Calling eels_log_archive from the command line

Unlike calling eels_log_archive(1Meels) from within /etc/default/eels, when you call this command from the command line you can specify more in the way of parameters. The most significant difference is that you do not have to purge records from the EELS database source when you archive them to another file. This means that as well as creating normal archives, you can also create subsets of the EELS database for distribution to others without disrupting the contents of the main EELS database.

For example, you may want to create a database of just the syslog events from an EELS database so that the system administrator can generate specific reports. Take the following steps to create the new subset database.

1. Log in as root.

2. Use eels_log_archive to create a flat file of the database records you want in your new subset database, for example:
   
   eels_log_archive -a /tmp/eels_flat_file \
   -q "select from events where LogSystemsSource = ´syslog´"

   An archive file called eels_flat_file.Z is created in /tmp.

3. If the destination database does not already exist, create it using eels_db_admin(1Meels). For example, to create an EELS database called eels_subset, use the following command:
   
   eels_db_admin -c eels_subset events \
   "Subset database - syslog" MySelf

4. Assign the correct user privileges so the administrator can read the new database. For example, if the administrator's user name is johnh, enter the following command:
   
   eels_db_admin -x perm add db johnh eels_subset S

5. Use eels_log_restore(1Meels) to ``restore'' the archive to the new subset database, for example:
   
   eels_log_restore -a /tmp/eels_flat_file \
   -d eels_subset -t events

   The contents of the archive are copied into the new database eels_subset.