MAN-J
Man PagesPricing
LoginGet Started
sudo_sendlog(8)
Original
English • 139 lines
SUDO_SENDLOG(8)		    System Manager's Manual	       SUDO_SENDLOG(8)

NAME
       sudo_sendlog - send sudo I/O log to log server

SYNOPSIS
       sudo_sendlog [-AnV] [-b ca_bundle] [-c cert_file] [-h host] [-i iolog-
		    id] [-k key_file] [-p port] [-r restart-point] [-R reject-
		    reason] [-s stop-point] [-t number] path

DESCRIPTION
       sudo_sendlog can be used to send the existing sudoers I/O log path to a
       remote log server such as sudo_logsrvd(8) for central storage.

       The options are as follows:

       -A, --accept-only
	       Only send the accept event, not the I/O associated with the
	       log.  This can be used to test the logging of accept events
	       without any associated I/O.

       -b, --ca-bundle
	       The path to a certificate authority bundle file, in PEM format,
	       to use instead of the system's default certificate authority
	       database when authenticating the log server.  The default is to
	       use the system's default certificate authority database.

       -c, --cert
	       The path to the client's certificate file in PEM format.	 This
	       setting is required when the connection to the remote log
	       server is secured with TLS.

       --help
	       Display a short help message to the standard output and exit.

       -h, --host
	       Connect to the specified host instead of localhost.

       -i, --iolog-id
	       Use the specified iolog-id when restarting a log transfer.  The
	       iolog-id is reported by the server when it creates the remote
	       I/O log.	 This option may only be used in conjunction with the
	       -r option.

       -k, --key
	       The path to the client's private key file in PEM format.	 This
	       setting is required when the connection to the remote log
	       server is secured with TLS.

       -n, --no-verify
	       If specified, the server's certificate will not be verified
	       during the TLS handshake.  By default, sudo_sendlog verifies
	       that the server's certificate is valid and that it contains
	       either the server's host name or its IP address.	 This setting
	       is only supported when the connection to the remote log server
	       is secured with TLS.

       -p, --port
	       Use the specified network port when connecting to the log
	       server instead of the default, port 30344.

       -r, --restart
	       Restart an interrupted connection to the log server.  The
	       specified restart-point is used to tell the server the point in
	       time at which to continue the log.  The restart-point is
	       specified in the form “seconds,nanoseconds” and is usually the
	       last commit point received from the server.  The -i option must
	       also be specified when restarting a transfer.

       -R, --reject
	       Send a reject event for the command using the specified reject-
	       reason, even though it was actually accepted locally.  This can
	       be used to test the logging of reject events; no I/O will be
	       sent.

       -s, --stop-after
	       Stop sending log records and close the connection when stop-
	       point is reached.  This can be used for testing purposes to
	       send a partial I/O log to the server.  Partial logs can be
	       restarted using the -r option.  The stop-point is an elapsed
	       time specified in the form “seconds,nanoseconds”.

       -t, --test
	       Open number simultaneous connections to the log server and send
	       the specified I/O log file on each one.	This option is useful
	       for performance testing.

       -V, --version
	       Print the sudo_sendlog version and exit.

   Debugging sendlog
       sudo_sendlog supports a flexible debugging framework that is configured
       via Debug lines in the sudo.conf(5) file.

       For more information on configuring sudo.conf(5), refer to its manual.

FILES
       /etc/sudo.conf		 Sudo front-end configuration

SEE ALSO
       sudo.conf(5), sudo_logsrv.proto(5), sudo(8), sudo_logsrvd(8)

AUTHORS
       Many people have worked on sudo over the years; this version consists
       of code written primarily by:

	     Todd C. Miller

       See the CONTRIBUTORS.md file in the sudo distribution
       (https://www.sudo.ws/about/contributors/) for an exhaustive list of
       people who have contributed to sudo.

BUGS
       If you believe you have found a bug in sudo_sendlog, you can either
       file a bug report in the sudo bug database, https://bugzilla.sudo.ws/,
       or open an issue at https://github.com/sudo-project/sudo/issues.	 If
       you would prefer to use email, messages may be sent to the sudo-workers
       mailing list, https://www.sudo.ws/mailman/listinfo/sudo-workers
       (public) or <sudo@sudo.ws> (private).

       Please do not report security vulnerabilities through public GitHub
       issues, Bugzilla or mailing lists.  Instead, report them via email to
       <Todd.Miller@sudo.ws>.  You may encrypt your message with PGP if you
       would like, using the key found at https://www.sudo.ws/dist/PGPKEYS.

SUPPORT
       Limited free support is available via the sudo-users mailing list, see
       https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
       the archives.

DISCLAIMER
       sudo_sendlog is provided “AS IS” and any express or implied warranties,
       including, but not limited to, the implied warranties of
       merchantability and fitness for a particular purpose are disclaimed.
       See the LICENSE.md file distributed with sudo or
       https://www.sudo.ws/about/license/ for complete details.

Sudo 1.9.17p1			 July 14, 2024		       SUDO_SENDLOG(8)

sudo_sendlog(8)

\fBsudo_sendlog\fR

0popularity

System Information

Sudo 1.9.17p1 1.0.0
Updated July 14, 2024
Maintained by Unknown

Actions