+++ /dev/null
-
-
-
-SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-
-
-N\bNA\bAM\bME\bE
- sudoreplay - replay sudo session logs
-
-S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
- s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by [-\b-d\bd _\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by] [-\b-f\bf _\bf_\bi_\bl_\bt_\be_\br] [-\b-m\bm _\bm_\ba_\bx_\b__\bw_\ba_\bi_\bt] [-\b-s\bs _\bs_\bp_\be_\be_\bd_\b__\bf_\ba_\bc_\bt_\bo_\br]
- ID
-
- s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by [-\b-d\bd _\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by] -l [search expression]
-
-D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
- s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by plays back or lists the session logs created by s\bsu\bud\bdo\bo. When
- replaying, s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by can play the session back in real-time, or the
- playback speed may be adjusted (faster or slower) based on the command
- line options. The _\bI_\bD should be a six character sequence of digits and
- upper case letters, e.g. 0100A5, which is logged by s\bsu\bud\bdo\bo when a
- command is run with session logging enabled.
-
- In list mode, s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by can be used to find the ID of a session based
- on a number of criteria such as the user, tty or command run.
-
- In replay mode, if the standard output has not been redirected,
- s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by will act on the following keys:
-
- ' ' (space)
- Pause output; press any key to resume.
-
- '<' Reduce the playback speed by one half.
-
- '>' Double the playback speed.
-
-O\bOP\bPT\bTI\bIO\bON\bNS\bS
- s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by accepts the following command line options:
-
- -d _\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by
- Use _\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by to for the session logs instead of the
- default, _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo.
-
- -f _\bf_\bi_\bl_\bt_\be_\br By default, s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by will play back the command's
- standard output, standard error and tty output. The _\b-_\bf
- option can be used to select which of these to output. The
- _\bf_\bi_\bl_\bt_\be_\br argument is a comma-separated list, consisting of
- one or more of following: _\bs_\bt_\bd_\bo_\bu_\bt, _\bs_\bt_\bd_\be_\br_\br, and _\bt_\bt_\by_\bo_\bu_\bt.
-
- -l Enable "list mode". In this mode, s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by will list
- available session IDs. If a _\bs_\be_\ba_\br_\bc_\bh _\be_\bx_\bp_\br_\be_\bs_\bs_\bi_\bo_\bn is
- specified, it will be used to restrict the IDs that are
- displayed. An expression is composed of the following
- predicates:
-
- command _\bc_\bo_\bm_\bm_\ba_\bn_\bd _\bp_\ba_\bt_\bt_\be_\br_\bn
- Evaluates to true if the command run matches
- _\bc_\bo_\bm_\bm_\ba_\bn_\bd _\bp_\ba_\bt_\bt_\be_\br_\bn. On systems with POSIX regular
- expression support, the pattern may be an extended
- regular expression. On systems without POSIX
-
-
-
-1.7.4 July 12, 2010 1
-
-
-
-
-
-SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-
-
- regular expression support, a simple substring
- match is performed instead.
-
- cwd _\bd_\bi_\br_\be_\bc_\bt_\bo_\br_\by
- Evaluates to true if the command was run with the
- specified current working directory.
-
- fromdate _\bd_\ba_\bt_\be
- Evaluates to true if the command was run on or
- after _\bd_\ba_\bt_\be. See "Date and time format" for a
- description of supported date and time formats.
-
- group _\br_\bu_\bn_\ba_\bs_\b__\bg_\br_\bo_\bu_\bp
- Evaluates to true if the command was run with the
- specified _\br_\bu_\bn_\ba_\bs_\b__\bg_\br_\bo_\bu_\bp. Note that unless a
- _\br_\bu_\bn_\ba_\bs_\b__\bg_\br_\bo_\bu_\bp was explicitly specified when s\bsu\bud\bdo\bo was
- run this field will be empty in the log.
-
- runas _\br_\bu_\bn_\ba_\bs_\b__\bu_\bs_\be_\br
- Evaluates to true if the command was run as the
- specified _\br_\bu_\bn_\ba_\bs_\b__\bu_\bs_\be_\br. Note that s\bsu\bud\bdo\bo runs commands
- as user _\br_\bo_\bo_\bt by default.
-
- todate _\bd_\ba_\bt_\be
- Evaluates to true if the command was run on or
- prior to _\bd_\ba_\bt_\be. See "Date and time format" for a
- description of supported date and time formats.
-
- tty _\bt_\bt_\by Evaluates to true if the command was run on the
- specified terminal device. The _\bt_\bt_\by should be
- specified without the _\b/_\bd_\be_\bv_\b/ prefix, e.g. _\bt_\bt_\by_\b0_\b1
- instead of _\b/_\bd_\be_\bv_\b/_\bt_\bt_\by_\b0_\b1.
-
- user _\bu_\bs_\be_\br _\bn_\ba_\bm_\be
- Evaluates to true if the ID matches a command run
- by _\bu_\bs_\be_\br _\bn_\ba_\bm_\be.
-
- Predicates may be abbreviated to the shortest unique string
- (currently all predicates may be shortened to a single
- character).
-
- Predicates may be combined using _\ba_\bn_\bd, _\bo_\br and _\b! operators as
- well as '(' and ')' for grouping (note that parentheses
- must generally be escaped from the shell). The _\ba_\bn_\bd
- operator is optional, adjacent predicates have an implied
- _\ba_\bn_\bd unless separated by an _\bo_\br.
-
- -m _\bm_\ba_\bx_\b__\bw_\ba_\bi_\bt Specify an upper bound on how long to wait between key
- presses or output data. By default, s\bsu\bud\bdo\bo_\b_r\bre\bep\bpl\bla\bay\by will
- accurately reproduce the delays between key presses or
- program output. However, this can be tedious when the
- session includes long pauses. When the _\b-_\bm option is
- specified, s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by will limit these pauses to at most
- _\bm_\ba_\bx_\b__\bw_\ba_\bi_\bt seconds. The value may be specified as a floating
-
-
-
-1.7.4 July 12, 2010 2
-
-
-
-
-
-SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-
-
- point number, .e.g. _\b2_\b._\b5.
-
- -s _\bs_\bp_\be_\be_\bd_\b__\bf_\ba_\bc_\bt_\bo_\br
- This option causes s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by to adjust the number of
- seconds it will wait between key presses or program output.
- This can be used to slow down or speed up the display. For
- example, a _\bs_\bp_\be_\be_\bd_\b__\bf_\ba_\bc_\bt_\bo_\br of _\b2 would make the output twice as
- fast whereas a _\bs_\bp_\be_\be_\bd_\b__\bf_\ba_\bc_\bt_\bo_\br of <.5> would make the output
- twice as slow.
-
- -V The -\b-V\bV (version) option causes s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by to print its
- version number and exit.
-
- D\bDa\bat\bte\be a\ban\bnd\bd t\bti\bim\bme\be f\bfo\bor\brm\bma\bat\bt
- The time and date may be specified multiple ways, common formats
- include:
-
- HH:MM:SS am MM/DD/CCYY timezone
- 24 hour time may be used in place of am/pm.
-
- HH:MM:SS am Month, Day Year timezone
- 24 hour time may be used in place of am/pm, and month and day
- names may be abbreviated. Note that month and day of the week
- names must be specified in English.
-
- CCYY-MM-DD HH:MM:SS
- ISO time format
-
- DD Month CCYY HH:MM:SS
- The month name may be abbreviated.
-
- Either time or date may be omitted, the am/pm and timezone are
- optional. If no date is specified, the current day is assumed; if no
- time is specified, the first second of the specified date is used. The
- less significant parts of both time and date may also be omitted, in
- which case zero is assumed. For example, the following are all valid:
-
- The following are all valid time and date specifications:
-
- now The current time and date.
-
- tomorrow
- Exactly one day from now.
-
- yesterday
- 24 hours ago.
-
- 2 hours ago
- 2 hours ago.
-
- next Friday
- The first second of the next Friday.
-
-
-
-
-
-1.7.4 July 12, 2010 3
-
-
-
-
-
-SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-
-
- this week
- The current time but the first day of the coming week.
-
- a fortnight ago
- The current time but 14 days ago.
-
- 10:01 am 9/17/2009
- 10:01 am, September 17, 2009.
-
- 10:01 am
- 10:01 am on the current day.
-
- 10 10:00 am on the current day.
-
- 9/17/2009
- 00:00 am, September 17, 2009.
-
- 10:01 am Sep 17, 2009
- 10:01 am, September 17, 2009.
-
-F\bFI\bIL\bLE\bES\bS
- _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo The default I/O log directory.
-
- _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo_\b/_\b0_\b0_\b/_\b0_\b0_\b/_\b0_\b1_\b/_\bl_\bo_\bg
- Example session log info.
-
- _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo_\b/_\b0_\b0_\b/_\b0_\b0_\b/_\b0_\b1_\b/_\bs_\bt_\bd_\bi_\bn
- Example session standard input log.
-
- _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo_\b/_\b0_\b0_\b/_\b0_\b0_\b/_\b0_\b1_\b/_\bs_\bt_\bd_\bo_\bu_\bt
- Example session standard output log.
-
- _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo_\b/_\b0_\b0_\b/_\b0_\b0_\b/_\b0_\b1_\b/_\bs_\bt_\bd_\be_\br_\br
- Example session standard error log.
-
- _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo_\b/_\b0_\b0_\b/_\b0_\b0_\b/_\b0_\b1_\b/_\bt_\bt_\by_\bi_\bn
- Example session tty input file.
-
- _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo_\b/_\b0_\b0_\b/_\b0_\b0_\b/_\b0_\b1_\b/_\bt_\bt_\by_\bo_\bu_\bt
- Example session tty output file.
-
- _\b/_\bv_\ba_\br_\b/_\bl_\bo_\bg_\b/_\bs_\bu_\bd_\bo_\b-_\bi_\bo_\b/_\b0_\b0_\b/_\b0_\b0_\b/_\b0_\b1_\b/_\bt_\bi_\bm_\bi_\bn_\bg
- Example session timing file.
-
- Note that the _\bs_\bt_\bd_\bi_\bn, _\bs_\bt_\bd_\bo_\bu_\bt and _\bs_\bt_\bd_\be_\br_\br files will be empty unless s\bsu\bud\bdo\bo
- was used as part of a pipeline for a particular command.
-
-E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
- List sessions run by user _\bm_\bi_\bl_\bl_\be_\br_\bt:
-
- sudoreplay -l user millert
-
- List sessions run by user _\bb_\bo_\bb with a command containing the string vi:
-
-
-
-
-1.7.4 July 12, 2010 4
-
-
-
-
-
-SUDOREPLAY(1m) MAINTENANCE COMMANDS SUDOREPLAY(1m)
-
-
- sudoreplay -l user bob command vi
-
- List sessions run by user _\bj_\be_\bf_\bf that match a regular expression:
-
- sudoreplay -l user jeff command '/bin/[a-z]*sh'
-
- List sessions run by jeff or bob on the console:
-
- sudoreplay -l ( user jeff or user bob ) tty console
-
-S\bSE\bEE\bE A\bAL\bLS\bSO\bO
- _\bs_\bu_\bd_\bo(1m), _\bs_\bc_\br_\bi_\bp_\bt(1)
-
-A\bAU\bUT\bTH\bHO\bOR\bR
- Todd C. Miller
-
-B\bBU\bUG\bGS\bS
- If you feel you have found a bug in s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by, please submit a bug
- report at http://www.sudo.ws/sudo/bugs/
-
-S\bSU\bUP\bPP\bPO\bOR\bRT\bT
- Limited free support is available via the sudo-users mailing list, see
- http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
- the archives.
-
-D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
- s\bsu\bud\bdo\bor\bre\bep\bpl\bla\bay\by is provided ``AS IS'' and any express or implied warranties,
- including, but not limited to, the implied warranties of
- merchantability and fitness for a particular purpose are disclaimed.
- See the LICENSE file distributed with s\bsu\bud\bdo\bo or
- http://www.sudo.ws/sudo/license.html for complete details.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-1.7.4 July 12, 2010 5
-
-
projects / debian / sudo / blobdiff