logs found in a Windows environment.

To effectively use `eventlogadm` for operations like clearing or deleting logs, you typically need root privileges or appropriate permissions on the Samba event log files and directories.

`eventlogadm` is an integral part of the Samba project, which began in 1992. As Samba evolved to provide increasingly sophisticated Windows services, including domain controller capabilities and Windows-style file sharing, the need arose to manage the associated Windows-compatible event logs. `eventlogadm` was developed to provide a command-line interface for Linux administrators to interact with these logs, mirroring the functionality found in Windows' Event Viewer. Its development reflects Samba's ongoing commitment to interoperability and providing a comprehensive suite of tools for managing Windows services on Unix-like systems.

smb.conf(5), samba(7), smbclient(1), net(8), testparm(1)