Annotation of embedaddon/sudo/doc/sudoreplay.cat, revision 1.1
1.1 ! misho 1: SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
! 2:
! 3:
! 4:
! 5: N�NA�AM�ME�E
! 6: sudoreplay - replay sudo session logs
! 7:
! 8: S�SY�YN�NO�OP�PS�SI�IS�S
! 9: s�su�ud�do�or�re�ep�pl�la�ay�y [-�-h�h] [-�-d�d _�d_�i_�r_�e_�c_�t_�o_�r_�y] [-�-f�f _�f_�i_�l_�t_�e_�r] [-�-m�m _�m_�a_�x_�__�w_�a_�i_�t] [-�-s�s
! 10: _�s_�p_�e_�e_�d_�__�f_�a_�c_�t_�o_�r] ID
! 11:
! 12: s�su�ud�do�or�re�ep�pl�la�ay�y [-�-h�h] [-�-d�d _�d_�i_�r_�e_�c_�t_�o_�r_�y] -l [search expression]
! 13:
! 14: D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
! 15: s�su�ud�do�or�re�ep�pl�la�ay�y plays back or lists the output logs created by s�su�ud�do�o. When
! 16: replaying, s�su�ud�do�or�re�ep�pl�la�ay�y can play the session back in real-time, or the
! 17: playback speed may be adjusted (faster or slower) based on the command
! 18: line options.
! 19:
! 20: The _�I_�D should either be a six character sequence of digits and upper
! 21: case letters, e.g. 0100A5, or a pattern matching the _�i_�o_�l_�o_�g_�__�f_�i_�l_�e option
! 22: in the _�s_�u_�d_�o_�e_�r_�s file. When a command is run via s�su�ud�do�o with _�l_�o_�g_�__�o_�u_�t_�p_�u_�t
! 23: enabled in the _�s_�u_�d_�o_�e_�r_�s file, a TSID=ID string is logged via syslog or
! 24: to the s�su�ud�do�o log file. The _�I_�D may also be determined using s�su�ud�do�or�re�ep�pl�la�ay�y's
! 25: list mode.
! 26:
! 27: In list mode, s�su�ud�do�or�re�ep�pl�la�ay�y can be used to find the ID of a session based
! 28: on a number of criteria such as the user, tty or command run.
! 29:
! 30: In replay mode, if the standard output has not been redirected,
! 31: s�su�ud�do�or�re�ep�pl�la�ay�y will act on the following keys:
! 32:
! 33: ' ' (space)
! 34: Pause output; press any key to resume.
! 35:
! 36: '<' Reduce the playback speed by one half.
! 37:
! 38: '>' Double the playback speed.
! 39:
! 40: O�OP�PT�TI�IO�ON�NS�S
! 41: s�su�ud�do�or�re�ep�pl�la�ay�y accepts the following command line options:
! 42:
! 43: -d _�d_�i_�r_�e_�c_�t_�o_�r_�y
! 44: Use _�d_�i_�r_�e_�c_�t_�o_�r_�y to for the session logs instead of the
! 45: default, _�/_�v_�a_�r_�/_�l_�o_�g_�/_�s_�u_�d_�o_�-_�i_�o.
! 46:
! 47: -f _�f_�i_�l_�t_�e_�r By default, s�su�ud�do�or�re�ep�pl�la�ay�y will play back the command's
! 48: standard output, standard error and tty output. The _�-_�f
! 49: option can be used to select which of these to output. The
! 50: _�f_�i_�l_�t_�e_�r argument is a comma-separated list, consisting of
! 51: one or more of following: _�s_�t_�d_�o_�u_�t, _�s_�t_�d_�e_�r_�r, and _�t_�t_�y_�o_�u_�t.
! 52:
! 53: -h The -�-h�h (_�h_�e_�l_�p) option causes s�su�ud�do�or�re�ep�pl�la�ay�y to print a short
! 54: help message to the standard output and exit.
! 55:
! 56: -l [_�s_�e_�a_�r_�c_�h _�e_�x_�p_�r_�e_�s_�s_�i_�o_�n]
! 57: Enable "list mode". In this mode, s�su�ud�do�or�re�ep�pl�la�ay�y will list
! 58: available session IDs. If a _�s_�e_�a_�r_�c_�h _�e_�x_�p_�r_�e_�s_�s_�i_�o_�n is
! 59: specified, it will be used to restrict the IDs that are
! 60: displayed. An expression is composed of the following
! 61: predicates:
! 62:
! 63: command _�c_�o_�m_�m_�a_�n_�d _�p_�a_�t_�t_�e_�r_�n
! 64: Evaluates to true if the command run matches
! 65: _�c_�o_�m_�m_�a_�n_�d _�p_�a_�t_�t_�e_�r_�n. On systems with POSIX regular
! 66: expression support, the pattern may be an extended
! 67: regular expression. On systems without POSIX
! 68: regular expression support, a simple substring
! 69: match is performed instead.
! 70:
! 71: cwd _�d_�i_�r_�e_�c_�t_�o_�r_�y
! 72: Evaluates to true if the command was run with the
! 73: specified current working directory.
! 74:
! 75: fromdate _�d_�a_�t_�e
! 76: Evaluates to true if the command was run on or
! 77: after _�d_�a_�t_�e. See "Date and time format" for a
! 78: description of supported date and time formats.
! 79:
! 80: group _�r_�u_�n_�a_�s_�__�g_�r_�o_�u_�p
! 81: Evaluates to true if the command was run with the
! 82: specified _�r_�u_�n_�a_�s_�__�g_�r_�o_�u_�p. Note that unless a
! 83: _�r_�u_�n_�a_�s_�__�g_�r_�o_�u_�p was explicitly specified when s�su�ud�do�o was
! 84: run this field will be empty in the log.
! 85:
! 86: runas _�r_�u_�n_�a_�s_�__�u_�s_�e_�r
! 87: Evaluates to true if the command was run as the
! 88: specified _�r_�u_�n_�a_�s_�__�u_�s_�e_�r. Note that s�su�ud�do�o runs commands
! 89: as user _�r_�o_�o_�t by default.
! 90:
! 91: todate _�d_�a_�t_�e
! 92: Evaluates to true if the command was run on or
! 93: prior to _�d_�a_�t_�e. See "Date and time format" for a
! 94: description of supported date and time formats.
! 95:
! 96: tty _�t_�t_�y Evaluates to true if the command was run on the
! 97: specified terminal device. The _�t_�t_�y should be
! 98: specified without the _�/_�d_�e_�v_�/ prefix, e.g. _�t_�t_�y_�0_�1
! 99: instead of _�/_�d_�e_�v_�/_�t_�t_�y_�0_�1.
! 100:
! 101: user _�u_�s_�e_�r _�n_�a_�m_�e
! 102: Evaluates to true if the ID matches a command run
! 103: by _�u_�s_�e_�r _�n_�a_�m_�e.
! 104:
! 105: Predicates may be abbreviated to the shortest unique string
! 106: (currently all predicates may be shortened to a single
! 107: character).
! 108:
! 109: Predicates may be combined using _�a_�n_�d, _�o_�r and _�! operators as
! 110: well as '(' and ')' for grouping (note that parentheses
! 111: must generally be escaped from the shell). The _�a_�n_�d
! 112: operator is optional, adjacent predicates have an implied
! 113: _�a_�n_�d unless separated by an _�o_�r.
! 114:
! 115: -m _�m_�a_�x_�__�w_�a_�i_�t Specify an upper bound on how long to wait between key
! 116: presses or output data. By default, s�su�ud�do�o_�_r�re�ep�pl�la�ay�y will
! 117: accurately reproduce the delays between key presses or
! 118: program output. However, this can be tedious when the
! 119: session includes long pauses. When the _�-_�m option is
! 120: specified, s�su�ud�do�or�re�ep�pl�la�ay�y will limit these pauses to at most
! 121: _�m_�a_�x_�__�w_�a_�i_�t seconds. The value may be specified as a floating
! 122: point number, .e.g. _�2_�._�5.
! 123:
! 124: -s _�s_�p_�e_�e_�d_�__�f_�a_�c_�t_�o_�r
! 125: This option causes s�su�ud�do�or�re�ep�pl�la�ay�y to adjust the number of
! 126: seconds it will wait between key presses or program output.
! 127: This can be used to slow down or speed up the display. For
! 128: example, a _�s_�p_�e_�e_�d_�__�f_�a_�c_�t_�o_�r of _�2 would make the output twice as
! 129: fast whereas a _�s_�p_�e_�e_�d_�__�f_�a_�c_�t_�o_�r of <.5> would make the output
! 130: twice as slow.
! 131:
! 132: -V The -�-V�V (version) option causes s�su�ud�do�or�re�ep�pl�la�ay�y to print its
! 133: version number and exit.
! 134:
! 135: D�Da�at�te�e a�an�nd�d t�ti�im�me�e f�fo�or�rm�ma�at�t
! 136: The time and date may be specified multiple ways, common formats
! 137: include:
! 138:
! 139: HH:MM:SS am MM/DD/CCYY timezone
! 140: 24 hour time may be used in place of am/pm.
! 141:
! 142: HH:MM:SS am Month, Day Year timezone
! 143: 24 hour time may be used in place of am/pm, and month and day
! 144: names may be abbreviated. Note that month and day of the week
! 145: names must be specified in English.
! 146:
! 147: CCYY-MM-DD HH:MM:SS
! 148: ISO time format
! 149:
! 150: DD Month CCYY HH:MM:SS
! 151: The month name may be abbreviated.
! 152:
! 153: Either time or date may be omitted, the am/pm and timezone are
! 154: optional. If no date is specified, the current day is assumed; if no
! 155: time is specified, the first second of the specified date is used. The
! 156: less significant parts of both time and date may also be omitted, in
! 157: which case zero is assumed. For example, the following are all valid:
! 158:
! 159: The following are all valid time and date specifications:
! 160:
! 161: now The current time and date.
! 162:
! 163: tomorrow
! 164: Exactly one day from now.
! 165:
! 166: yesterday
! 167: 24 hours ago.
! 168:
! 169: 2 hours ago
! 170: 2 hours ago.
! 171:
! 172: next Friday
! 173: The first second of the next Friday.
! 174:
! 175: this week
! 176: The current time but the first day of the coming week.
! 177:
! 178: a fortnight ago
! 179: The current time but 14 days ago.
! 180:
! 181: 10:01 am 9/17/2009
! 182: 10:01 am, September 17, 2009.
! 183:
! 184: 10:01 am
! 185: 10:01 am on the current day.
! 186:
! 187: 10 10:00 am on the current day.
! 188:
! 189: 9/17/2009
! 190: 00:00 am, September 17, 2009.
! 191:
! 192: 10:01 am Sep 17, 2009
! 193: 10:01 am, September 17, 2009.
! 194:
! 195: F�FI�IL�LE�ES�S
! 196: _�/_�v_�a_�r_�/_�l_�o_�g_�/_�s_�u_�d_�o_�-_�i_�o The default I/O log directory.
! 197:
! 198: _�/_�v_�a_�r_�/_�l_�o_�g_�/_�s_�u_�d_�o_�-_�i_�o_�/_�0_�0_�/_�0_�0_�/_�0_�1_�/_�l_�o_�g
! 199: Example session log info.
! 200:
! 201: _�/_�v_�a_�r_�/_�l_�o_�g_�/_�s_�u_�d_�o_�-_�i_�o_�/_�0_�0_�/_�0_�0_�/_�0_�1_�/_�s_�t_�d_�i_�n
! 202: Example session standard input log.
! 203:
! 204: _�/_�v_�a_�r_�/_�l_�o_�g_�/_�s_�u_�d_�o_�-_�i_�o_�/_�0_�0_�/_�0_�0_�/_�0_�1_�/_�s_�t_�d_�o_�u_�t
! 205: Example session standard output log.
! 206:
! 207: _�/_�v_�a_�r_�/_�l_�o_�g_�/_�s_�u_�d_�o_�-_�i_�o_�/_�0_�0_�/_�0_�0_�/_�0_�1_�/_�s_�t_�d_�e_�r_�r
! 208: Example session standard error log.
! 209:
! 210: _�/_�v_�a_�r_�/_�l_�o_�g_�/_�s_�u_�d_�o_�-_�i_�o_�/_�0_�0_�/_�0_�0_�/_�0_�1_�/_�t_�t_�y_�i_�n
! 211: Example session tty input file.
! 212:
! 213: _�/_�v_�a_�r_�/_�l_�o_�g_�/_�s_�u_�d_�o_�-_�i_�o_�/_�0_�0_�/_�0_�0_�/_�0_�1_�/_�t_�t_�y_�o_�u_�t
! 214: Example session tty output file.
! 215:
! 216: _�/_�v_�a_�r_�/_�l_�o_�g_�/_�s_�u_�d_�o_�-_�i_�o_�/_�0_�0_�/_�0_�0_�/_�0_�1_�/_�t_�i_�m_�i_�n_�g
! 217: Example session timing file.
! 218:
! 219: Note that the _�s_�t_�d_�i_�n, _�s_�t_�d_�o_�u_�t and _�s_�t_�d_�e_�r_�r files will be empty unless s�su�ud�do�o
! 220: was used as part of a pipeline for a particular command.
! 221:
! 222: E�EX�XA�AM�MP�PL�LE�ES�S
! 223: List sessions run by user _�m_�i_�l_�l_�e_�r_�t:
! 224:
! 225: sudoreplay -l user millert
! 226:
! 227: List sessions run by user _�b_�o_�b with a command containing the string vi:
! 228:
! 229: sudoreplay -l user bob command vi
! 230:
! 231: List sessions run by user _�j_�e_�f_�f that match a regular expression:
! 232:
! 233: sudoreplay -l user jeff command '/bin/[a-z]*sh'
! 234:
! 235: List sessions run by jeff or bob on the console:
! 236:
! 237: sudoreplay -l ( user jeff or user bob ) tty console
! 238:
! 239: S�SE�EE�E A�AL�LS�SO�O
! 240: _�s_�u_�d_�o(1m), _�s_�c_�r_�i_�p_�t(1)
! 241:
! 242: A�AU�UT�TH�HO�OR�R
! 243: Todd C. Miller
! 244:
! 245: B�BU�UG�GS�S
! 246: If you feel you have found a bug in s�su�ud�do�or�re�ep�pl�la�ay�y, please submit a bug
! 247: report at http://www.sudo.ws/sudo/bugs/
! 248:
! 249: S�SU�UP�PP�PO�OR�RT�T
! 250: Limited free support is available via the sudo-users mailing list, see
! 251: http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
! 252: the archives.
! 253:
! 254: D�DI�IS�SC�CL�LA�AI�IM�ME�ER�R
! 255: s�su�ud�do�or�re�ep�pl�la�ay�y is provided ``AS IS'' and any express or implied warranties,
! 256: including, but not limited to, the implied warranties of
! 257: merchantability and fitness for a particular purpose are disclaimed.
! 258: See the LICENSE file distributed with s�su�ud�do�o or
! 259: http://www.sudo.ws/sudo/license.html for complete details.
! 260:
! 261:
! 262:
! 263: 1.8.3 September 16, 2011 SUDOREPLAY(1m)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudoreplay.cat CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc