1SUDO_SENDLOG(8)           BSD System Manager's Manual          SUDO_SENDLOG(8)
2

NAME

4     sudo_sendlog — send sudo I/O log to log server
5

SYNOPSIS

7     sudo_sendlog [-AnV] [-b ca_bundle] [-c cert_file] [-h host] [-i iolog-id]
8                  [-k key_file] [-p port] [-r restart-point]
9                  [-R reject-reason] [-t number] path
10

DESCRIPTION

12     sudo_sendlog can be used to send the existing sudoers I/O log path to a
13     remote log server such as sudo_logsrvd(8) for central storage.
14
15     The options are as follows:
16
17     -A, --accept-only
18                 Only send the accept event, not the I/O associated with the
19                 log.  This can be used to test the logging of accept events
20                 without any associated I/O.
21
22     -b, --ca-bundle
23                 The path to a certificate authority bundle file, in PEM for‐
24                 mat, to use instead of the system's default certificate
25                 authority database when authenticating the log server.  The
26                 default is to use the system's default certificate authority
27                 database.
28
29     -c, --cert  The path to the client's certificate file in PEM format.
30                 This setting is required when the connection to the remote
31                 log server is secured with TLS.
32
33     --help      Display a short help message to the standard output and exit.
34
35     -h, --host  Connect to the specified host instead of localhost.
36
37     -i, --iolog-id
38                 Use the specified iolog-id when restarting a log transfer.
39                 The iolog-id is reported by the server when it creates the
40                 remote I/O log.  This option may only be used in conjunction
41                 with the -r option.
42
43     -k, --key   The path to the client's private key file in PEM format.
44                 This setting is required when the connection to the remote
45                 log server is secured with TLS.
46
47     -n, --no-verify
48                 If specified, the server's certificate will not be verified
49                 during the TLS handshake.  By default, sudo_sendlog verifies
50                 that the server's certificate is valid and that it contains
51                 either the server's host name or its IP address.  This set‐
52                 ting is only supported when the connection to the remote log
53                 server is secured with TLS.
54
55     -p, --port  Use the specified network port when connecting to the log
56                 server instead of the default, port 30344.
57
58     -r, --restart
59                 Restart an interrupted connection to the log server.  The
60                 specified restart-point is used to tell the server the point
61                 in time at which to continue the log.  The restart-point is
62                 specified in the form “seconds,nanoseconds” and is usually
63                 the last commit point received from the server.  The -i
64                 option must also be specified when restarting a transfer.
65
66     -R, --reject
67                 Send a reject event for the command using the specified
68                 reject-reason, even though it was actually accepted locally.
69                 This can be used to test the logging of reject events; no I/O
70                 will be sent.
71
72     -t, --test  Open number simultaneous connections to the log server and
73                 send the specified I/O log file on each one.  This option is
74                 useful for performance testing.
75
76     -V, --version
77                 Print the sudo_sendlog version and exit.
78
79   Debugging sendlog
80     sudo_sendlog supports a flexible debugging framework that is configured
81     via Debug lines in the sudo.conf(5) file.
82
83     For more information on configuring sudo.conf(5), please refer to its
84     manual.
85

FILES

87     /etc/sudo.conf            Sudo front end configuration
88

SEE ALSO

90     sudo.conf(5), sudo(8), sudo_logsrvd(8)
91

AUTHORS

93     Many people have worked on sudo over the years; this version consists of
94     code written primarily by:
95
96           Todd C. Miller
97
98     See the CONTRIBUTORS file in the sudo distribution
99     (https://www.sudo.ws/contributors.html) for an exhaustive list of people
100     who have contributed to sudo.
101

BUGS

103     If you feel you have found a bug in sudo_sendlog, please submit a bug
104     report at https://bugzilla.sudo.ws/
105

SUPPORT

107     Limited free support is available via the sudo-users mailing list, see
108     https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
109     the archives.
110

DISCLAIMER

112     sudo_sendlog is provided “AS IS” and any express or implied warranties,
113     including, but not limited to, the implied warranties of merchantability
114     and fitness for a particular purpose are disclaimed.  See the LICENSE
115     file distributed with sudo or https://www.sudo.ws/license.html for com‐
116     plete details.
117
118Sudo 1.9.5p2                     May 12, 2020                     Sudo 1.9.5p2
Impressum