version 1.1.1.2, 2012/05/29 12:26:49
|
version 1.1.1.3, 2012/10/09 09:29:52
|
Line 1
|
Line 1
|
.\" Copyright (c) 2009-2011 Todd C. Miller <Todd.Miller@courtesan.com> | .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER! |
.\" | .\" IT IS GENERATED AUTOMATICALLY FROM sudoreplay.mdoc.in |
| .\" |
| .\" Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com> |
| .\" |
.\" Permission to use, copy, modify, and distribute this software for any |
.\" Permission to use, copy, modify, and distribute this software for any |
.\" purpose with or without fee is hereby granted, provided that the above |
.\" purpose with or without fee is hereby granted, provided that the above |
.\" copyright notice and this permission notice appear in all copies. |
.\" copyright notice and this permission notice appear in all copies. |
.\" | .\" |
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
Line 12
|
Line 15
|
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
.\" |
|
.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) |
|
.\" |
.\" |
.\" Standard preamble: | .TH "SUDOREPLAY" "@mansectsu@" "July 12, 2012" "Sudo @PACKAGE_VERSION@" "System Manager's Manual" |
.\" ======================================================================== | |
.de Sp \" Vertical space (when we can't use .PP) | |
.if t .sp .5v | |
.if n .sp | |
.. | |
.de Vb \" Begin verbatim text | |
.ft CW | |
.nf | |
.ne \\$1 | |
.. | |
.de Ve \" End verbatim text | |
.ft R | |
.fi | |
.. | |
.\" Set up some character translations and predefined strings. \*(-- will | |
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | |
.\" double quote, and \*(R" will give a right double quote. \*(C+ will | |
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and | |
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, | |
.\" nothing in troff, for use with C<>. | |
.tr \(*W- | |
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' | |
.ie n \{\ | |
. ds -- \(*W- | |
. ds PI pi | |
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch | |
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch | |
. ds L" "" | |
. ds R" "" | |
. ds C` | |
. ds C' | |
'br\} | |
.el\{\ | |
. ds -- \|\(em\| | |
. ds PI \(*p | |
. ds L" `` | |
. ds R" '' | |
'br\} | |
.\" | |
.\" Escape single quotes in literal strings from groff's Unicode transform. | |
.ie \n(.g .ds Aq \(aq | |
.el .ds Aq ' | |
.\" | |
.\" If the F register is turned on, we'll generate index entries on stderr for | |
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index | |
.\" entries marked with X<> in POD. Of course, you'll have to process the | |
.\" output yourself in some meaningful fashion. | |
.ie \nF \{\ | |
. de IX | |
. tm Index:\\$1\t\\n%\t"\\$2" | |
.. | |
. nr % 0 | |
. rr F | |
.\} | |
.el \{\ | |
. de IX | |
.. | |
.\} | |
.\" | |
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). | |
.\" Fear. Run. Save yourself. No user-serviceable parts. | |
. \" fudge factors for nroff and troff | |
.if n \{\ | |
. ds #H 0 | |
. ds #V .8m | |
. ds #F .3m | |
. ds #[ \f1 | |
. ds #] \fP | |
.\} | |
.if t \{\ | |
. ds #H ((1u-(\\\\n(.fu%2u))*.13m) | |
. ds #V .6m | |
. ds #F 0 | |
. ds #[ \& | |
. ds #] \& | |
.\} | |
. \" simple accents for nroff and troff | |
.if n \{\ | |
. ds ' \& | |
. ds ` \& | |
. ds ^ \& | |
. ds , \& | |
. ds ~ ~ | |
. ds / | |
.\} | |
.if t \{\ | |
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" | |
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' | |
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' | |
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' | |
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' | |
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' | |
.\} | |
. \" troff and (daisy-wheel) nroff accents | |
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' | |
.ds 8 \h'\*(#H'\(*b\h'-\*(#H' | |
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] | |
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' | |
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' | |
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] | |
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] | |
.ds ae a\h'-(\w'a'u*4/10)'e | |
.ds Ae A\h'-(\w'A'u*4/10)'E | |
. \" corrections for vroff | |
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' | |
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' | |
. \" for low resolution devices (crt and lpr) | |
.if \n(.H>23 .if \n(.V>19 \ | |
\{\ | |
. ds : e | |
. ds 8 ss | |
. ds o a | |
. ds d- d\h'-1'\(ga | |
. ds D- D\h'-1'\(hy | |
. ds th \o'bp' | |
. ds Th \o'LP' | |
. ds ae ae | |
. ds Ae AE | |
.\} | |
.rm #[ #] #H #V #F C | |
.\" ======================================================================== | |
.\" | |
.IX Title "SUDOREPLAY @mansectsu@" | |
.TH SUDOREPLAY @mansectsu@ "April 16, 2012" "1.8.5" "MAINTENANCE COMMANDS" | |
.\" For nroff, turn off justification. Always turn off hyphenation; it makes | |
.\" way too many mistakes in technical documents. | |
.if n .ad l | |
.nh |
.nh |
|
.if n .ad l |
.SH "NAME" |
.SH "NAME" |
sudoreplay \- replay sudo session logs | \fBsudoreplay\fR |
| \- replay sudo session logs |
.SH "SYNOPSIS" |
.SH "SYNOPSIS" |
.IX Header "SYNOPSIS" | .HP 11n |
\&\fBsudoreplay\fR [\fB\-h\fR] [\fB\-d\fR \fIdirectory\fR] [\fB\-f\fR \fIfilter\fR] [\fB\-m\fR \fImax_wait\fR] [\fB\-s\fR \fIspeed_factor\fR] \s-1ID\s0 | \fBsudoreplay\fR |
.PP | [\fB\-h\fR] |
\&\fBsudoreplay\fR [\fB\-h\fR] [\fB\-d\fR \fIdirectory\fR] \-l [search expression] | [\fB\-d\fR\ \fIdirectory\fR] |
| [\fB\-f\fR\ \fIfilter\fR] |
| [\fB\-m\fR\ \fImax_wait\fR] |
| [\fB\-s\fR\ \fIspeed_factor\fR] |
| ID |
| .HP 11n |
| \fBsudoreplay\fR |
| [\fB\-h\fR] |
| [\fB\-d\fR\ \fIdirectory\fR] |
| \fB\-l\fR |
| [search expression] |
.SH "DESCRIPTION" |
.SH "DESCRIPTION" |
.IX Header "DESCRIPTION" | \fBsudoreplay\fR |
\&\fBsudoreplay\fR plays back or lists the output logs created by \fBsudo\fR. | plays back or lists the output logs created by |
When replaying, \fBsudoreplay\fR can play the session back in real-time, | \fBsudo\fR. |
or the playback speed may be adjusted (faster or slower) based on | When replaying, |
the command line options. | \fBsudoreplay\fR |
| can play the session back in real-time, or the playback speed may be |
| adjusted (faster or slower) based on the command line options. |
.PP |
.PP |
The \fI\s-1ID\s0\fR should either be a six character sequence of digits and | The |
upper case letters, e.g. \f(CW\*(C`0100A5\*(C'\fR, or a pattern matching the | \fIID\fR |
\&\fIiolog_file\fR option in the \fIsudoers\fR file. When a command is run | should either be a six character sequence of digits and |
via \fBsudo\fR with \fIlog_output\fR enabled in the \fIsudoers\fR file, a | upper case letters, e.g.\& |
\&\f(CW\*(C`TSID=ID\*(C'\fR string is logged via syslog or to the \fBsudo\fR log file. | \fR0100A5\fR, |
The \fI\s-1ID\s0\fR may also be determined using \fBsudoreplay\fR's list mode. | or a pattern matching the |
| \fIiolog_file\fR |
| option in the |
| \fIsudoers\fR |
| file. |
| When a command is run via |
| \fBsudo\fR |
| with |
| \fIlog_output\fR |
| enabled in the |
| \fIsudoers\fR |
| file, a |
| \fRTSID=ID\fR |
| string is logged via syslog or to the |
| \fBsudo\fR |
| log file. |
| The |
| \fIID\fR |
| may also be determined using |
| \fBsudoreplay\fR's |
| list mode. |
.PP |
.PP |
In list mode, \fBsudoreplay\fR can be used to find the \s-1ID\s0 of a session | In list mode, |
based on a number of criteria such as the user, tty or command run. | \fBsudoreplay\fR |
| can be used to find the ID of a session based on a number of criteria |
| such as the user, tty or command run. |
.PP |
.PP |
In replay mode, if the standard output has not been redirected, |
In replay mode, if the standard output has not been redirected, |
\&\fBsudoreplay\fR will act on the following keys: | \fBsudoreplay\fR |
.IP "' ' (space)" 8 | will act on the following keys: |
.IX Item "' ' (space)" | .TP 14n |
| `\fR\ \fR' (space) |
Pause output; press any key to resume. |
Pause output; press any key to resume. |
.IP "'<'" 8 | .TP 14n |
| `<' |
Reduce the playback speed by one half. |
Reduce the playback speed by one half. |
.IP "'>'" 8 | .TP 14n |
| `>' |
Double the playback speed. |
Double the playback speed. |
.SH "OPTIONS" | .PP |
.IX Header "OPTIONS" | The options are as follows: |
\&\fBsudoreplay\fR accepts the following command line options: | .TP 14n |
.IP "\-d \fIdirectory\fR" 12 | \fB\-d\fR \fIdirectory\fR |
.IX Item "-d directory" | .br |
Use \fIdirectory\fR to for the session logs instead of the default, | Use |
\&\fI/var/log/sudo\-io\fR. | \fIdirectory\fR |
.IP "\-f \fIfilter\fR" 12 | to for the session logs instead of the default, |
.IX Item "-f filter" | \fI@iolog_dir@\fR. |
By default, \fBsudoreplay\fR will play back the command's standard | .TP 14n |
output, standard error and tty output. The \fI\-f\fR option can be | \fB\-f\fR \fIfilter\fR |
used to select which of these to output. The \fIfilter\fR argument | By default, |
is a comma-separated list, consisting of one or more of following: | \fBsudoreplay\fR |
\&\fIstdout\fR, \fIstderr\fR, and \fIttyout\fR. | will play back the command's standard output, standard error and tty output. |
.IP "\-h" 12 | The |
.IX Item "-h" | \fB\-f\fR |
The \fB\-h\fR (\fIhelp\fR) option causes \fBsudoreplay\fR to print a short | option can be used to select which of these to output. |
help message to the standard output and exit. | The |
.IP "\-l [\fIsearch expression\fR]" 12 | \fIfilter\fR |
.IX Item "-l [search expression]" | argument is a comma-separated list, consisting of one or more of following: |
Enable \*(L"list mode\*(R". In this mode, \fBsudoreplay\fR will list available | \fIstdout\fR, |
sessions in a format similar to the \fBsudo\fR log file format, sorted | \fIstderr\fR, |
by file name (or sequence number). If a \fIsearch expression\fR is | and |
specified, it will be used to restrict the IDs that are displayed. | \fIttyout\fR. |
| .TP 14n |
| \fB\-h\fR |
| The |
| \fB\-h\fR (\fIhelp\fR) |
| option causes |
| \fBsudoreplay\fR |
| to print a short help message to the standard output and exit. |
| .TP 14n |
| \fB\-l\fR [\fIsearch expression\fR] |
| Enable |
| ``list mode''. |
| In this mode, |
| \fBsudoreplay\fR |
| will list available sessions in a format similar to the |
| \fBsudo\fR |
| log file format, sorted by file name (or sequence number). |
| If a |
| \fIsearch expression\fR |
| is specified, it will be used to restrict the IDs that are displayed. |
An expression is composed of the following predicates: |
An expression is composed of the following predicates: |
.RS 12 | .RS |
.IP "command \fIcommand pattern\fR" 8 | .TP 8n |
.IX Item "command command pattern" | command \fIpattern\fR |
Evaluates to true if the command run matches \fIcommand pattern\fR. | Evaluates to true if the command run matches |
On systems with \s-1POSIX\s0 regular expression support, the pattern may | \fIpattern\fR. |
be an extended regular expression. On systems without \s-1POSIX\s0 regular | On systems with POSIX regular expression support, the pattern may |
expression support, a simple substring match is performed instead. | be an extended regular expression. |
.IP "cwd \fIdirectory\fR" 8 | On systems without POSIX regular expression support, a simple substring |
.IX Item "cwd directory" | match is performed instead. |
| .TP 8n |
| cwd \fIdirectory\fR |
Evaluates to true if the command was run with the specified current |
Evaluates to true if the command was run with the specified current |
working directory. |
working directory. |
.IP "fromdate \fIdate\fR" 8 | .TP 8n |
.IX Item "fromdate date" | fromdate \fIdate\fR |
Evaluates to true if the command was run on or after \fIdate\fR. | Evaluates to true if the command was run on or after |
See \*(L"Date and time format\*(R" for a description of supported | \fIdate\fR. |
date and time formats. | See |
.IP "group \fIrunas_group\fR" 8 | \fIDate and time format\fR |
.IX Item "group runas_group" | for a description of supported date and time formats. |
| .TP 8n |
| group \fIrunas_group\fR |
Evaluates to true if the command was run with the specified |
Evaluates to true if the command was run with the specified |
\&\fIrunas_group\fR. Note that unless a \fIrunas_group\fR was explicitly | \fIrunas_group\fR. |
specified when \fBsudo\fR was run this field will be empty in the log. | Note that unless a |
.IP "runas \fIrunas_user\fR" 8 | \fIrunas_group\fR |
.IX Item "runas runas_user" | was explicitly specified when |
Evaluates to true if the command was run as the specified \fIrunas_user\fR. | \fBsudo\fR |
Note that \fBsudo\fR runs commands as user \fIroot\fR by default. | was run this field will be empty in the log. |
.IP "todate \fIdate\fR" 8 | .TP 8n |
.IX Item "todate date" | runas \fIrunas_user\fR |
Evaluates to true if the command was run on or prior to \fIdate\fR. | Evaluates to true if the command was run as the specified |
See \*(L"Date and time format\*(R" for a description of supported | \fIrunas_user\fR. |
date and time formats. | Note that |
.IP "tty \fItty\fR" 8 | \fBsudo\fR |
.IX Item "tty tty" | runs commands as user |
Evaluates to true if the command was run on the specified terminal | \fIroot\fR |
device. The \fItty\fR should be specified without the \fI/dev/\fR prefix, | by default. |
e.g. \fItty01\fR instead of \fI/dev/tty01\fR. | .TP 8n |
.IP "user \fIuser name\fR" 8 | todate \fIdate\fR |
.IX Item "user user name" | Evaluates to true if the command was run on or prior to |
Evaluates to true if the \s-1ID\s0 matches a command run by \fIuser name\fR. | \fIdate\fR. |
.RE | See |
.RS 12 | \fIDate and time format\fR |
.Sp | for a description of supported date and time formats. |
| .TP 8n |
| tty \fItty name\fR |
| Evaluates to true if the command was run on the specified terminal device. |
| The |
| \fItty name\fR |
| should be specified without the |
| \fI/dev/\fR |
| prefix, e.g.\& |
| \fItty01\fR |
| instead of |
| \fI/dev/tty01\fR. |
| .TP 8n |
| user \fIuser name\fR |
| Evaluates to true if the ID matches a command run by |
| \fIuser name\fR. |
| .PP |
Predicates may be abbreviated to the shortest unique string (currently |
Predicates may be abbreviated to the shortest unique string (currently |
all predicates may be shortened to a single character). |
all predicates may be shortened to a single character). |
.Sp | .sp |
Predicates may be combined using \fIand\fR, \fIor\fR and \fI!\fR operators | Predicates may be combined using |
as well as \f(CW\*(Aq(\*(Aq\fR and \f(CW\*(Aq)\*(Aq\fR for grouping (note that parentheses | \fIand\fR, |
must generally be escaped from the shell). The \fIand\fR operator is | \fIor\fR |
optional, adjacent predicates have an implied \fIand\fR unless separated | and |
by an \fIor\fR. | \fI\&!\fR |
| operators as well as |
| `\&(' |
| and |
| `\&)' |
| grouping (note that parentheses must generally be escaped from the shell). |
| The |
| \fIand\fR |
| operator is optional, adjacent predicates have an implied |
| \fIand\fR |
| unless separated by an |
| \fIor\fR. |
| .PP |
.RE |
.RE |
.IP "\-m \fImax_wait\fR" 12 | .PD 0 |
.IX Item "-m max_wait" | .TP 14n |
Specify an upper bound on how long to wait between key presses or | \fB\-m\fR \fImax_wait\fR |
output data. By default, \fBsudo_replay\fR will accurately reproduce | Specify an upper bound on how long to wait between key presses or output data. |
the delays between key presses or program output. However, this | By default, |
can be tedious when the session includes long pauses. When the | \fBsudoreplay\fR |
\&\fI\-m\fR option is specified, \fBsudoreplay\fR will limit these pauses | will accurately reproduce the delays between key presses or program output. |
to at most \fImax_wait\fR seconds. The value may be specified as a | However, this can be tedious when the session includes long pauses. |
floating point number, .e.g. \fI2.5\fR. | When the |
.IP "\-s \fIspeed_factor\fR" 12 | \fB\-m\fR |
.IX Item "-s speed_factor" | option is specified, |
This option causes \fBsudoreplay\fR to adjust the number of seconds | \fBsudoreplay\fR |
it will wait between key presses or program output. This can be | will limit these pauses to at most |
used to slow down or speed up the display. For example, a | \fImax_wait\fR |
\&\fIspeed_factor\fR of \fI2\fR would make the output twice as fast whereas | seconds. |
a \fIspeed_factor\fR of <.5> would make the output twice as slow. | The value may be specified as a floating point number, e.g.\& |
.IP "\-V" 12 | \fI2.5\fR. |
.IX Item "-V" | .PD |
The \fB\-V\fR (version) option causes \fBsudoreplay\fR to print its version number | .TP 14n |
| \fB\-s\fR \fIspeed_factor\fR |
| This option causes |
| \fBsudoreplay\fR |
| to adjust the number of seconds it will wait between key presses or |
| program output. |
| This can be used to slow down or speed up the display. |
| For example, a |
| \fIspeed_factor\fR |
| of |
| \fI2\fR |
| would make the output twice as fast whereas a |
| \fIspeed_factor\fR |
| of |
| \fI.5\fR |
| would make the output twice as slow. |
| .TP 14n |
| \fB\-V\fR |
| The |
| \fB\-V\fR (\fIversion\fR) |
| option causes |
| \fBsudoreplay\fR |
| to print its version number |
and exit. |
and exit. |
.SS "Date and time format" |
.SS "Date and time format" |
.IX Subsection "Date and time format" |
|
The time and date may be specified multiple ways, common formats include: |
The time and date may be specified multiple ways, common formats include: |
.IP "\s-1HH:MM:SS\s0 am \s-1MM/DD/CCYY\s0 timezone" 8 | .TP 8n |
.IX Item "HH:MM:SS am MM/DD/CCYY timezone" | HH:MM:SS am MM/DD/CCYY timezone |
24 hour time may be used in place of am/pm. |
24 hour time may be used in place of am/pm. |
.IP "\s-1HH:MM:SS\s0 am Month, Day Year timezone" 8 | .TP 8n |
.IX Item "HH:MM:SS am Month, Day Year timezone" | HH:MM:SS am Month, Day Year timezone |
24 hour time may be used in place of am/pm, and month and day names |
24 hour time may be used in place of am/pm, and month and day names |
may be abbreviated. Note that month and day of the week names must | may be abbreviated. |
be specified in English. | Note that month and day of the week names must be specified in English. |
.IP "CCYY-MM-DD \s-1HH:MM:SS\s0" 8 | .TP 8n |
.IX Item "CCYY-MM-DD HH:MM:SS" | CCYY-MM-DD HH:MM:SS |
\&\s-1ISO\s0 time format | ISO time format |
.IP "\s-1DD\s0 Month \s-1CCYY\s0 \s-1HH:MM:SS\s0" 8 | .TP 8n |
.IX Item "DD Month CCYY HH:MM:SS" | DD Month CCYY HH:MM:SS |
The month name may be abbreviated. |
The month name may be abbreviated. |
.PP |
.PP |
Either time or date may be omitted, the am/pm and timezone are | Either time or date may be omitted, the am/pm and timezone are optional. |
optional. If no date is specified, the current day is assumed; if | If no date is specified, the current day is assumed; if no time is |
no time is specified, the first second of the specified date is | specified, the first second of the specified date is used. |
used. The less significant parts of both time and date may also | The less significant parts of both time and date may also be omitted, |
be omitted, in which case zero is assumed. For example, the following | in which case zero is assumed. |
are all valid: | |
.PP |
.PP |
The following are all valid time and date specifications: |
The following are all valid time and date specifications: |
.IP "now" 8 | .TP 8n |
.IX Item "now" | now |
The current time and date. |
The current time and date. |
.IP "tomorrow" 8 | .TP 8n |
.IX Item "tomorrow" | tomorrow |
Exactly one day from now. |
Exactly one day from now. |
.IP "yesterday" 8 | .TP 8n |
.IX Item "yesterday" | yesterday |
24 hours ago. |
24 hours ago. |
.IP "2 hours ago" 8 | .TP 8n |
.IX Item "2 hours ago" | 2 hours ago |
2 hours ago. |
2 hours ago. |
.IP "next Friday" 8 | .TP 8n |
.IX Item "next Friday" | next Friday |
The first second of the next Friday. |
The first second of the next Friday. |
.IP "this week" 8 | .TP 8n |
.IX Item "this week" | this week |
The current time but the first day of the coming week. |
The current time but the first day of the coming week. |
.IP "a fortnight ago" 8 | .TP 8n |
.IX Item "a fortnight ago" | a fortnight ago |
The current time but 14 days ago. |
The current time but 14 days ago. |
.IP "10:01 am 9/17/2009" 8 | .TP 8n |
.IX Item "10:01 am 9/17/2009" | 10:01 am 9/17/2009 |
10:01 am, September 17, 2009. |
10:01 am, September 17, 2009. |
.IP "10:01 am" 8 | .TP 8n |
.IX Item "10:01 am" | 10:01 am |
10:01 am on the current day. |
10:01 am on the current day. |
.IP "10" 8 | .TP 8n |
.IX Item "10" | 10 |
10:00 am on the current day. |
10:00 am on the current day. |
.IP "9/17/2009" 8 | .TP 8n |
.IX Item "9/17/2009" | 9/17/2009 |
00:00 am, September 17, 2009. |
00:00 am, September 17, 2009. |
.IP "10:01 am Sep 17, 2009" 8 | .TP 8n |
.IX Item "10:01 am Sep 17, 2009" | 10:01 am Sep 17, 2009 |
10:01 am, September 17, 2009. |
10:01 am, September 17, 2009. |
.SH "FILES" |
.SH "FILES" |
.IX Header "FILES" | .TP 26n |
.IP "\fI/var/log/sudo\-io\fR" 24 | \fI@iolog_dir@\fR |
.IX Item "/var/log/sudo-io" | |
The default I/O log directory. |
The default I/O log directory. |
.IP "\fI/var/log/sudo\-io/00/00/01/log\fR" 24 | .TP 26n |
.IX Item "/var/log/sudo-io/00/00/01/log" | \fI@iolog_dir@/00/00/01/log\fR |
Example session log info. |
Example session log info. |
.IP "\fI/var/log/sudo\-io/00/00/01/stdin\fR" 24 | .TP 26n |
.IX Item "/var/log/sudo-io/00/00/01/stdin" | \fI@iolog_dir@/00/00/01/stdin\fR |
Example session standard input log. |
Example session standard input log. |
.IP "\fI/var/log/sudo\-io/00/00/01/stdout\fR" 24 | .TP 26n |
.IX Item "/var/log/sudo-io/00/00/01/stdout" | \fI@iolog_dir@/00/00/01/stdout\fR |
Example session standard output log. |
Example session standard output log. |
.IP "\fI/var/log/sudo\-io/00/00/01/stderr\fR" 24 | .TP 26n |
.IX Item "/var/log/sudo-io/00/00/01/stderr" | \fI@iolog_dir@/00/00/01/stderr\fR |
Example session standard error log. |
Example session standard error log. |
.IP "\fI/var/log/sudo\-io/00/00/01/ttyin\fR" 24 | .TP 26n |
.IX Item "/var/log/sudo-io/00/00/01/ttyin" | \fI@iolog_dir@/00/00/01/ttyin\fR |
Example session tty input file. |
Example session tty input file. |
.IP "\fI/var/log/sudo\-io/00/00/01/ttyout\fR" 24 | .TP 26n |
.IX Item "/var/log/sudo-io/00/00/01/ttyout" | \fI@iolog_dir@/00/00/01/ttyout\fR |
Example session tty output file. |
Example session tty output file. |
.IP "\fI/var/log/sudo\-io/00/00/01/timing\fR" 24 | .TP 26n |
.IX Item "/var/log/sudo-io/00/00/01/timing" | \fI@iolog_dir@/00/00/01/timing\fR |
Example session timing file. |
Example session timing file. |
.PP |
.PP |
Note that the \fIstdin\fR, \fIstdout\fR and \fIstderr\fR files will be empty | Note that the |
unless \fBsudo\fR was used as part of a pipeline for a particular | \fIstdin\fR, |
command. | \fIstdout\fR |
| and |
| \fIstderr\fR |
| files will be empty unless |
| \fBsudo\fR |
| was used as part of a pipeline for a particular command. |
.SH "EXAMPLES" |
.SH "EXAMPLES" |
.IX Header "EXAMPLES" | List sessions run by user |
List sessions run by user \fImillert\fR: | \fImillert\fR: |
| .nf |
| .sp |
| .RS 6n |
| # sudoreplay -l user millert |
| .RE |
| .fi |
.PP |
.PP |
.Vb 1 | List sessions run by user |
\& sudoreplay \-l user millert | \fIbob\fR |
.Ve | with a command containing the string vi: |
| .nf |
| .sp |
| .RS 6n |
| # sudoreplay -l user bob command vi |
| .RE |
| .fi |
.PP |
.PP |
List sessions run by user \fIbob\fR with a command containing the string vi: | List sessions run by user |
| \fIjeff\fR |
| that match a regular expression: |
| .nf |
| .sp |
| .RS 6n |
| # sudoreplay -l user jeff command '/bin/[a-z]*sh' |
| .RE |
| .fi |
.PP |
.PP |
.Vb 1 |
|
\& sudoreplay \-l user bob command vi |
|
.Ve |
|
.PP |
|
List sessions run by user \fIjeff\fR that match a regular expression: |
|
.PP |
|
.Vb 1 |
|
\& sudoreplay \-l user jeff command \*(Aq/bin/[a\-z]*sh\*(Aq |
|
.Ve |
|
.PP |
|
List sessions run by jeff or bob on the console: |
List sessions run by jeff or bob on the console: |
.PP | .nf |
.Vb 1 | .sp |
\& sudoreplay \-l ( user jeff or user bob ) tty console | .RS 6n |
.Ve | # sudoreplay -l ( user jeff or user bob ) tty console |
| .RE |
| .fi |
.SH "SEE ALSO" |
.SH "SEE ALSO" |
.IX Header "SEE ALSO" | sudo(@mansectsu@), |
\&\fIsudo\fR\|(@mansectsu@), \fIscript\fR\|(1) | script(1) |
.SH "AUTHOR" | .SH "AUTHORS" |
.IX Header "AUTHOR" | |
Todd C. Miller |
Todd C. Miller |
.SH "BUGS" |
.SH "BUGS" |
.IX Header "BUGS" | If you feel you have found a bug in |
If you feel you have found a bug in \fBsudoreplay\fR, please submit a bug report | \fBsudoreplay\fR, |
at http://www.sudo.ws/sudo/bugs/ | please submit a bug report at http://www.sudo.ws/sudo/bugs/ |
.SH "SUPPORT" |
.SH "SUPPORT" |
.IX Header "SUPPORT" |
|
Limited free support is available via the sudo-users mailing list, |
Limited free support is available via the sudo-users mailing list, |
see http://www.sudo.ws/mailman/listinfo/sudo\-users to subscribe or | see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or |
search the archives. |
search the archives. |
.SH "DISCLAIMER" |
.SH "DISCLAIMER" |
.IX Header "DISCLAIMER" | \fBsudoreplay\fR |
\&\fBsudoreplay\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties, | is provided |
including, but not limited to, the implied warranties of merchantability | ``AS IS'' |
and fitness for a particular purpose are disclaimed. See the \s-1LICENSE\s0 | and any express or implied warranties, including, but not limited |
file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html | to, the implied warranties of merchantability and fitness for a |
for complete details. | particular purpose are disclaimed. |
| See the LICENSE file distributed with |
| \fBsudo\fR |
| or http://www.sudo.ws/sudo/license.html for complete details. |