[Samba] Making Samba4 log data accessible in MsWindows EventLog Viewer?

[Jonathan Detert]

I'd like to make the data in the logs from Samba4 available to view in MsWindows Eventlog Viewer.


The most information I can find on this subject is this link: https://wiki.samba.org/index.php/Event_Logging


Here's what I think I understand from that article:


1) Tell samba which event log 'names' to create (and somehow report to the Ms. EventViewer);

2) Find/develop a program to read the traditional samba log files, convert them to a format that eventlogadm accepts, and then

3) pipe them to eventlogadm, which will record them in the tdb files that were created as a result of point 1) above.


If that's correct, does anyone know of a program to use for point 2)?  I can't find any examples on google.


Also, assuming I find one, or write my own, I'm not sure how the tdb files are made viewable to a MsWin EventViewer client.


This section https://wiki.samba.org/index.php/Event_Logging#Deciphering_EventLog_entries_on_the_Client seems to address that need, but I don't understand it.  E.g. It says to create a 'Message file DLL', but not how to do so, or where.  Then, it says to issue the eventlogadm command to reference a dll, but it doesn't say whether that's the 'Message file DLL' you were to create, or some other dll.  It's also not clear whether eventlogadm needs to be able to access that dll, and if so, how.


Any help is appreciated!


Thanks,


Jon