1: .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
2: .\" IT IS GENERATED AUTOMATICALLY FROM sudoreplay.mdoc.in
3: .\"
4: .\" Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
5: .\"
6: .\" Permission to use, copy, modify, and distribute this software for any
7: .\" purpose with or without fee is hereby granted, provided that the above
8: .\" copyright notice and this permission notice appear in all copies.
9: .\"
10: .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11: .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12: .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13: .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14: .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15: .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16: .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17: .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
18: .\"
19: .TH "SUDOREPLAY" "@mansectsu@" "September 11, 2013" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
20: .nh
21: .if n .ad l
22: .SH "NAME"
23: \fBsudoreplay\fR
24: \- replay sudo session logs
25: .SH "SYNOPSIS"
26: .HP 11n
27: \fBsudoreplay\fR
28: [\fB\-h\fR]
29: [\fB\-d\fR\ \fIdir\fR]
30: [\fB\-f\fR\ \fIfilter\fR]
31: [\fB\-m\fR\ \fInum\fR]
32: [\fB\-s\fR\ \fInum\fR]
33: ID
34: .HP 11n
35: \fBsudoreplay\fR
36: [\fB\-h\fR]
37: [\fB\-d\fR\ \fIdir\fR]
38: \fB\-l\fR
39: [search expression]
40: .SH "DESCRIPTION"
41: \fBsudoreplay\fR
42: plays back or lists the output logs created by
43: \fBsudo\fR.
44: When replaying,
45: \fBsudoreplay\fR
46: can play the session back in real-time, or the playback speed may be
47: adjusted (faster or slower) based on the command line options.
48: .PP
49: The
50: \fIID\fR
51: should either be a six character sequence of digits and
52: upper case letters, e.g.\&
53: \fR0100A5\fR,
54: or a pattern matching the
55: \fIiolog_file\fR
56: option in the
57: \fIsudoers\fR
58: file.
59: When a command is run via
60: \fBsudo\fR
61: with
62: \fIlog_output\fR
63: enabled in the
64: \fIsudoers\fR
65: file, a
66: \fRTSID=ID\fR
67: string is logged via syslog or to the
68: \fBsudo\fR
69: log file.
70: The
71: \fIID\fR
72: may also be determined using
73: \fBsudoreplay\fR's
74: list mode.
75: .PP
76: In list mode,
77: \fBsudoreplay\fR
78: can be used to find the ID of a session based on a number of criteria
79: such as the user, tty or command run.
80: .PP
81: In replay mode, if the standard output has not been redirected,
82: \fBsudoreplay\fR
83: will act on the following keys:
84: .TP 14n
85: `\fR\ \fR' (space)
86: Pause output; press any key to resume.
87: .TP 14n
88: `<'
89: Reduce the playback speed by one half.
90: .TP 14n
91: `>'
92: Double the playback speed.
93: .PP
94: The options are as follows:
95: .TP 12n
96: \fB\-d\fR \fIdir\fR, \fB\--directory\fR=\fIdir\fR
97: Store session logs in
98: \fIdir\fR
99: instead of the default,
100: \fI@iolog_dir@\fR.
101: .TP 12n
102: \fB\-f\fR \fIfilter\fR, \fB\--filter\fR=\fIfilter\fR
103: Select which I/O type(s) to display.
104: By default,
105: \fBsudoreplay\fR
106: will display the command's standard output, standard error and tty output.
107: The
108: \fIfilter\fR
109: argument is a comma-separated list, consisting of one or more of following:
110: \fIstdout\fR,
111: \fIstderr\fR,
112: and
113: \fIttyout\fR.
114: .TP 12n
115: \fB\-h\fR, \fB\--help\fR
116: Display a short help message to the standard output and exit.
117: .TP 12n
118: \fB\-l\fR, \fB\--list\fR [\fIsearch expression\fR]
119: Enable
120: ``list mode''.
121: In this mode,
122: \fBsudoreplay\fR
123: will list available sessions in a format similar to the
124: \fBsudo\fR
125: log file format, sorted by file name (or sequence number).
126: If a
127: \fIsearch expression\fR
128: is specified, it will be used to restrict the IDs that are displayed.
129: An expression is composed of the following predicates:
130: .RS
131: .TP 8n
132: command \fIpattern\fR
133: Evaluates to true if the command run matches
134: \fIpattern\fR.
135: On systems with POSIX regular expression support, the pattern may
136: be an extended regular expression.
137: On systems without POSIX regular expression support, a simple sub-string
138: match is performed instead.
139: .TP 8n
140: cwd \fIdirectory\fR
141: Evaluates to true if the command was run with the specified current
142: working directory.
143: .TP 8n
144: fromdate \fIdate\fR
145: Evaluates to true if the command was run on or after
146: \fIdate\fR.
147: See
148: \fIDate and time format\fR
149: for a description of supported date and time formats.
150: .TP 8n
151: group \fIrunas_group\fR
152: Evaluates to true if the command was run with the specified
153: \fIrunas_group\fR.
154: Note that unless a
155: \fIrunas_group\fR
156: was explicitly specified when
157: \fBsudo\fR
158: was run this field will be empty in the log.
159: .TP 8n
160: runas \fIrunas_user\fR
161: Evaluates to true if the command was run as the specified
162: \fIrunas_user\fR.
163: Note that
164: \fBsudo\fR
165: runs commands as user
166: \fIroot\fR
167: by default.
168: .TP 8n
169: todate \fIdate\fR
170: Evaluates to true if the command was run on or prior to
171: \fIdate\fR.
172: See
173: \fIDate and time format\fR
174: for a description of supported date and time formats.
175: .TP 8n
176: tty \fItty name\fR
177: Evaluates to true if the command was run on the specified terminal device.
178: The
179: \fItty name\fR
180: should be specified without the
181: \fI/dev/\fR
182: prefix, e.g.\&
183: \fItty01\fR
184: instead of
185: \fI/dev/tty01\fR.
186: .TP 8n
187: user \fIuser name\fR
188: Evaluates to true if the ID matches a command run by
189: \fIuser name\fR.
190: .PP
191: Predicates may be abbreviated to the shortest unique string (currently
192: all predicates may be shortened to a single character).
193: .sp
194: Predicates may be combined using
195: \fIand\fR,
196: \fIor\fR
197: and
198: \fI\&!\fR
199: operators as well as
200: `\&('
201: and
202: `\&)'
203: grouping (note that parentheses must generally be escaped from the shell).
204: The
205: \fIand\fR
206: operator is optional, adjacent predicates have an implied
207: \fIand\fR
208: unless separated by an
209: \fIor\fR.
210: .PP
211: .RE
212: .PD 0
213: .TP 12n
214: \fB\-m\fR, \fB\--max-wait\fR \fImax_wait\fR
215: Specify an upper bound on how long to wait between key presses or output data.
216: By default,
217: \fBsudoreplay\fR
218: will accurately reproduce the delays between key presses or program output.
219: However, this can be tedious when the session includes long pauses.
220: When the
221: \fB\-m\fR
222: option is specified,
223: \fBsudoreplay\fR
224: will limit these pauses to at most
225: \fImax_wait\fR
226: seconds.
227: The value may be specified as a floating point number, e.g.\&
228: \fI2.5\fR.
229: .PD
230: .TP 12n
231: \fB\-s\fR, \fB\--speed\fR \fIspeed_factor\fR
232: This option causes
233: \fBsudoreplay\fR
234: to adjust the number of seconds it will wait between key presses or
235: program output.
236: This can be used to slow down or speed up the display.
237: For example, a
238: \fIspeed_factor\fR
239: of
240: \fI2\fR
241: would make the output twice as fast whereas a
242: \fIspeed_factor\fR
243: of
244: \fI.5\fR
245: would make the output twice as slow.
246: .TP 12n
247: \fB\-V\fR, \fB\--version\fR
248: Print the
249: \fBsudoreplay\fR
250: versions version number and exit.
251: .SS "Date and time format"
252: The time and date may be specified multiple ways, common formats include:
253: .TP 8n
254: HH:MM:SS am MM/DD/CCYY timezone
255: 24 hour time may be used in place of am/pm.
256: .TP 8n
257: HH:MM:SS am Month, Day Year timezone
258: 24 hour time may be used in place of am/pm, and month and day names
259: may be abbreviated.
260: Note that month and day of the week names must be specified in English.
261: .TP 8n
262: CCYY-MM-DD HH:MM:SS
263: ISO time format
264: .TP 8n
265: DD Month CCYY HH:MM:SS
266: The month name may be abbreviated.
267: .PP
268: Either time or date may be omitted, the am/pm and timezone are optional.
269: If no date is specified, the current day is assumed; if no time is
270: specified, the first second of the specified date is used.
271: The less significant parts of both time and date may also be omitted,
272: in which case zero is assumed.
273: .PP
274: The following are all valid time and date specifications:
275: .TP 8n
276: now
277: The current time and date.
278: .TP 8n
279: tomorrow
280: Exactly one day from now.
281: .TP 8n
282: yesterday
283: 24 hours ago.
284: .TP 8n
285: 2 hours ago
286: 2 hours ago.
287: .TP 8n
288: next Friday
289: The first second of the Friday in the next (upcoming) week.
290: Not to be confused with
291: ``this friday''
292: which would match the friday of the current week.
293: .TP 8n
294: last week
295: The current time but 7 days ago.
296: This is equivalent to
297: ``a week ago''.
298: .TP 8n
299: a fortnight ago
300: The current time but 14 days ago.
301: .TP 8n
302: 10:01 am 9/17/2009
303: 10:01 am, September 17, 2009.
304: .TP 8n
305: 10:01 am
306: 10:01 am on the current day.
307: .TP 8n
308: 10
309: 10:00 am on the current day.
310: .TP 8n
311: 9/17/2009
312: 00:00 am, September 17, 2009.
313: .TP 8n
314: 10:01 am Sep 17, 2009
315: 10:01 am, September 17, 2009.
316: .PP
317: Note that relative time specifications do not always work as expected.
318: For example, the
319: ``next''
320: qualifier is intended to be used in conjunction with a day such as
321: ``next Monday''.
322: When used with units of weeks, months, years, etc
323: the result will be one more than expected.
324: For example,
325: ``next week''
326: will result in a time exactly two weeks from now, which is probably
327: not what was intended.
328: This will be addressed in a future version of
329: \fBsudoreplay\fR.
330: .SH "FILES"
331: .TP 26n
332: \fI@iolog_dir@\fR
333: The default I/O log directory.
334: .TP 26n
335: \fI@iolog_dir@/00/00/01/log\fR
336: Example session log info.
337: .TP 26n
338: \fI@iolog_dir@/00/00/01/stdin\fR
339: Example session standard input log.
340: .TP 26n
341: \fI@iolog_dir@/00/00/01/stdout\fR
342: Example session standard output log.
343: .TP 26n
344: \fI@iolog_dir@/00/00/01/stderr\fR
345: Example session standard error log.
346: .TP 26n
347: \fI@iolog_dir@/00/00/01/ttyin\fR
348: Example session tty input file.
349: .TP 26n
350: \fI@iolog_dir@/00/00/01/ttyout\fR
351: Example session tty output file.
352: .TP 26n
353: \fI@iolog_dir@/00/00/01/timing\fR
354: Example session timing file.
355: .PP
356: Note that the
357: \fIstdin\fR,
358: \fIstdout\fR
359: and
360: \fIstderr\fR
361: files will be empty unless
362: \fBsudo\fR
363: was used as part of a pipeline for a particular command.
364: .SH "EXAMPLES"
365: List sessions run by user
366: \fImillert\fR:
367: .nf
368: .sp
369: .RS 6n
370: # sudoreplay -l user millert
371: .RE
372: .fi
373: .PP
374: List sessions run by user
375: \fIbob\fR
376: with a command containing the string vi:
377: .nf
378: .sp
379: .RS 6n
380: # sudoreplay -l user bob command vi
381: .RE
382: .fi
383: .PP
384: List sessions run by user
385: \fIjeff\fR
386: that match a regular expression:
387: .nf
388: .sp
389: .RS 6n
390: # sudoreplay -l user jeff command '/bin/[a-z]*sh'
391: .RE
392: .fi
393: .PP
394: List sessions run by jeff or bob on the console:
395: .nf
396: .sp
397: .RS 6n
398: # sudoreplay -l ( user jeff or user bob ) tty console
399: .RE
400: .fi
401: .SH "SEE ALSO"
402: sudo(@mansectsu@),
403: script(1)
404: .SH "AUTHORS"
405: Todd C. Miller
406: .SH "BUGS"
407: If you feel you have found a bug in
408: \fBsudoreplay\fR,
409: please submit a bug report at http://www.sudo.ws/sudo/bugs/
410: .SH "SUPPORT"
411: Limited free support is available via the sudo-users mailing list,
412: see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
413: search the archives.
414: .SH "DISCLAIMER"
415: \fBsudoreplay\fR
416: is provided
417: ``AS IS''
418: and any express or implied warranties, including, but not limited
419: to, the implied warranties of merchantability and fitness for a
420: particular purpose are disclaimed.
421: See the LICENSE file distributed with
422: \fBsudo\fR
423: or http://www.sudo.ws/sudo/license.html for complete details.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudoreplay.man.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc