Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   sudo_sendlog    ( 8 )

отправить журнал ввода-вывода sudo на сервер журналов (send sudo I/O log to log server)

Имя (Name)

sudo_sendlog — send sudo I/O log to log server

Синопсис (Synopsis)

sudo_sendlog [-AnV] [-b ca_bundle] [-c cert_file] [-h host] [-i iolog-id] [-k key_file] [-p port] [-r restart-point] [-R reject-reason] [-s stop-point] [-t number] path

Описание (Description)

sudo_sendlog can be used to send the existing sudoers I/O log path to a remote log server such as sudo_logsrvd(8) for central storage.

The options are as follows:

-A, --accept-only Only send the accept event, not the I/O associated with the log. This can be used to test the logging of accept events without any associated I/O.

-b, --ca-bundle The path to a certificate authority bundle file, in PEM format, to use instead of the system's default certificate authority database when authenticating the log server. The default is to use the system's default certificate authority database.

-c, --cert The path to the client's certificate file in PEM format. This setting is required when the connection to the remote log server is secured with TLS.

--help Display a short help message to the standard output and exit.

-h, --host Connect to the specified host instead of localhost.

-i, --iolog-id Use the specified iolog-id when restarting a log transfer. The iolog-id is reported by the server when it creates the remote I/O log. This option may only be used in conjunction with the -r option.

-k, --key The path to the client's private key file in PEM format. This setting is required when the connection to the remote log server is secured with TLS.

-n, --no-verify If specified, the server's certificate will not be verified during the TLS handshake. By default, sudo_sendlog verifies that the server's certificate is valid and that it contains either the server's host name or its IP address. This setting is only supported when the connection to the remote log server is secured with TLS.

-p, --port Use the specified network port when connecting to the log server instead of the default, port 30344.

-r, --restart Restart an interrupted connection to the log server. The specified restart-point is used to tell the server the point in time at which to continue the log. The restart-point is specified in the form 'seconds,nanoseconds' and is usually the last commit point received from the server. The -i option must also be specified when restarting a transfer.

-R, --reject Send a reject event for the command using the specified reject-reason, even though it was actually accepted locally. This can be used to test the logging of reject events; no I/O will be sent.

-s, --stop-after Stop sending log records and close the connection when stop-point is reached. This can be used for testing purposes to send a partial I/O log to the server. Partial logs can be restarted using the -r option. The stop-point is an elapsed time specified in the form 'seconds,nanoseconds'.

-t, --test Open number simultaneous connections to the log server and send the specified I/O log file on each one. This option is useful for performance testing.

-V, --version Print the sudo_sendlog version and exit.

Debugging sendlog sudo_sendlog supports a flexible debugging framework that is configured via Debug lines in the sudo.conf(5) file.

For more information on configuring sudo.conf(5), please refer to its manual.

Файлы (Files)

/etc/sudo.conf Sudo front end configuration

Смотри также (See also)

sudo.conf(5), sudo(8), sudo_logsrvd(8)