4 SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
8 sudoreplay - replay sudo session logs
10 S
\bSY
\bYN
\bNO
\bOP
\bPS
\bSI
\bIS
\bS
11 s
\bsu
\bud
\bdo
\bor
\bre
\bep
\bpl
\bla
\bay
\by [-
\b-h
\bh] [-
\b-d
\bd _
\bd_
\bi_
\br_
\be_
\bc_
\bt_
\bo_
\br_
\by] [-
\b-f
\bf _
\bf_
\bi_
\bl_
\bt_
\be_
\br] [-
\b-m
\bm _
\bm_
\ba_
\bx_
\b__
\bw_
\ba_
\bi_
\bt] [-
\b-s
\bs
12 _
\bs_
\bp_
\be_
\be_
\bd_
\b__
\bf_
\ba_
\bc_
\bt_
\bo_
\br] ID
14 s
\bsu
\bud
\bdo
\bor
\bre
\bep
\bpl
\bla
\bay
\by [-
\b-h
\bh] [-
\b-d
\bd _
\bd_
\bi_
\br_
\be_
\bc_
\bt_
\bo_
\br_
\by] -l [search expression]
16 D
\bDE
\bES
\bSC
\bCR
\bRI
\bIP
\bPT
\bTI
\bIO
\bON
\bN
17 s
\bsu
\bud
\bdo
\bor
\bre
\bep
\bpl
\bla
\bay
\by plays back or lists the session logs created by s
\bsu
\bud
\bdo
\bo. When
18 replaying, s
\bsu
\bud
\bdo
\bor
\bre
\bep
\bpl
\bla
\bay
\by can play the session back in real-time, or the
19 playback speed may be adjusted (faster or slower) based on the command
20 line options. The _
\bI_
\bD should be a six character sequence of digits and
21 upper case letters, e.g. 0100A5, which is logged by s
\bsu
\bud
\bdo
\bo when a
22 command is run with session logging enabled.
24 In list mode, s
\bsu
\bud
\bdo
\bor
\bre
\bep
\bpl
\bla
\bay
\by can be used to find the ID of a session based
25 on a number of criteria such as the user, tty or command run.
27 In replay mode, if the standard output has not been redirected,
28 s
\bsu
\bud
\bdo
\bor
\bre
\bep
\bpl
\bla
\bay
\by will act on the following keys:
31 Pause output; press any key to resume.
33 '<' Reduce the playback speed by one half.
35 '>' Double the playback speed.
37 O
\bOP
\bPT
\bTI
\bIO
\bON
\bNS
\bS
38 s
\bsu
\bud
\bdo
\bor
\bre
\bep
\bpl
\bla
\bay
\by accepts the following command line options:
40 -d _
\bd_
\bi_
\br_
\be_
\bc_
\bt_
\bo_
\br_
\by
41 Use _
\bd_
\bi_
\br_
\be_
\bc_
\bt_
\bo_
\br_
\by to for the session logs instead of the
42 default, _
\b/_
\bv_
\ba_
\br_
\b/_
\bl_
\bo_
\bg_
\b/_
\bs_
\bu_
\bd_
\bo_
\b-_
\bi_
\bo.
44 -f _
\bf_
\bi_
\bl_
\bt_
\be_
\br By default, s
\bsu
\bud
\bdo
\bor
\bre
\bep
\bpl
\bla
\bay
\by will play back the command's
45 standard output, standard error and tty output. The _
\b-_
\bf
46 option can be used to select which of these to output. The
47 _
\bf_
\bi_
\bl_
\bt_
\be_
\br argument is a comma-separated list, consisting of
48 one or more of following: _
\bs_
\bt_
\bd_
\bo_
\bu_
\bt, _
\bs_
\bt_
\bd_
\be_
\br_
\br, and _
\bt_
\bt_
\by_
\bo_
\bu_
\bt.
50 -h The -
\b-h
\bh (_
\bh_
\be_
\bl_
\bp) option causes s
\bsu
\bud
\bdo
\bor
\bre
\bep
\bpl
\bla
\bay
\by to print a short
51 help message to the standard output and exit.
53 -l [_
\bs_
\be_
\ba_
\br_
\bc_
\bh _
\be_
\bx_
\bp_
\br_
\be_
\bs_
\bs_
\bi_
\bo_
\bn]
54 Enable "list mode". In this mode, s
\bsu
\bud
\bdo
\bor
\bre
\bep
\bpl
\bla
\bay
\by will list
55 available session IDs. If a _
\bs_
\be_
\ba_
\br_
\bc_
\bh _
\be_
\bx_
\bp_
\br_
\be_
\bs_
\bs_
\bi_
\bo_
\bn is
56 specified, it will be used to restrict the IDs that are
57 displayed. An expression is composed of the following
70 SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
73 command _
\bc_
\bo_
\bm_
\bm_
\ba_
\bn_
\bd _
\bp_
\ba_
\bt_
\bt_
\be_
\br_
\bn
74 Evaluates to true if the command run matches
75 _
\bc_
\bo_
\bm_
\bm_
\ba_
\bn_
\bd _
\bp_
\ba_
\bt_
\bt_
\be_
\br_
\bn. On systems with POSIX regular
76 expression support, the pattern may be an extended
77 regular expression. On systems without POSIX
78 regular expression support, a simple substring
79 match is performed instead.
81 cwd _
\bd_
\bi_
\br_
\be_
\bc_
\bt_
\bo_
\br_
\by
82 Evaluates to true if the command was run with the
83 specified current working directory.
85 fromdate _
\bd_
\ba_
\bt_
\be
86 Evaluates to true if the command was run on or
87 after _
\bd_
\ba_
\bt_
\be. See "Date and time format" for a
88 description of supported date and time formats.
90 group _
\br_
\bu_
\bn_
\ba_
\bs_
\b__
\bg_
\br_
\bo_
\bu_
\bp
91 Evaluates to true if the command was run with the
92 specified _
\br_
\bu_
\bn_
\ba_
\bs_
\b__
\bg_
\br_
\bo_
\bu_
\bp. Note that unless a
93 _
\br_
\bu_
\bn_
\ba_
\bs_
\b__
\bg_
\br_
\bo_
\bu_
\bp was explicitly specified when s
\bsu
\bud
\bdo
\bo was
94 run this field will be empty in the log.
96 runas _
\br_
\bu_
\bn_
\ba_
\bs_
\b__
\bu_
\bs_
\be_
\br
97 Evaluates to true if the command was run as the
98 specified _
\br_
\bu_
\bn_
\ba_
\bs_
\b__
\bu_
\bs_
\be_
\br. Note that s
\bsu
\bud
\bdo
\bo runs commands
99 as user _
\br_
\bo_
\bo_
\bt by default.
101 todate _
\bd_
\ba_
\bt_
\be
102 Evaluates to true if the command was run on or
103 prior to _
\bd_
\ba_
\bt_
\be. See "Date and time format" for a
104 description of supported date and time formats.
106 tty _
\bt_
\bt_
\by Evaluates to true if the command was run on the
107 specified terminal device. The _
\bt_
\bt_
\by should be
108 specified without the _
\b/_
\bd_
\be_
\bv_
\b/ prefix, e.g. _
\bt_
\bt_
\by_
\b0_
\b1
109 instead of _
\b/_
\bd_
\be_
\bv_
\b/_
\bt_
\bt_
\by_
\b0_
\b1.
111 user _
\bu_
\bs_
\be_
\br _
\bn_
\ba_
\bm_
\be
112 Evaluates to true if the ID matches a command run
113 by _
\bu_
\bs_
\be_
\br _
\bn_
\ba_
\bm_
\be.
115 Predicates may be abbreviated to the shortest unique string
116 (currently all predicates may be shortened to a single
119 Predicates may be combined using _
\ba_
\bn_
\bd, _
\bo_
\br and _
\b! operators as
120 well as '(' and ')' for grouping (note that parentheses
121 must generally be escaped from the shell). The _
\ba_
\bn_
\bd
122 operator is optional, adjacent predicates have an implied
123 _
\ba_
\bn_
\bd unless separated by an _
\bo_
\br.
125 -m _
\bm_
\ba_
\bx_
\b__
\bw_
\ba_
\bi_
\bt Specify an upper bound on how long to wait between key
126 presses or output data. By default, s
\bsu
\bud
\bdo
\bo_
\b_r
\bre
\bep
\bpl
\bla
\bay
\by will
130 1.7.6 April 9, 2011 2
136 SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
139 accurately reproduce the delays between key presses or
140 program output. However, this can be tedious when the
141 session includes long pauses. When the _
\b-_
\bm option is
142 specified, s
\bsu
\bud
\bdo
\bor
\bre
\bep
\bpl
\bla
\bay
\by will limit these pauses to at most
143 _
\bm_
\ba_
\bx_
\b__
\bw_
\ba_
\bi_
\bt seconds. The value may be specified as a floating
144 point number, .e.g. _
\b2_
\b._
\b5.
146 -s _
\bs_
\bp_
\be_
\be_
\bd_
\b__
\bf_
\ba_
\bc_
\bt_
\bo_
\br
147 This option causes s
\bsu
\bud
\bdo
\bor
\bre
\bep
\bpl
\bla
\bay
\by to adjust the number of
148 seconds it will wait between key presses or program output.
149 This can be used to slow down or speed up the display. For
150 example, a _
\bs_
\bp_
\be_
\be_
\bd_
\b__
\bf_
\ba_
\bc_
\bt_
\bo_
\br of _
\b2 would make the output twice as
151 fast whereas a _
\bs_
\bp_
\be_
\be_
\bd_
\b__
\bf_
\ba_
\bc_
\bt_
\bo_
\br of <.5> would make the output
154 -V The -
\b-V
\bV (version) option causes s
\bsu
\bud
\bdo
\bor
\bre
\bep
\bpl
\bla
\bay
\by to print its
155 version number and exit.
157 D
\bDa
\bat
\bte
\be a
\ban
\bnd
\bd t
\bti
\bim
\bme
\be f
\bfo
\bor
\brm
\bma
\bat
\bt
158 The time and date may be specified multiple ways, common formats
161 HH:MM:SS am MM/DD/CCYY timezone
162 24 hour time may be used in place of am/pm.
164 HH:MM:SS am Month, Day Year timezone
165 24 hour time may be used in place of am/pm, and month and day
166 names may be abbreviated. Note that month and day of the week
167 names must be specified in English.
172 DD Month CCYY HH:MM:SS
173 The month name may be abbreviated.
175 Either time or date may be omitted, the am/pm and timezone are
176 optional. If no date is specified, the current day is assumed; if no
177 time is specified, the first second of the specified date is used. The
178 less significant parts of both time and date may also be omitted, in
179 which case zero is assumed. For example, the following are all valid:
181 The following are all valid time and date specifications:
183 now The current time and date.
186 Exactly one day from now.
196 1.7.6 April 9, 2011 3
202 SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
206 The first second of the next Friday.
209 The current time but the first day of the coming week.
212 The current time but 14 days ago.
215 10:01 am, September 17, 2009.
218 10:01 am on the current day.
220 10 10:00 am on the current day.
223 00:00 am, September 17, 2009.
225 10:01 am Sep 17, 2009
226 10:01 am, September 17, 2009.
229 _
\b/_
\bv_
\ba_
\br_
\b/_
\bl_
\bo_
\bg_
\b/_
\bs_
\bu_
\bd_
\bo_
\b-_
\bi_
\bo The default I/O log directory.
231 _
\b/_
\bv_
\ba_
\br_
\b/_
\bl_
\bo_
\bg_
\b/_
\bs_
\bu_
\bd_
\bo_
\b-_
\bi_
\bo_
\b/_
\b0_
\b0_
\b/_
\b0_
\b0_
\b/_
\b0_
\b1_
\b/_
\bl_
\bo_
\bg
232 Example session log info.
234 _
\b/_
\bv_
\ba_
\br_
\b/_
\bl_
\bo_
\bg_
\b/_
\bs_
\bu_
\bd_
\bo_
\b-_
\bi_
\bo_
\b/_
\b0_
\b0_
\b/_
\b0_
\b0_
\b/_
\b0_
\b1_
\b/_
\bs_
\bt_
\bd_
\bi_
\bn
235 Example session standard input log.
237 _
\b/_
\bv_
\ba_
\br_
\b/_
\bl_
\bo_
\bg_
\b/_
\bs_
\bu_
\bd_
\bo_
\b-_
\bi_
\bo_
\b/_
\b0_
\b0_
\b/_
\b0_
\b0_
\b/_
\b0_
\b1_
\b/_
\bs_
\bt_
\bd_
\bo_
\bu_
\bt
238 Example session standard output log.
240 _
\b/_
\bv_
\ba_
\br_
\b/_
\bl_
\bo_
\bg_
\b/_
\bs_
\bu_
\bd_
\bo_
\b-_
\bi_
\bo_
\b/_
\b0_
\b0_
\b/_
\b0_
\b0_
\b/_
\b0_
\b1_
\b/_
\bs_
\bt_
\bd_
\be_
\br_
\br
241 Example session standard error log.
243 _
\b/_
\bv_
\ba_
\br_
\b/_
\bl_
\bo_
\bg_
\b/_
\bs_
\bu_
\bd_
\bo_
\b-_
\bi_
\bo_
\b/_
\b0_
\b0_
\b/_
\b0_
\b0_
\b/_
\b0_
\b1_
\b/_
\bt_
\bt_
\by_
\bi_
\bn
244 Example session tty input file.
246 _
\b/_
\bv_
\ba_
\br_
\b/_
\bl_
\bo_
\bg_
\b/_
\bs_
\bu_
\bd_
\bo_
\b-_
\bi_
\bo_
\b/_
\b0_
\b0_
\b/_
\b0_
\b0_
\b/_
\b0_
\b1_
\b/_
\bt_
\bt_
\by_
\bo_
\bu_
\bt
247 Example session tty output file.
249 _
\b/_
\bv_
\ba_
\br_
\b/_
\bl_
\bo_
\bg_
\b/_
\bs_
\bu_
\bd_
\bo_
\b-_
\bi_
\bo_
\b/_
\b0_
\b0_
\b/_
\b0_
\b0_
\b/_
\b0_
\b1_
\b/_
\bt_
\bi_
\bm_
\bi_
\bn_
\bg
250 Example session timing file.
252 Note that the _
\bs_
\bt_
\bd_
\bi_
\bn, _
\bs_
\bt_
\bd_
\bo_
\bu_
\bt and _
\bs_
\bt_
\bd_
\be_
\br_
\br files will be empty unless s
\bsu
\bud
\bdo
\bo
253 was used as part of a pipeline for a particular command.
255 E
\bEX
\bXA
\bAM
\bMP
\bPL
\bLE
\bES
\bS
256 List sessions run by user _
\bm_
\bi_
\bl_
\bl_
\be_
\br_
\bt:
258 sudoreplay -l user millert
262 1.7.6 April 9, 2011 4
268 SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
271 List sessions run by user _
\bb_
\bo_
\bb with a command containing the string vi:
273 sudoreplay -l user bob command vi
275 List sessions run by user _
\bj_
\be_
\bf_
\bf that match a regular expression:
277 sudoreplay -l user jeff command '/bin/[a-z]*sh'
279 List sessions run by jeff or bob on the console:
281 sudoreplay -l ( user jeff or user bob ) tty console
283 S
\bSE
\bEE
\bE A
\bAL
\bLS
\bSO
\bO
284 _
\bs_
\bu_
\bd_
\bo(1m), _
\bs_
\bc_
\br_
\bi_
\bp_
\bt(1)
286 A
\bAU
\bUT
\bTH
\bHO
\bOR
\bR
290 If you feel you have found a bug in s
\bsu
\bud
\bdo
\bor
\bre
\bep
\bpl
\bla
\bay
\by, please submit a bug
291 report at http://www.sudo.ws/sudo/bugs/
293 S
\bSU
\bUP
\bPP
\bPO
\bOR
\bRT
\bT
294 Limited free support is available via the sudo-users mailing list, see
295 http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
298 D
\bDI
\bIS
\bSC
\bCL
\bLA
\bAI
\bIM
\bME
\bER
\bR
299 s
\bsu
\bud
\bdo
\bor
\bre
\bep
\bpl
\bla
\bay
\by is provided ``AS IS'' and any express or implied warranties,
300 including, but not limited to, the implied warranties of
301 merchantability and fitness for a particular purpose are disclaimed.
302 See the LICENSE file distributed with s
\bsu
\bud
\bdo
\bo or
303 http://www.sudo.ws/sudo/license.html for complete details.
328 1.7.6 April 9, 2011 5
projects / debian / sudo / blob