Annotation of embedaddon/sudo/doc/sudoreplay.cat, revision 1.1.1.6
1.1.1.3 misho 1: SUDOREPLAY(1m) System Manager's Manual SUDOREPLAY(1m)
1.1 misho 2:
3: NNAAMMEE
1.1.1.3 misho 4: ssuuddoorreeppllaayy - replay sudo session logs
1.1 misho 5:
6: SSYYNNOOPPSSIISS
1.1.1.5 misho 7: ssuuddoorreeppllaayy [--hh] [--dd _d_i_r] [--ff _f_i_l_t_e_r] [--mm _n_u_m] [--ss _n_u_m] ID
1.1 misho 8:
1.1.1.5 misho 9: ssuuddoorreeppllaayy [--hh] [--dd _d_i_r] --ll [search expression]
1.1 misho 10:
11: DDEESSCCRRIIPPTTIIOONN
1.1.1.3 misho 12: ssuuddoorreeppllaayy plays back or lists the output logs created by ssuuddoo. When
13: replaying, ssuuddoorreeppllaayy can play the session back in real-time, or the
14: playback speed may be adjusted (faster or slower) based on the command
15: line options.
1.1 misho 16:
1.1.1.3 misho 17: The _I_D should either be a six character sequence of digits and upper case
18: letters, e.g. 0100A5, or a pattern matching the _i_o_l_o_g___f_i_l_e option in the
19: _s_u_d_o_e_r_s file. When a command is run via ssuuddoo with _l_o_g___o_u_t_p_u_t enabled in
20: the _s_u_d_o_e_r_s file, a TSID=ID string is logged via syslog or to the ssuuddoo
21: log file. The _I_D may also be determined using ssuuddoorreeppllaayy's list mode.
1.1 misho 22:
1.1.1.3 misho 23: In list mode, ssuuddoorreeppllaayy can be used to find the ID of a session based on
24: a number of criteria such as the user, tty or command run.
1.1 misho 25:
1.1.1.3 misho 26: In replay mode, if the standard output has not been redirected,
27: ssuuddoorreeppllaayy will act on the following keys:
1.1 misho 28:
1.1.1.6 ! misho 29: `\n' or `\r' Skip to the next replay event; useful for long pauses.
! 30:
1.1.1.3 misho 31: ` ' (space) Pause output; press any key to resume.
1.1 misho 32:
1.1.1.3 misho 33: `<' Reduce the playback speed by one half.
1.1 misho 34:
1.1.1.3 misho 35: `>' Double the playback speed.
1.1 misho 36:
1.1.1.3 misho 37: The options are as follows:
1.1 misho 38:
1.1.1.5 misho 39: --dd _d_i_r, ----ddiirreeccttoorryy=_d_i_r
40: Store session logs in _d_i_r instead of the default,
41: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o.
42:
43: --ff _f_i_l_t_e_r, ----ffiilltteerr=_f_i_l_t_e_r
44: Select which I/O type(s) to display. By default, ssuuddoorreeppllaayy
45: will display the command's standard output, standard error
46: and tty output. The _f_i_l_t_e_r argument is a comma-separated
47: list, consisting of one or more of following: _s_t_d_o_u_t, _s_t_d_e_r_r,
48: and _t_t_y_o_u_t.
49:
50: --hh, ----hheellpp Display a short help message to the standard output and exit.
51:
52: --ll, ----lliisstt [_s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n]
53: Enable ``list mode''. In this mode, ssuuddoorreeppllaayy will list
54: available sessions in a format similar to the ssuuddoo log file
55: format, sorted by file name (or sequence number). If a
56: _s_e_a_r_c_h _e_x_p_r_e_s_s_i_o_n is specified, it will be used to restrict
57: the IDs that are displayed. An expression is composed of the
58: following predicates:
59:
60: command _p_a_t_t_e_r_n
61: Evaluates to true if the command run matches _p_a_t_t_e_r_n.
62: On systems with POSIX regular expression support, the
63: pattern may be an extended regular expression. On
64: systems without POSIX regular expression support, a
65: simple sub-string match is performed instead.
66:
67: cwd _d_i_r_e_c_t_o_r_y
68: Evaluates to true if the command was run with the
69: specified current working directory.
70:
71: fromdate _d_a_t_e
72: Evaluates to true if the command was run on or after
73: _d_a_t_e. See _D_a_t_e _a_n_d _t_i_m_e _f_o_r_m_a_t for a description of
74: supported date and time formats.
75:
76: group _r_u_n_a_s___g_r_o_u_p
77: Evaluates to true if the command was run with the
78: specified _r_u_n_a_s___g_r_o_u_p. Note that unless a
79: _r_u_n_a_s___g_r_o_u_p was explicitly specified when ssuuddoo was
80: run this field will be empty in the log.
81:
82: runas _r_u_n_a_s___u_s_e_r
83: Evaluates to true if the command was run as the
84: specified _r_u_n_a_s___u_s_e_r. Note that ssuuddoo runs commands
85: as user _r_o_o_t by default.
86:
87: todate _d_a_t_e
88: Evaluates to true if the command was run on or prior
89: to _d_a_t_e. See _D_a_t_e _a_n_d _t_i_m_e _f_o_r_m_a_t for a description
90: of supported date and time formats.
91:
92: tty _t_t_y _n_a_m_e
93: Evaluates to true if the command was run on the
94: specified terminal device. The _t_t_y _n_a_m_e should be
95: specified without the _/_d_e_v_/ prefix, e.g. _t_t_y_0_1
96: instead of _/_d_e_v_/_t_t_y_0_1.
97:
98: user _u_s_e_r _n_a_m_e
99: Evaluates to true if the ID matches a command run by
100: _u_s_e_r _n_a_m_e.
101:
102: Predicates may be abbreviated to the shortest unique string
103: (currently all predicates may be shortened to a single
104: character).
105:
106: Predicates may be combined using _a_n_d, _o_r and _! operators as
107: well as `(' and `)' grouping (note that parentheses must
108: generally be escaped from the shell). The _a_n_d operator is
109: optional, adjacent predicates have an implied _a_n_d unless
110: separated by an _o_r.
111:
112: --mm, ----mmaaxx--wwaaiitt _m_a_x___w_a_i_t
113: Specify an upper bound on how long to wait between key
114: presses or output data. By default, ssuuddoorreeppllaayy will
115: accurately reproduce the delays between key presses or
116: program output. However, this can be tedious when the
117: session includes long pauses. When the --mm option is
118: specified, ssuuddoorreeppllaayy will limit these pauses to at most
119: _m_a_x___w_a_i_t seconds. The value may be specified as a floating
120: point number, e.g. _2_._5.
121:
122: --ss, ----ssppeeeedd _s_p_e_e_d___f_a_c_t_o_r
123: This option causes ssuuddoorreeppllaayy to adjust the number of seconds
124: it will wait between key presses or program output. This can
125: be used to slow down or speed up the display. For example, a
126: _s_p_e_e_d___f_a_c_t_o_r of _2 would make the output twice as fast whereas
127: a _s_p_e_e_d___f_a_c_t_o_r of _._5 would make the output twice as slow.
1.1 misho 128:
1.1.1.5 misho 129: --VV, ----vveerrssiioonn
130: Print the ssuuddoorreeppllaayy versions version number and exit.
1.1 misho 131:
132: DDaattee aanndd ttiimmee ffoorrmmaatt
1.1.1.3 misho 133: The time and date may be specified multiple ways, common formats include:
1.1 misho 134:
1.1.1.3 misho 135: HH:MM:SS am MM/DD/CCYY timezone
136: 24 hour time may be used in place of am/pm.
1.1 misho 137:
1.1.1.3 misho 138: HH:MM:SS am Month, Day Year timezone
139: 24 hour time may be used in place of am/pm, and month and day
140: names may be abbreviated. Note that month and day of the week
141: names must be specified in English.
1.1 misho 142:
1.1.1.3 misho 143: CCYY-MM-DD HH:MM:SS
144: ISO time format
1.1 misho 145:
1.1.1.3 misho 146: DD Month CCYY HH:MM:SS
147: The month name may be abbreviated.
1.1 misho 148:
1.1.1.3 misho 149: Either time or date may be omitted, the am/pm and timezone are optional.
150: If no date is specified, the current day is assumed; if no time is
151: specified, the first second of the specified date is used. The less
152: significant parts of both time and date may also be omitted, in which
153: case zero is assumed.
1.1 misho 154:
1.1.1.3 misho 155: The following are all valid time and date specifications:
1.1 misho 156:
1.1.1.3 misho 157: now The current time and date.
1.1 misho 158:
1.1.1.3 misho 159: tomorrow
160: Exactly one day from now.
1.1 misho 161:
1.1.1.3 misho 162: yesterday
163: 24 hours ago.
1.1 misho 164:
1.1.1.3 misho 165: 2 hours ago
166: 2 hours ago.
1.1 misho 167:
1.1.1.3 misho 168: next Friday
1.1.1.5 misho 169: The first second of the Friday in the next (upcoming) week. Not
170: to be confused with ``this friday'' which would match the friday
171: of the current week.
172:
173: last week
174: The current time but 7 days ago. This is equivalent to ``a week
175: ago''.
1.1 misho 176:
1.1.1.3 misho 177: a fortnight ago
178: The current time but 14 days ago.
1.1 misho 179:
1.1.1.3 misho 180: 10:01 am 9/17/2009
181: 10:01 am, September 17, 2009.
1.1 misho 182:
1.1.1.3 misho 183: 10:01 am
184: 10:01 am on the current day.
1.1 misho 185:
1.1.1.3 misho 186: 10 10:00 am on the current day.
1.1 misho 187:
1.1.1.3 misho 188: 9/17/2009
189: 00:00 am, September 17, 2009.
1.1 misho 190:
1.1.1.3 misho 191: 10:01 am Sep 17, 2009
192: 10:01 am, September 17, 2009.
1.1 misho 193:
1.1.1.5 misho 194: Note that relative time specifications do not always work as expected.
195: For example, the ``next'' qualifier is intended to be used in conjunction
196: with a day such as ``next Monday''. When used with units of weeks,
197: months, years, etc the result will be one more than expected. For
198: example, ``next week'' will result in a time exactly two weeks from now,
199: which is probably not what was intended. This will be addressed in a
200: future version of ssuuddoorreeppllaayy.
201:
1.1 misho 202: FFIILLEESS
1.1.1.3 misho 203: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o The default I/O log directory.
1.1 misho 204:
1.1.1.3 misho 205: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_l_o_g
1.1 misho 206: Example session log info.
207:
1.1.1.3 misho 208: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_i_n
1.1 misho 209: Example session standard input log.
210:
1.1.1.3 misho 211: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_o_u_t
1.1 misho 212: Example session standard output log.
213:
1.1.1.3 misho 214: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_s_t_d_e_r_r
1.1 misho 215: Example session standard error log.
216:
1.1.1.3 misho 217: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_t_y_i_n
1.1 misho 218: Example session tty input file.
219:
1.1.1.3 misho 220: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_t_y_o_u_t
1.1 misho 221: Example session tty output file.
222:
1.1.1.3 misho 223: _/_v_a_r_/_l_o_g_/_s_u_d_o_-_i_o_/_0_0_/_0_0_/_0_1_/_t_i_m_i_n_g
1.1 misho 224: Example session timing file.
225:
1.1.1.3 misho 226: Note that the _s_t_d_i_n, _s_t_d_o_u_t and _s_t_d_e_r_r files will be empty unless ssuuddoo
227: was used as part of a pipeline for a particular command.
1.1 misho 228:
229: EEXXAAMMPPLLEESS
1.1.1.3 misho 230: List sessions run by user _m_i_l_l_e_r_t:
1.1 misho 231:
1.1.1.3 misho 232: # sudoreplay -l user millert
1.1 misho 233:
1.1.1.3 misho 234: List sessions run by user _b_o_b with a command containing the string vi:
1.1 misho 235:
1.1.1.3 misho 236: # sudoreplay -l user bob command vi
1.1 misho 237:
1.1.1.3 misho 238: List sessions run by user _j_e_f_f that match a regular expression:
1.1 misho 239:
1.1.1.3 misho 240: # sudoreplay -l user jeff command '/bin/[a-z]*sh'
1.1 misho 241:
1.1.1.3 misho 242: List sessions run by jeff or bob on the console:
1.1 misho 243:
1.1.1.3 misho 244: # sudoreplay -l ( user jeff or user bob ) tty console
1.1 misho 245:
246: SSEEEE AALLSSOO
1.1.1.3 misho 247: sudo(1m), script(1)
1.1 misho 248:
1.1.1.3 misho 249: AAUUTTHHOORRSS
250: Todd C. Miller
1.1 misho 251:
252: BBUUGGSS
1.1.1.3 misho 253: If you feel you have found a bug in ssuuddoorreeppllaayy, please submit a bug
254: report at http://www.sudo.ws/sudo/bugs/
1.1 misho 255:
256: SSUUPPPPOORRTT
1.1.1.3 misho 257: Limited free support is available via the sudo-users mailing list, see
258: http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the
259: archives.
1.1 misho 260:
261: DDIISSCCLLAAIIMMEERR
1.1.1.3 misho 262: ssuuddoorreeppllaayy is provided ``AS IS'' and any express or implied warranties,
263: including, but not limited to, the implied warranties of merchantability
264: and fitness for a particular purpose are disclaimed. See the LICENSE
265: file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
266: complete details.
1.1 misho 267:
1.1.1.6 ! misho 268: Sudo 1.8.10 February 15, 2014 Sudo 1.8.10
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>