Annotation of embedaddon/sudo/doc/sudoreplay.cat, revision 1.1
1.1 ! misho 1: SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
! 2:
! 3:
! 4:
! 5: NNAAMMEE
! 6: sudoreplay - replay sudo session logs
! 7:
! 8: SSYYNNOOPPSSIISS
! 9: ssuuddoorreeppllaayy [--hh] [--dd _d_i_r_e_c_t_o_r_y] [--ff _f_i_l_t_e_r] [--mm _m_a_x___w_a_i_t] [--ss
! 10: _s_p_e_e_d___f_a_c_t_o_r] ID
! 11:
! 12: ssuuddoorreeppllaayy [--hh] [--dd _d_i_r_e_c_t_o_r_y] -l [search expression]
! 13:
! 14: DDEESSCCRRIIPPTTIIOONN
! 15: ssuuddoorreeppllaayy plays back or lists the output logs created by ssuuddoo. When
! 16: replaying, ssuuddoorreeppllaayy can play the session back in real-time, or the
! 17: playback speed may be adjusted (faster or slower) based on the command
! 18: line options.
! 19:
! 20: The _I_D should either be a six character sequence of digits and upper
! 21: case letters, e.g. 0100A5, or a pattern matching the _i_o_l_o_g___f_i_l_e option
! 22: in the _s_u_d_o_e_r_s file. When a command is run via ssuuddoo with _l_o_g___o_u_t_p_u_t
! 23: enabled in the _s_u_d_o_e_r_s file, a TSID=ID string is logged via syslog or
! 24: to the ssuuddoo log file. The _I_D may also be determined using ssuuddoorreeppllaayy's
! 25: list mode.
! 26:
! 27: In list mode, ssuuddoorreeppllaayy can be used to find the ID of a session based
! 28: on a number of criteria such as the user, tty or command run.
! 29:
! 30: In replay mode, if the standard output has not been redirected,
! 31: ssuuddoorreeppllaayy will act on the following keys:
! 32:
! 33: ' ' (space)
! 34: Pause output; press any key to resume.
! 35:
! 36: '<' Reduce the playback speed by one half.
! 37:
! 38: '>' Double the playback speed.
! 39:
! 40: OOPPTTIIOONNSS
! 41: ssuuddoorreeppllaayy accepts the following command line options:
! 42:
! 43: -d _d_i_r_e_c_t_o_r_y
! 44: Use _d_i_r_e_c_t_o_r_y to for the session logs instead of the
! 45: default, _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o.
! 46:
! 47: -f _f_i_l_t_e_r By default, ssuuddoorreeppllaayy will play back the command's
! 48: standard output, standard error and tty output. The _-_f
! 49: option can be used to select which of these to output. The
! 50: _f_i_l_t_e_r argument is a comma-separated list, consisting of
! 51: one or more of following: _s_t_d_o_u_t, _s_t_d_e_r_r, and _t_t_y_o_u_t.
! 52:
! 53: -h The --hh (_h_e_l_p) option causes ssuuddoorreeppllaayy to print a short
! 54: help message to the standard output and exit.
! 55:
! 56: -l [_s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n]
! 57: Enable "list mode". In this mode, ssuuddoorreeppllaayy will list
! 58: available session IDs. If a _s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n is
! 59: specified, it will be used to restrict the IDs that are
! 60: displayed. An expression is composed of the following
! 61: predicates:
! 62:
! 63: command _c_o_m_m_a_n_d _p_a_t_t_e_r_n
! 64: Evaluates to true if the command run matches
! 65: _c_o_m_m_a_n_d _p_a_t_t_e_r_n. On systems with POSIX regular
! 66: expression support, the pattern may be an extended
! 67: regular expression. On systems without POSIX
! 68: regular expression support, a simple substring
! 69: match is performed instead.
! 70:
! 71: cwd _d_i_r_e_c_t_o_r_y
! 72: Evaluates to true if the command was run with the
! 73: specified current working directory.
! 74:
! 75: fromdate _d_a_t_e
! 76: Evaluates to true if the command was run on or
! 77: after _d_a_t_e. See "Date and time format" for a
! 78: description of supported date and time formats.
! 79:
! 80: group _r_u_n_a_s___g_r_o_u_p
! 81: Evaluates to true if the command was run with the
! 82: specified _r_u_n_a_s___g_r_o_u_p. Note that unless a
! 83: _r_u_n_a_s___g_r_o_u_p was explicitly specified when ssuuddoo was
! 84: run this field will be empty in the log.
! 85:
! 86: runas _r_u_n_a_s___u_s_e_r
! 87: Evaluates to true if the command was run as the
! 88: specified _r_u_n_a_s___u_s_e_r. Note that ssuuddoo runs commands
! 89: as user _r_o_o_t by default.
! 90:
! 91: todate _d_a_t_e
! 92: Evaluates to true if the command was run on or
! 93: prior to _d_a_t_e. See "Date and time format" for a
! 94: description of supported date and time formats.
! 95:
! 96: tty _t_t_y Evaluates to true if the command was run on the
! 97: specified terminal device. The _t_t_y should be
! 98: specified without the _/_d_e_v_/ prefix, e.g. _t_t_y_0_1
! 99: instead of _/_d_e_v_/_t_t_y_0_1.
! 100:
! 101: user _u_s_e_r _n_a_m_e
! 102: Evaluates to true if the ID matches a command run
! 103: by _u_s_e_r _n_a_m_e.
! 104:
! 105: Predicates may be abbreviated to the shortest unique string
! 106: (currently all predicates may be shortened to a single
! 107: character).
! 108:
! 109: Predicates may be combined using _a_n_d, _o_r and _! operators as
! 110: well as '(' and ')' for grouping (note that parentheses
! 111: must generally be escaped from the shell). The _a_n_d
! 112: operator is optional, adjacent predicates have an implied
! 113: _a_n_d unless separated by an _o_r.
! 114:
! 115: -m _m_a_x___w_a_i_t Specify an upper bound on how long to wait between key
! 116: presses or output data. By default, ssuuddoo__rreeppllaayy will
! 117: accurately reproduce the delays between key presses or
! 118: program output. However, this can be tedious when the
! 119: session includes long pauses. When the _-_m option is
! 120: specified, ssuuddoorreeppllaayy will limit these pauses to at most
! 121: _m_a_x___w_a_i_t seconds. The value may be specified as a floating
! 122: point number, .e.g. _2_._5.
! 123:
! 124: -s _s_p_e_e_d___f_a_c_t_o_r
! 125: This option causes ssuuddoorreeppllaayy to adjust the number of
! 126: seconds it will wait between key presses or program output.
! 127: This can be used to slow down or speed up the display. For
! 128: example, a _s_p_e_e_d___f_a_c_t_o_r of _2 would make the output twice as
! 129: fast whereas a _s_p_e_e_d___f_a_c_t_o_r of <.5> would make the output
! 130: twice as slow.
! 131:
! 132: -V The --VV (version) option causes ssuuddoorreeppllaayy to print its
! 133: version number and exit.
! 134:
! 135: DDaattee aanndd ttiimmee ffoorrmmaatt
! 136: The time and date may be specified multiple ways, common formats
! 137: include:
! 138:
! 139: HH:MM:SS am MM/DD/CCYY timezone
! 140: 24 hour time may be used in place of am/pm.
! 141:
! 142: HH:MM:SS am Month, Day Year timezone
! 143: 24 hour time may be used in place of am/pm, and month and day
! 144: names may be abbreviated. Note that month and day of the week
! 145: names must be specified in English.
! 146:
! 147: CCYY-MM-DD HH:MM:SS
! 148: ISO time format
! 149:
! 150: DD Month CCYY HH:MM:SS
! 151: The month name may be abbreviated.
! 152:
! 153: Either time or date may be omitted, the am/pm and timezone are
! 154: optional. If no date is specified, the current day is assumed; if no
! 155: time is specified, the first second of the specified date is used. The
! 156: less significant parts of both time and date may also be omitted, in
! 157: which case zero is assumed. For example, the following are all valid:
! 158:
! 159: The following are all valid time and date specifications:
! 160:
! 161: now The current time and date.
! 162:
! 163: tomorrow
! 164: Exactly one day from now.
! 165:
! 166: yesterday
! 167: 24 hours ago.
! 168:
! 169: 2 hours ago
! 170: 2 hours ago.
! 171:
! 172: next Friday
! 173: The first second of the next Friday.
! 174:
! 175: this week
! 176: The current time but the first day of the coming week.
! 177:
! 178: a fortnight ago
! 179: The current time but 14 days ago.
! 180:
! 181: 10:01 am 9/17/2009
! 182: 10:01 am, September 17, 2009.
! 183:
! 184: 10:01 am
! 185: 10:01 am on the current day.
! 186:
! 187: 10 10:00 am on the current day.
! 188:
! 189: 9/17/2009
! 190: 00:00 am, September 17, 2009.
! 191:
! 192: 10:01 am Sep 17, 2009
! 193: 10:01 am, September 17, 2009.
! 194:
! 195: FFIILLEESS
! 196: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o The default I/O log directory.
! 197:
! 198: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_l_o_g
! 199: Example session log info.
! 200:
! 201: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_i_n
! 202: Example session standard input log.
! 203:
! 204: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_o_u_t
! 205: Example session standard output log.
! 206:
! 207: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_e_r_r
! 208: Example session standard error log.
! 209:
! 210: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_t_y_i_n
! 211: Example session tty input file.
! 212:
! 213: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_t_y_o_u_t
! 214: Example session tty output file.
! 215:
! 216: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_i_m_i_n_g
! 217: Example session timing file.
! 218:
! 219: Note that the _s_t_d_i_n, _s_t_d_o_u_t and _s_t_d_e_r_r files will be empty unless ssuuddoo
! 220: was used as part of a pipeline for a particular command.
! 221:
! 222: EEXXAAMMPPLLEESS
! 223: List sessions run by user _m_i_l_l_e_r_t:
! 224:
! 225: sudoreplay -l user millert
! 226:
! 227: List sessions run by user _b_o_b with a command containing the string vi:
! 228:
! 229: sudoreplay -l user bob command vi
! 230:
! 231: List sessions run by user _j_e_f_f that match a regular expression:
! 232:
! 233: sudoreplay -l user jeff command '/bin/[a-z]*sh'
! 234:
! 235: List sessions run by jeff or bob on the console:
! 236:
! 237: sudoreplay -l ( user jeff or user bob ) tty console
! 238:
! 239: SSEEEE AALLSSOO
! 240: _s_u_d_o(1m), _s_c_r_i_p_t(1)
! 241:
! 242: AAUUTTHHOORR
! 243: Todd C. Miller
! 244:
! 245: BBUUGGSS
! 246: If you feel you have found a bug in ssuuddoorreeppllaayy, please submit a bug
! 247: report at http://www.sudo.ws/sudo/bugs/
! 248:
! 249: SSUUPPPPOORRTT
! 250: Limited free support is available via the sudo-users mailing list, see
! 251: http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
! 252: the archives.
! 253:
! 254: DDIISSCCLLAAIIMMEERR
! 255: ssuuddoorreeppllaayy is provided ``AS IS'' and any express or implied warranties,
! 256: including, but not limited to, the implied warranties of
! 257: merchantability and fitness for a particular purpose are disclaimed.
! 258: See the LICENSE file distributed with ssuuddoo or
! 259: http://www.sudo.ws/sudo/license.html for complete details.
! 260:
! 261:
! 262:
! 263: 1.8.3 September 16, 2011 SUDOREPLAY(1m)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>