--- /dev/null
+SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
+
+
+
+N\bNA\bAM\bME\bE
+ sudoreplay - replay sudo session logs
+
+S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
+ s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by [-\b-h\bh] [-\b-d\bd _\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by] [-\b-f\bf _\bf_\bi_\bl_\bt_\be_\br] [-\b-m\bm _\bm_\ba_\bx_\b__\bw_\ba_\bi_\bt] [-\b-s\bs
+ _\bs_\bp_\be_\be_\bd_\b__\bf_\ba_\bc_\bt_\bo_\br] ID
+
+ s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by [-\b-h\bh] [-\b-d\bd _\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by] -l [search expression]
+
+D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
+ s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by plays back or lists the output logs created by s\bsu\bud\bdo\bo. When
+ replaying, s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by can play the session back in real-time, or the
+ playback speed may be adjusted (faster or slower) based on the command
+ line options.
+
+ The _\bI_\bD should either be a six character sequence of digits and upper
+ case letters, e.g. 0100A5, or a pattern matching the _\bi_\bo_\bl_\bo_\bg_\b__\bf_\bi_\bl_\be option
+ in the _\bs_\bu_\bd_\bo_\be_\br_\bs file. When a command is run via s\bsu\bud\bdo\bo with _\bl_\bo_\bg_\b__\bo_\bu_\bt_\bp_\bu_\bt
+ enabled in the _\bs_\bu_\bd_\bo_\be_\br_\bs file, a TSID=ID string is logged via syslog or
+ to the s\bsu\bud\bdo\bo log file. The _\bI_\bD may also be determined using s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by's
+ list mode.
+
+ In list mode, s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by can be used to find the ID of a session based
+ on a number of criteria such as the user, tty or command run.
+
+ In replay mode, if the standard output has not been redirected,
+ s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by will act on the following keys:
+
+ ' ' (space)
+ Pause output; press any key to resume.
+
+ '<' Reduce the playback speed by one half.
+
+ '>' Double the playback speed.
+
+O\bOP\bPT\bTI\bIO\bON\bNS\bS
+ s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by accepts the following command line options:
+
+ -d _\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by
+ Use _\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by to for the session logs instead of the
+ default, _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo.
+
+ -f _\bf_\bi_\bl_\bt_\be_\br By default, s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by will play back the command's
+ standard output, standard error and tty output. The _\b-_\bf
+ option can be used to select which of these to output. The
+ _\bf_\bi_\bl_\bt_\be_\br argument is a comma-separated list, consisting of
+ one or more of following: _\bs_\bt_\bd_\bo_\bu_\bt, _\bs_\bt_\bd_\be_\br_\br, and _\bt_\bt_\by_\bo_\bu_\bt.
+
+ -h The -\b-h\bh (_\bh_\be_\bl_\bp) option causes s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by to print a short
+ help message to the standard output and exit.
+
+ -l [_\bs_\be_\ba_\br_\bc_\bh _\be_\bx_\bp_\br_\be_\bs_\bs_\bi_\bo_\bn]
+ Enable "list mode". In this mode, s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by will list
+ available sessions in a format similar to the s\bsu\bud\bdo\bo log file
+ format, sorted by file name (or sequence number). If a
+ _\bs_\be_\ba_\br_\bc_\bh _\be_\bx_\bp_\br_\be_\bs_\bs_\bi_\bo_\bn is specified, it will be used to restrict
+ the IDs that are displayed. An expression is composed of
+ the following predicates:
+
+ command _\bc_\bo_\bm_\bm_\ba_\bn_\bd _\bp_\ba_\bt_\bt_\be_\br_\bn
+ Evaluates to true if the command run matches
+ _\bc_\bo_\bm_\bm_\ba_\bn_\bd _\bp_\ba_\bt_\bt_\be_\br_\bn. On systems with POSIX regular
+ expression support, the pattern may be an extended
+ regular expression. On systems without POSIX
+ regular expression support, a simple substring
+ match is performed instead.
+
+ cwd _\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by
+ Evaluates to true if the command was run with the
+ specified current working directory.
+
+ fromdate _\bd_\ba_\bt_\be
+ Evaluates to true if the command was run on or
+ after _\bd_\ba_\bt_\be. See "Date and time format" for a
+ description of supported date and time formats.
+
+ group _\br_\bu_\bn_\ba_\bs_\b__\bg_\br_\bo_\bu_\bp
+ Evaluates to true if the command was run with the
+ specified _\br_\bu_\bn_\ba_\bs_\b__\bg_\br_\bo_\bu_\bp. Note that unless a
+ _\br_\bu_\bn_\ba_\bs_\b__\bg_\br_\bo_\bu_\bp was explicitly specified when s\bsu\bud\bdo\bo was
+ run this field will be empty in the log.
+
+ runas _\br_\bu_\bn_\ba_\bs_\b__\bu_\bs_\be_\br
+ Evaluates to true if the command was run as the
+ specified _\br_\bu_\bn_\ba_\bs_\b__\bu_\bs_\be_\br. Note that s\bsu\bud\bdo\bo runs commands
+ as user _\br_\bo_\bo_\bt by default.
+
+ todate _\bd_\ba_\bt_\be
+ Evaluates to true if the command was run on or
+ prior to _\bd_\ba_\bt_\be. See "Date and time format" for a
+ description of supported date and time formats.
+
+ tty _\bt_\bt_\by Evaluates to true if the command was run on the
+ specified terminal device. The _\bt_\bt_\by should be
+ specified without the _\b/_\bd_\be_\bv_\b/ prefix, e.g. _\bt_\bt_\by_\b0_\b1
+ instead of _\b/_\bd_\be_\bv_\b/_\bt_\bt_\by_\b0_\b1.
+
+ user _\bu_\bs_\be_\br _\bn_\ba_\bm_\be
+ Evaluates to true if the ID matches a command run
+ by _\bu_\bs_\be_\br _\bn_\ba_\bm_\be.
+
+ Predicates may be abbreviated to the shortest unique string
+ (currently all predicates may be shortened to a single
+ character).
+
+ Predicates may be combined using _\ba_\bn_\bd, _\bo_\br and _\b! operators as
+ well as '(' and ')' for grouping (note that parentheses
+ must generally be escaped from the shell). The _\ba_\bn_\bd
+ operator is optional, adjacent predicates have an implied
+ _\ba_\bn_\bd unless separated by an _\bo_\br.
+
+ -m _\bm_\ba_\bx_\b__\bw_\ba_\bi_\bt Specify an upper bound on how long to wait between key
+ presses or output data. By default, s\bsu\bud\bdo\bo_\b_r\bre\bep\bpl\bla\bay\by will
+ accurately reproduce the delays between key presses or
+ program output. However, this can be tedious when the
+ session includes long pauses. When the _\b-_\bm option is
+ specified, s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by will limit these pauses to at most
+ _\bm_\ba_\bx_\b__\bw_\ba_\bi_\bt seconds. The value may be specified as a floating
+ point number, .e.g. _\b2_\b._\b5.
+
+ -s _\bs_\bp_\be_\be_\bd_\b__\bf_\ba_\bc_\bt_\bo_\br
+ This option causes s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by to adjust the number of
+ seconds it will wait between key presses or program output.
+ This can be used to slow down or speed up the display. For
+ example, a _\bs_\bp_\be_\be_\bd_\b__\bf_\ba_\bc_\bt_\bo_\br of _\b2 would make the output twice as
+ fast whereas a _\bs_\bp_\be_\be_\bd_\b__\bf_\ba_\bc_\bt_\bo_\br of <.5> would make the output
+ twice as slow.
+
+ -V The -\b-V\bV (version) option causes s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by to print its
+ version number and exit.
+
+ D\bDa\bat\bte\be a\ban\bnd\bd t\bti\bim\bme\be f\bfo\bor\brm\bma\bat\bt
+ The time and date may be specified multiple ways, common formats
+ include:
+
+ HH:MM:SS am MM/DD/CCYY timezone
+ 24 hour time may be used in place of am/pm.
+
+ HH:MM:SS am Month, Day Year timezone
+ 24 hour time may be used in place of am/pm, and month and day
+ names may be abbreviated. Note that month and day of the week
+ names must be specified in English.
+
+ CCYY-MM-DD HH:MM:SS
+ ISO time format
+
+ DD Month CCYY HH:MM:SS
+ The month name may be abbreviated.
+
+ Either time or date may be omitted, the am/pm and timezone are
+ optional. If no date is specified, the current day is assumed; if no
+ time is specified, the first second of the specified date is used. The
+ less significant parts of both time and date may also be omitted, in
+ which case zero is assumed. For example, the following are all valid:
+
+ The following are all valid time and date specifications:
+
+ now The current time and date.
+
+ tomorrow
+ Exactly one day from now.
+
+ yesterday
+ 24 hours ago.
+
+ 2 hours ago
+ 2 hours ago.
+
+ next Friday
+ The first second of the next Friday.
+
+ this week
+ The current time but the first day of the coming week.
+
+ a fortnight ago
+ The current time but 14 days ago.
+
+ 10:01 am 9/17/2009
+ 10:01 am, September 17, 2009.
+
+ 10:01 am
+ 10:01 am on the current day.
+
+ 10 10:00 am on the current day.
+
+ 9/17/2009
+ 00:00 am, September 17, 2009.
+
+ 10:01 am Sep 17, 2009
+ 10:01 am, September 17, 2009.
+
+F\bFI\bIL\bLE\bES\bS
+ _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo The default I/O log directory.
+
+ _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo_\b/_\b0_\b0_\b/_\b0_\b0_\b/_\b0_\b1_\b/_\bl_\bo_\bg
+ Example session log info.
+
+ _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo_\b/_\b0_\b0_\b/_\b0_\b0_\b/_\b0_\b1_\b/_\bs_\bt_\bd_\bi_\bn
+ Example session standard input log.
+
+ _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo_\b/_\b0_\b0_\b/_\b0_\b0_\b/_\b0_\b1_\b/_\bs_\bt_\bd_\bo_\bu_\bt
+ Example session standard output log.
+
+ _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo_\b/_\b0_\b0_\b/_\b0_\b0_\b/_\b0_\b1_\b/_\bs_\bt_\bd_\be_\br_\br
+ Example session standard error log.
+
+ _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo_\b/_\b0_\b0_\b/_\b0_\b0_\b/_\b0_\b1_\b/_\bt_\bt_\by_\bi_\bn
+ Example session tty input file.
+
+ _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo_\b/_\b0_\b0_\b/_\b0_\b0_\b/_\b0_\b1_\b/_\bt_\bt_\by_\bo_\bu_\bt
+ Example session tty output file.
+
+ _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo_\b/_\b0_\b0_\b/_\b0_\b0_\b/_\b0_\b1_\b/_\bt_\bi_\bm_\bi_\bn_\bg
+ Example session timing file.
+
+ Note that the _\bs_\bt_\bd_\bi_\bn, _\bs_\bt_\bd_\bo_\bu_\bt and _\bs_\bt_\bd_\be_\br_\br files will be empty unless s\bsu\bud\bdo\bo
+ was used as part of a pipeline for a particular command.
+
+E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
+ List sessions run by user _\bm_\bi_\bl_\bl_\be_\br_\bt:
+
+ sudoreplay -l user millert
+
+ List sessions run by user _\bb_\bo_\bb with a command containing the string vi:
+
+ sudoreplay -l user bob command vi
+
+ List sessions run by user _\bj_\be_\bf_\bf that match a regular expression:
+
+ sudoreplay -l user jeff command '/bin/[a-z]*sh'
+
+ List sessions run by jeff or bob on the console:
+
+ sudoreplay -l ( user jeff or user bob ) tty console
+
+S\bSE\bEE\bE A\bAL\bLS\bSO\bO
+ _\bs_\bu_\bd_\bo(1m), _\bs_\bc_\br_\bi_\bp_\bt(1)
+
+A\bAU\bUT\bTH\bHO\bOR\bR
+ Todd C. Miller
+
+B\bBU\bUG\bGS\bS
+ If you feel you have found a bug in s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by, please submit a bug
+ report at http://www.sudo.ws/sudo/bugs/
+
+S\bSU\bUP\bPP\bPO\bOR\bRT\bT
+ Limited free support is available via the sudo-users mailing list, see
+ http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
+ the archives.
+
+D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
+ s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by is provided ``AS IS'' and any express or implied warranties,
+ including, but not limited to, the implied warranties of
+ merchantability and fitness for a particular purpose are disclaimed.
+ See the LICENSE file distributed with s\bsu\bud\bdo\bo or
+ http://www.sudo.ws/sudo/license.html for complete details.
+
+
+
+1.8.5 April 16, 2012 SUDOREPLAY(1m)
projects / debian / sudo / blobdiff