Annotation of embedaddon/sudo/doc/sudoreplay.man.in, revision 1.1.1.3
1.1.1.3 ! misho 1: .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
! 2: .\" IT IS GENERATED AUTOMATICALLY FROM sudoreplay.mdoc.in
! 3: .\"
! 4: .\" Copyright (c) 2009-2012 Todd C. Miller <Todd.Miller@courtesan.com>
! 5: .\"
1.1 misho 6: .\" Permission to use, copy, modify, and distribute this software for any
7: .\" purpose with or without fee is hereby granted, provided that the above
8: .\" copyright notice and this permission notice appear in all copies.
1.1.1.3 ! misho 9: .\"
1.1 misho 10: .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11: .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12: .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13: .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14: .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15: .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16: .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17: .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
18: .\"
1.1.1.3 ! misho 19: .TH "SUDOREPLAY" "@mansectsu@" "July 12, 2012" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
1.1 misho 20: .nh
1.1.1.3 ! misho 21: .if n .ad l
1.1 misho 22: .SH "NAME"
1.1.1.3 ! misho 23: \fBsudoreplay\fR
! 24: \- replay sudo session logs
1.1 misho 25: .SH "SYNOPSIS"
1.1.1.3 ! misho 26: .HP 11n
! 27: \fBsudoreplay\fR
! 28: [\fB\-h\fR]
! 29: [\fB\-d\fR\ \fIdirectory\fR]
! 30: [\fB\-f\fR\ \fIfilter\fR]
! 31: [\fB\-m\fR\ \fImax_wait\fR]
! 32: [\fB\-s\fR\ \fIspeed_factor\fR]
! 33: ID
! 34: .HP 11n
! 35: \fBsudoreplay\fR
! 36: [\fB\-h\fR]
! 37: [\fB\-d\fR\ \fIdirectory\fR]
! 38: \fB\-l\fR
! 39: [search expression]
1.1 misho 40: .SH "DESCRIPTION"
1.1.1.3 ! misho 41: \fBsudoreplay\fR
! 42: plays back or lists the output logs created by
! 43: \fBsudo\fR.
! 44: When replaying,
! 45: \fBsudoreplay\fR
! 46: can play the session back in real-time, or the playback speed may be
! 47: adjusted (faster or slower) based on the command line options.
! 48: .PP
! 49: The
! 50: \fIID\fR
! 51: should either be a six character sequence of digits and
! 52: upper case letters, e.g.\&
! 53: \fR0100A5\fR,
! 54: or a pattern matching the
! 55: \fIiolog_file\fR
! 56: option in the
! 57: \fIsudoers\fR
! 58: file.
! 59: When a command is run via
! 60: \fBsudo\fR
! 61: with
! 62: \fIlog_output\fR
! 63: enabled in the
! 64: \fIsudoers\fR
! 65: file, a
! 66: \fRTSID=ID\fR
! 67: string is logged via syslog or to the
! 68: \fBsudo\fR
! 69: log file.
! 70: The
! 71: \fIID\fR
! 72: may also be determined using
! 73: \fBsudoreplay\fR's
! 74: list mode.
! 75: .PP
! 76: In list mode,
! 77: \fBsudoreplay\fR
! 78: can be used to find the ID of a session based on a number of criteria
! 79: such as the user, tty or command run.
1.1 misho 80: .PP
81: In replay mode, if the standard output has not been redirected,
1.1.1.3 ! misho 82: \fBsudoreplay\fR
! 83: will act on the following keys:
! 84: .TP 14n
! 85: `\fR\ \fR' (space)
1.1 misho 86: Pause output; press any key to resume.
1.1.1.3 ! misho 87: .TP 14n
! 88: `<'
1.1 misho 89: Reduce the playback speed by one half.
1.1.1.3 ! misho 90: .TP 14n
! 91: `>'
1.1 misho 92: Double the playback speed.
1.1.1.3 ! misho 93: .PP
! 94: The options are as follows:
! 95: .TP 14n
! 96: \fB\-d\fR \fIdirectory\fR
! 97: .br
! 98: Use
! 99: \fIdirectory\fR
! 100: to for the session logs instead of the default,
! 101: \fI@iolog_dir@\fR.
! 102: .TP 14n
! 103: \fB\-f\fR \fIfilter\fR
! 104: By default,
! 105: \fBsudoreplay\fR
! 106: will play back the command's standard output, standard error and tty output.
! 107: The
! 108: \fB\-f\fR
! 109: option can be used to select which of these to output.
! 110: The
! 111: \fIfilter\fR
! 112: argument is a comma-separated list, consisting of one or more of following:
! 113: \fIstdout\fR,
! 114: \fIstderr\fR,
! 115: and
! 116: \fIttyout\fR.
! 117: .TP 14n
! 118: \fB\-h\fR
! 119: The
! 120: \fB\-h\fR (\fIhelp\fR)
! 121: option causes
! 122: \fBsudoreplay\fR
! 123: to print a short help message to the standard output and exit.
! 124: .TP 14n
! 125: \fB\-l\fR [\fIsearch expression\fR]
! 126: Enable
! 127: ``list mode''.
! 128: In this mode,
! 129: \fBsudoreplay\fR
! 130: will list available sessions in a format similar to the
! 131: \fBsudo\fR
! 132: log file format, sorted by file name (or sequence number).
! 133: If a
! 134: \fIsearch expression\fR
! 135: is specified, it will be used to restrict the IDs that are displayed.
1.1.1.2 misho 136: An expression is composed of the following predicates:
1.1.1.3 ! misho 137: .RS
! 138: .TP 8n
! 139: command \fIpattern\fR
! 140: Evaluates to true if the command run matches
! 141: \fIpattern\fR.
! 142: On systems with POSIX regular expression support, the pattern may
! 143: be an extended regular expression.
! 144: On systems without POSIX regular expression support, a simple substring
! 145: match is performed instead.
! 146: .TP 8n
! 147: cwd \fIdirectory\fR
1.1 misho 148: Evaluates to true if the command was run with the specified current
149: working directory.
1.1.1.3 ! misho 150: .TP 8n
! 151: fromdate \fIdate\fR
! 152: Evaluates to true if the command was run on or after
! 153: \fIdate\fR.
! 154: See
! 155: \fIDate and time format\fR
! 156: for a description of supported date and time formats.
! 157: .TP 8n
! 158: group \fIrunas_group\fR
1.1 misho 159: Evaluates to true if the command was run with the specified
1.1.1.3 ! misho 160: \fIrunas_group\fR.
! 161: Note that unless a
! 162: \fIrunas_group\fR
! 163: was explicitly specified when
! 164: \fBsudo\fR
! 165: was run this field will be empty in the log.
! 166: .TP 8n
! 167: runas \fIrunas_user\fR
! 168: Evaluates to true if the command was run as the specified
! 169: \fIrunas_user\fR.
! 170: Note that
! 171: \fBsudo\fR
! 172: runs commands as user
! 173: \fIroot\fR
! 174: by default.
! 175: .TP 8n
! 176: todate \fIdate\fR
! 177: Evaluates to true if the command was run on or prior to
! 178: \fIdate\fR.
! 179: See
! 180: \fIDate and time format\fR
! 181: for a description of supported date and time formats.
! 182: .TP 8n
! 183: tty \fItty name\fR
! 184: Evaluates to true if the command was run on the specified terminal device.
! 185: The
! 186: \fItty name\fR
! 187: should be specified without the
! 188: \fI/dev/\fR
! 189: prefix, e.g.\&
! 190: \fItty01\fR
! 191: instead of
! 192: \fI/dev/tty01\fR.
! 193: .TP 8n
! 194: user \fIuser name\fR
! 195: Evaluates to true if the ID matches a command run by
! 196: \fIuser name\fR.
! 197: .PP
1.1 misho 198: Predicates may be abbreviated to the shortest unique string (currently
199: all predicates may be shortened to a single character).
1.1.1.3 ! misho 200: .sp
! 201: Predicates may be combined using
! 202: \fIand\fR,
! 203: \fIor\fR
! 204: and
! 205: \fI\&!\fR
! 206: operators as well as
! 207: `\&('
! 208: and
! 209: `\&)'
! 210: grouping (note that parentheses must generally be escaped from the shell).
! 211: The
! 212: \fIand\fR
! 213: operator is optional, adjacent predicates have an implied
! 214: \fIand\fR
! 215: unless separated by an
! 216: \fIor\fR.
! 217: .PP
1.1 misho 218: .RE
1.1.1.3 ! misho 219: .PD 0
! 220: .TP 14n
! 221: \fB\-m\fR \fImax_wait\fR
! 222: Specify an upper bound on how long to wait between key presses or output data.
! 223: By default,
! 224: \fBsudoreplay\fR
! 225: will accurately reproduce the delays between key presses or program output.
! 226: However, this can be tedious when the session includes long pauses.
! 227: When the
! 228: \fB\-m\fR
! 229: option is specified,
! 230: \fBsudoreplay\fR
! 231: will limit these pauses to at most
! 232: \fImax_wait\fR
! 233: seconds.
! 234: The value may be specified as a floating point number, e.g.\&
! 235: \fI2.5\fR.
! 236: .PD
! 237: .TP 14n
! 238: \fB\-s\fR \fIspeed_factor\fR
! 239: This option causes
! 240: \fBsudoreplay\fR
! 241: to adjust the number of seconds it will wait between key presses or
! 242: program output.
! 243: This can be used to slow down or speed up the display.
! 244: For example, a
! 245: \fIspeed_factor\fR
! 246: of
! 247: \fI2\fR
! 248: would make the output twice as fast whereas a
! 249: \fIspeed_factor\fR
! 250: of
! 251: \fI.5\fR
! 252: would make the output twice as slow.
! 253: .TP 14n
! 254: \fB\-V\fR
! 255: The
! 256: \fB\-V\fR (\fIversion\fR)
! 257: option causes
! 258: \fBsudoreplay\fR
! 259: to print its version number
1.1 misho 260: and exit.
261: .SS "Date and time format"
262: The time and date may be specified multiple ways, common formats include:
1.1.1.3 ! misho 263: .TP 8n
! 264: HH:MM:SS am MM/DD/CCYY timezone
1.1 misho 265: 24 hour time may be used in place of am/pm.
1.1.1.3 ! misho 266: .TP 8n
! 267: HH:MM:SS am Month, Day Year timezone
1.1 misho 268: 24 hour time may be used in place of am/pm, and month and day names
1.1.1.3 ! misho 269: may be abbreviated.
! 270: Note that month and day of the week names must be specified in English.
! 271: .TP 8n
! 272: CCYY-MM-DD HH:MM:SS
! 273: ISO time format
! 274: .TP 8n
! 275: DD Month CCYY HH:MM:SS
1.1 misho 276: The month name may be abbreviated.
277: .PP
1.1.1.3 ! misho 278: Either time or date may be omitted, the am/pm and timezone are optional.
! 279: If no date is specified, the current day is assumed; if no time is
! 280: specified, the first second of the specified date is used.
! 281: The less significant parts of both time and date may also be omitted,
! 282: in which case zero is assumed.
1.1 misho 283: .PP
284: The following are all valid time and date specifications:
1.1.1.3 ! misho 285: .TP 8n
! 286: now
1.1 misho 287: The current time and date.
1.1.1.3 ! misho 288: .TP 8n
! 289: tomorrow
1.1 misho 290: Exactly one day from now.
1.1.1.3 ! misho 291: .TP 8n
! 292: yesterday
1.1 misho 293: 24 hours ago.
1.1.1.3 ! misho 294: .TP 8n
! 295: 2 hours ago
1.1 misho 296: 2 hours ago.
1.1.1.3 ! misho 297: .TP 8n
! 298: next Friday
1.1 misho 299: The first second of the next Friday.
1.1.1.3 ! misho 300: .TP 8n
! 301: this week
1.1 misho 302: The current time but the first day of the coming week.
1.1.1.3 ! misho 303: .TP 8n
! 304: a fortnight ago
1.1 misho 305: The current time but 14 days ago.
1.1.1.3 ! misho 306: .TP 8n
! 307: 10:01 am 9/17/2009
1.1 misho 308: 10:01 am, September 17, 2009.
1.1.1.3 ! misho 309: .TP 8n
! 310: 10:01 am
1.1 misho 311: 10:01 am on the current day.
1.1.1.3 ! misho 312: .TP 8n
! 313: 10
1.1 misho 314: 10:00 am on the current day.
1.1.1.3 ! misho 315: .TP 8n
! 316: 9/17/2009
1.1 misho 317: 00:00 am, September 17, 2009.
1.1.1.3 ! misho 318: .TP 8n
! 319: 10:01 am Sep 17, 2009
1.1 misho 320: 10:01 am, September 17, 2009.
321: .SH "FILES"
1.1.1.3 ! misho 322: .TP 26n
! 323: \fI@iolog_dir@\fR
1.1 misho 324: The default I/O log directory.
1.1.1.3 ! misho 325: .TP 26n
! 326: \fI@iolog_dir@/00/00/01/log\fR
1.1 misho 327: Example session log info.
1.1.1.3 ! misho 328: .TP 26n
! 329: \fI@iolog_dir@/00/00/01/stdin\fR
1.1 misho 330: Example session standard input log.
1.1.1.3 ! misho 331: .TP 26n
! 332: \fI@iolog_dir@/00/00/01/stdout\fR
1.1 misho 333: Example session standard output log.
1.1.1.3 ! misho 334: .TP 26n
! 335: \fI@iolog_dir@/00/00/01/stderr\fR
1.1 misho 336: Example session standard error log.
1.1.1.3 ! misho 337: .TP 26n
! 338: \fI@iolog_dir@/00/00/01/ttyin\fR
1.1 misho 339: Example session tty input file.
1.1.1.3 ! misho 340: .TP 26n
! 341: \fI@iolog_dir@/00/00/01/ttyout\fR
1.1 misho 342: Example session tty output file.
1.1.1.3 ! misho 343: .TP 26n
! 344: \fI@iolog_dir@/00/00/01/timing\fR
1.1 misho 345: Example session timing file.
346: .PP
1.1.1.3 ! misho 347: Note that the
! 348: \fIstdin\fR,
! 349: \fIstdout\fR
! 350: and
! 351: \fIstderr\fR
! 352: files will be empty unless
! 353: \fBsudo\fR
! 354: was used as part of a pipeline for a particular command.
1.1 misho 355: .SH "EXAMPLES"
1.1.1.3 ! misho 356: List sessions run by user
! 357: \fImillert\fR:
! 358: .nf
! 359: .sp
! 360: .RS 6n
! 361: # sudoreplay -l user millert
! 362: .RE
! 363: .fi
1.1 misho 364: .PP
1.1.1.3 ! misho 365: List sessions run by user
! 366: \fIbob\fR
! 367: with a command containing the string vi:
! 368: .nf
! 369: .sp
! 370: .RS 6n
! 371: # sudoreplay -l user bob command vi
! 372: .RE
! 373: .fi
1.1 misho 374: .PP
1.1.1.3 ! misho 375: List sessions run by user
! 376: \fIjeff\fR
! 377: that match a regular expression:
! 378: .nf
! 379: .sp
! 380: .RS 6n
! 381: # sudoreplay -l user jeff command '/bin/[a-z]*sh'
! 382: .RE
! 383: .fi
1.1 misho 384: .PP
385: List sessions run by jeff or bob on the console:
1.1.1.3 ! misho 386: .nf
! 387: .sp
! 388: .RS 6n
! 389: # sudoreplay -l ( user jeff or user bob ) tty console
! 390: .RE
! 391: .fi
1.1 misho 392: .SH "SEE ALSO"
1.1.1.3 ! misho 393: sudo(@mansectsu@),
! 394: script(1)
! 395: .SH "AUTHORS"
1.1 misho 396: Todd C. Miller
397: .SH "BUGS"
1.1.1.3 ! misho 398: If you feel you have found a bug in
! 399: \fBsudoreplay\fR,
! 400: please submit a bug report at http://www.sudo.ws/sudo/bugs/
1.1 misho 401: .SH "SUPPORT"
402: Limited free support is available via the sudo-users mailing list,
1.1.1.3 ! misho 403: see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
1.1 misho 404: search the archives.
405: .SH "DISCLAIMER"
1.1.1.3 ! misho 406: \fBsudoreplay\fR
! 407: is provided
! 408: ``AS IS''
! 409: and any express or implied warranties, including, but not limited
! 410: to, the implied warranties of merchantability and fitness for a
! 411: particular purpose are disclaimed.
! 412: See the LICENSE file distributed with
! 413: \fBsudo\fR
! 414: or http://www.sudo.ws/sudo/license.html for complete details.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudoreplay.man.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc