Annotation of embedaddon/sudo/doc/sudoreplay.man.in, revision 1.1.1.6
1.1.1.3 misho 1: .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
2: .\" IT IS GENERATED AUTOMATICALLY FROM sudoreplay.mdoc.in
3: .\"
1.1.1.6 ! misho 4: .\" Copyright (c) 2009-2014 Todd C. Miller <Todd.Miller@courtesan.com>
1.1.1.3 misho 5: .\"
1.1 misho 6: .\" Permission to use, copy, modify, and distribute this software for any
7: .\" purpose with or without fee is hereby granted, provided that the above
8: .\" copyright notice and this permission notice appear in all copies.
1.1.1.3 misho 9: .\"
1.1 misho 10: .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11: .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12: .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13: .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14: .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15: .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16: .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17: .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
18: .\"
1.1.1.6 ! misho 19: .TH "SUDOREPLAY" "@mansectsu@" "February 15, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
1.1 misho 20: .nh
1.1.1.3 misho 21: .if n .ad l
1.1 misho 22: .SH "NAME"
1.1.1.3 misho 23: \fBsudoreplay\fR
24: \- replay sudo session logs
1.1 misho 25: .SH "SYNOPSIS"
1.1.1.3 misho 26: .HP 11n
27: \fBsudoreplay\fR
28: [\fB\-h\fR]
1.1.1.5 misho 29: [\fB\-d\fR\ \fIdir\fR]
1.1.1.3 misho 30: [\fB\-f\fR\ \fIfilter\fR]
1.1.1.5 misho 31: [\fB\-m\fR\ \fInum\fR]
32: [\fB\-s\fR\ \fInum\fR]
1.1.1.3 misho 33: ID
34: .HP 11n
35: \fBsudoreplay\fR
36: [\fB\-h\fR]
1.1.1.5 misho 37: [\fB\-d\fR\ \fIdir\fR]
1.1.1.3 misho 38: \fB\-l\fR
1.1.1.6 ! misho 39: [search\ expression]
1.1 misho 40: .SH "DESCRIPTION"
1.1.1.3 misho 41: \fBsudoreplay\fR
42: plays back or lists the output logs created by
43: \fBsudo\fR.
44: When replaying,
45: \fBsudoreplay\fR
46: can play the session back in real-time, or the playback speed may be
47: adjusted (faster or slower) based on the command line options.
48: .PP
49: The
50: \fIID\fR
51: should either be a six character sequence of digits and
52: upper case letters, e.g.\&
53: \fR0100A5\fR,
54: or a pattern matching the
55: \fIiolog_file\fR
56: option in the
57: \fIsudoers\fR
58: file.
59: When a command is run via
60: \fBsudo\fR
61: with
62: \fIlog_output\fR
63: enabled in the
64: \fIsudoers\fR
65: file, a
66: \fRTSID=ID\fR
67: string is logged via syslog or to the
68: \fBsudo\fR
69: log file.
70: The
71: \fIID\fR
72: may also be determined using
73: \fBsudoreplay\fR's
74: list mode.
75: .PP
76: In list mode,
77: \fBsudoreplay\fR
78: can be used to find the ID of a session based on a number of criteria
79: such as the user, tty or command run.
1.1 misho 80: .PP
81: In replay mode, if the standard output has not been redirected,
1.1.1.3 misho 82: \fBsudoreplay\fR
83: will act on the following keys:
84: .TP 14n
1.1.1.6 ! misho 85: \(oq\fR\en\fR\(cq or \(oq\fR\er\fR\(cq
! 86: Skip to the next replay event; useful for long pauses.
! 87: .TP 14n
! 88: \(oq\fR\ \fR\(cq (space)
1.1 misho 89: Pause output; press any key to resume.
1.1.1.3 misho 90: .TP 14n
1.1.1.6 ! misho 91: \(oq<\(cq
1.1 misho 92: Reduce the playback speed by one half.
1.1.1.3 misho 93: .TP 14n
1.1.1.6 ! misho 94: \(oq>\(cq
1.1 misho 95: Double the playback speed.
1.1.1.3 misho 96: .PP
97: The options are as follows:
1.1.1.5 misho 98: .TP 12n
99: \fB\-d\fR \fIdir\fR, \fB\--directory\fR=\fIdir\fR
100: Store session logs in
101: \fIdir\fR
102: instead of the default,
1.1.1.3 misho 103: \fI@iolog_dir@\fR.
1.1.1.5 misho 104: .TP 12n
105: \fB\-f\fR \fIfilter\fR, \fB\--filter\fR=\fIfilter\fR
106: Select which I/O type(s) to display.
1.1.1.3 misho 107: By default,
108: \fBsudoreplay\fR
1.1.1.5 misho 109: will display the command's standard output, standard error and tty output.
1.1.1.3 misho 110: The
111: \fIfilter\fR
112: argument is a comma-separated list, consisting of one or more of following:
113: \fIstdout\fR,
114: \fIstderr\fR,
115: and
116: \fIttyout\fR.
1.1.1.5 misho 117: .TP 12n
118: \fB\-h\fR, \fB\--help\fR
119: Display a short help message to the standard output and exit.
120: .TP 12n
121: \fB\-l\fR, \fB\--list\fR [\fIsearch expression\fR]
1.1.1.3 misho 122: Enable
1.1.1.6 ! misho 123: \(lqlist mode\(rq.
1.1.1.3 misho 124: In this mode,
125: \fBsudoreplay\fR
126: will list available sessions in a format similar to the
127: \fBsudo\fR
128: log file format, sorted by file name (or sequence number).
129: If a
130: \fIsearch expression\fR
131: is specified, it will be used to restrict the IDs that are displayed.
1.1.1.2 misho 132: An expression is composed of the following predicates:
1.1.1.6 ! misho 133: .PP
! 134: .RS 12n
! 135: .PD 0
1.1.1.3 misho 136: .TP 8n
137: command \fIpattern\fR
138: Evaluates to true if the command run matches
139: \fIpattern\fR.
140: On systems with POSIX regular expression support, the pattern may
141: be an extended regular expression.
1.1.1.4 misho 142: On systems without POSIX regular expression support, a simple sub-string
1.1.1.3 misho 143: match is performed instead.
1.1.1.6 ! misho 144: .PD
1.1.1.3 misho 145: .TP 8n
146: cwd \fIdirectory\fR
1.1 misho 147: Evaluates to true if the command was run with the specified current
148: working directory.
1.1.1.3 misho 149: .TP 8n
150: fromdate \fIdate\fR
151: Evaluates to true if the command was run on or after
152: \fIdate\fR.
153: See
154: \fIDate and time format\fR
155: for a description of supported date and time formats.
156: .TP 8n
157: group \fIrunas_group\fR
1.1 misho 158: Evaluates to true if the command was run with the specified
1.1.1.3 misho 159: \fIrunas_group\fR.
160: Note that unless a
161: \fIrunas_group\fR
162: was explicitly specified when
163: \fBsudo\fR
164: was run this field will be empty in the log.
165: .TP 8n
166: runas \fIrunas_user\fR
167: Evaluates to true if the command was run as the specified
168: \fIrunas_user\fR.
169: Note that
170: \fBsudo\fR
171: runs commands as user
172: \fIroot\fR
173: by default.
174: .TP 8n
175: todate \fIdate\fR
176: Evaluates to true if the command was run on or prior to
177: \fIdate\fR.
178: See
179: \fIDate and time format\fR
180: for a description of supported date and time formats.
181: .TP 8n
182: tty \fItty name\fR
183: Evaluates to true if the command was run on the specified terminal device.
184: The
185: \fItty name\fR
186: should be specified without the
187: \fI/dev/\fR
188: prefix, e.g.\&
189: \fItty01\fR
190: instead of
191: \fI/dev/tty01\fR.
192: .TP 8n
193: user \fIuser name\fR
194: Evaluates to true if the ID matches a command run by
195: \fIuser name\fR.
196: .PP
1.1 misho 197: Predicates may be abbreviated to the shortest unique string (currently
198: all predicates may be shortened to a single character).
1.1.1.3 misho 199: .sp
200: Predicates may be combined using
201: \fIand\fR,
202: \fIor\fR
203: and
204: \fI\&!\fR
205: operators as well as
1.1.1.6 ! misho 206: \(oq\&(\(cq
1.1.1.3 misho 207: and
1.1.1.6 ! misho 208: \(oq\&)\(cq
1.1.1.3 misho 209: grouping (note that parentheses must generally be escaped from the shell).
210: The
211: \fIand\fR
212: operator is optional, adjacent predicates have an implied
213: \fIand\fR
214: unless separated by an
215: \fIor\fR.
1.1 misho 216: .RE
1.1.1.5 misho 217: .TP 12n
218: \fB\-m\fR, \fB\--max-wait\fR \fImax_wait\fR
1.1.1.3 misho 219: Specify an upper bound on how long to wait between key presses or output data.
220: By default,
221: \fBsudoreplay\fR
222: will accurately reproduce the delays between key presses or program output.
223: However, this can be tedious when the session includes long pauses.
224: When the
225: \fB\-m\fR
226: option is specified,
227: \fBsudoreplay\fR
228: will limit these pauses to at most
229: \fImax_wait\fR
230: seconds.
231: The value may be specified as a floating point number, e.g.\&
232: \fI2.5\fR.
1.1.1.5 misho 233: .TP 12n
234: \fB\-s\fR, \fB\--speed\fR \fIspeed_factor\fR
1.1.1.3 misho 235: This option causes
236: \fBsudoreplay\fR
237: to adjust the number of seconds it will wait between key presses or
238: program output.
239: This can be used to slow down or speed up the display.
240: For example, a
241: \fIspeed_factor\fR
242: of
243: \fI2\fR
244: would make the output twice as fast whereas a
245: \fIspeed_factor\fR
246: of
247: \fI.5\fR
248: would make the output twice as slow.
1.1.1.5 misho 249: .TP 12n
250: \fB\-V\fR, \fB\--version\fR
251: Print the
1.1.1.3 misho 252: \fBsudoreplay\fR
1.1.1.5 misho 253: versions version number and exit.
1.1 misho 254: .SS "Date and time format"
255: The time and date may be specified multiple ways, common formats include:
1.1.1.3 misho 256: .TP 8n
257: HH:MM:SS am MM/DD/CCYY timezone
1.1 misho 258: 24 hour time may be used in place of am/pm.
1.1.1.3 misho 259: .TP 8n
260: HH:MM:SS am Month, Day Year timezone
1.1 misho 261: 24 hour time may be used in place of am/pm, and month and day names
1.1.1.3 misho 262: may be abbreviated.
263: Note that month and day of the week names must be specified in English.
264: .TP 8n
265: CCYY-MM-DD HH:MM:SS
266: ISO time format
267: .TP 8n
268: DD Month CCYY HH:MM:SS
1.1 misho 269: The month name may be abbreviated.
270: .PP
1.1.1.3 misho 271: Either time or date may be omitted, the am/pm and timezone are optional.
272: If no date is specified, the current day is assumed; if no time is
273: specified, the first second of the specified date is used.
274: The less significant parts of both time and date may also be omitted,
275: in which case zero is assumed.
1.1 misho 276: .PP
277: The following are all valid time and date specifications:
1.1.1.3 misho 278: .TP 8n
279: now
1.1 misho 280: The current time and date.
1.1.1.3 misho 281: .TP 8n
282: tomorrow
1.1 misho 283: Exactly one day from now.
1.1.1.3 misho 284: .TP 8n
285: yesterday
1.1 misho 286: 24 hours ago.
1.1.1.3 misho 287: .TP 8n
288: 2 hours ago
1.1 misho 289: 2 hours ago.
1.1.1.3 misho 290: .TP 8n
291: next Friday
1.1.1.5 misho 292: The first second of the Friday in the next (upcoming) week.
293: Not to be confused with
1.1.1.6 ! misho 294: \(lqthis friday\(rq
1.1.1.5 misho 295: which would match the friday of the current week.
296: .TP 8n
297: last week
298: The current time but 7 days ago.
299: This is equivalent to
1.1.1.6 ! misho 300: \(lqa week ago\(rq.
1.1.1.3 misho 301: .TP 8n
302: a fortnight ago
1.1 misho 303: The current time but 14 days ago.
1.1.1.3 misho 304: .TP 8n
305: 10:01 am 9/17/2009
1.1 misho 306: 10:01 am, September 17, 2009.
1.1.1.3 misho 307: .TP 8n
308: 10:01 am
1.1 misho 309: 10:01 am on the current day.
1.1.1.3 misho 310: .TP 8n
311: 10
1.1 misho 312: 10:00 am on the current day.
1.1.1.3 misho 313: .TP 8n
314: 9/17/2009
1.1 misho 315: 00:00 am, September 17, 2009.
1.1.1.3 misho 316: .TP 8n
317: 10:01 am Sep 17, 2009
1.1 misho 318: 10:01 am, September 17, 2009.
1.1.1.5 misho 319: .PP
320: Note that relative time specifications do not always work as expected.
321: For example, the
1.1.1.6 ! misho 322: \(lqnext\(rq
1.1.1.5 misho 323: qualifier is intended to be used in conjunction with a day such as
1.1.1.6 ! misho 324: \(lqnext Monday\(rq.
1.1.1.5 misho 325: When used with units of weeks, months, years, etc
326: the result will be one more than expected.
327: For example,
1.1.1.6 ! misho 328: \(lqnext week\(rq
1.1.1.5 misho 329: will result in a time exactly two weeks from now, which is probably
330: not what was intended.
331: This will be addressed in a future version of
332: \fBsudoreplay\fR.
1.1 misho 333: .SH "FILES"
1.1.1.3 misho 334: .TP 26n
335: \fI@iolog_dir@\fR
1.1 misho 336: The default I/O log directory.
1.1.1.3 misho 337: .TP 26n
338: \fI@iolog_dir@/00/00/01/log\fR
1.1 misho 339: Example session log info.
1.1.1.3 misho 340: .TP 26n
341: \fI@iolog_dir@/00/00/01/stdin\fR
1.1 misho 342: Example session standard input log.
1.1.1.3 misho 343: .TP 26n
344: \fI@iolog_dir@/00/00/01/stdout\fR
1.1 misho 345: Example session standard output log.
1.1.1.3 misho 346: .TP 26n
347: \fI@iolog_dir@/00/00/01/stderr\fR
1.1 misho 348: Example session standard error log.
1.1.1.3 misho 349: .TP 26n
350: \fI@iolog_dir@/00/00/01/ttyin\fR
1.1 misho 351: Example session tty input file.
1.1.1.3 misho 352: .TP 26n
353: \fI@iolog_dir@/00/00/01/ttyout\fR
1.1 misho 354: Example session tty output file.
1.1.1.3 misho 355: .TP 26n
356: \fI@iolog_dir@/00/00/01/timing\fR
1.1 misho 357: Example session timing file.
358: .PP
1.1.1.3 misho 359: Note that the
360: \fIstdin\fR,
361: \fIstdout\fR
362: and
363: \fIstderr\fR
364: files will be empty unless
365: \fBsudo\fR
366: was used as part of a pipeline for a particular command.
1.1 misho 367: .SH "EXAMPLES"
1.1.1.3 misho 368: List sessions run by user
369: \fImillert\fR:
370: .nf
371: .sp
372: .RS 6n
373: # sudoreplay -l user millert
374: .RE
375: .fi
1.1 misho 376: .PP
1.1.1.3 misho 377: List sessions run by user
378: \fIbob\fR
379: with a command containing the string vi:
380: .nf
381: .sp
382: .RS 6n
383: # sudoreplay -l user bob command vi
384: .RE
385: .fi
1.1 misho 386: .PP
1.1.1.3 misho 387: List sessions run by user
388: \fIjeff\fR
389: that match a regular expression:
390: .nf
391: .sp
392: .RS 6n
393: # sudoreplay -l user jeff command '/bin/[a-z]*sh'
394: .RE
395: .fi
1.1 misho 396: .PP
397: List sessions run by jeff or bob on the console:
1.1.1.3 misho 398: .nf
399: .sp
400: .RS 6n
401: # sudoreplay -l ( user jeff or user bob ) tty console
402: .RE
403: .fi
1.1 misho 404: .SH "SEE ALSO"
1.1.1.3 misho 405: sudo(@mansectsu@),
406: script(1)
407: .SH "AUTHORS"
1.1 misho 408: Todd C. Miller
409: .SH "BUGS"
1.1.1.3 misho 410: If you feel you have found a bug in
411: \fBsudoreplay\fR,
412: please submit a bug report at http://www.sudo.ws/sudo/bugs/
1.1 misho 413: .SH "SUPPORT"
414: Limited free support is available via the sudo-users mailing list,
1.1.1.3 misho 415: see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
1.1 misho 416: search the archives.
417: .SH "DISCLAIMER"
1.1.1.3 misho 418: \fBsudoreplay\fR
419: is provided
1.1.1.6 ! misho 420: \(lqAS IS\(rq
1.1.1.3 misho 421: and any express or implied warranties, including, but not limited
422: to, the implied warranties of merchantability and fitness for a
423: particular purpose are disclaimed.
424: See the LICENSE file distributed with
425: \fBsudo\fR
426: or http://www.sudo.ws/sudo/license.html for complete details.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudoreplay.man.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc