1SUDO_SENDLOG(8)           BSD System Manager's Manual          SUDO_SENDLOG(8)
2

NAME

4     sudo_sendlog — send sudo I/O log to log server
5

SYNOPSIS

7     sudo_sendlog [-AnV] [-b ca_bundle] [-c cert_file] [-h host] [-i iolog-id]
8                  [-k key_file] [-p port] [-r restart-point]
9                  [-R reject-reason] [-s stop-point] [-t number] path
10

DESCRIPTION

12     sudo_sendlog can be used to send the existing sudoers I/O log path to a
13     remote log server such as sudo_logsrvd(8) for central storage.
14
15     The options are as follows:
16
17     -A, --accept-only
18                 Only send the accept event, not the I/O associated with the
19                 log.  This can be used to test the logging of accept events
20                 without any associated I/O.
21
22     -b, --ca-bundle
23                 The path to a certificate authority bundle file, in PEM for‐
24                 mat, to use instead of the system's default certificate au‐
25                 thority database when authenticating the log server.  The de‐
26                 fault is to use the system's default certificate authority
27                 database.
28
29     -c, --cert  The path to the client's certificate file in PEM format.
30                 This setting is required when the connection to the remote
31                 log server is secured with TLS.
32
33     --help      Display a short help message to the standard output and exit.
34
35     -h, --host  Connect to the specified host instead of localhost.
36
37     -i, --iolog-id
38                 Use the specified iolog-id when restarting a log transfer.
39                 The iolog-id is reported by the server when it creates the
40                 remote I/O log.  This option may only be used in conjunction
41                 with the -r option.
42
43     -k, --key   The path to the client's private key file in PEM format.
44                 This setting is required when the connection to the remote
45                 log server is secured with TLS.
46
47     -n, --no-verify
48                 If specified, the server's certificate will not be verified
49                 during the TLS handshake.  By default, sudo_sendlog verifies
50                 that the server's certificate is valid and that it contains
51                 either the server's host name or its IP address.  This set‐
52                 ting is only supported when the connection to the remote log
53                 server is secured with TLS.
54
55     -p, --port  Use the specified network port when connecting to the log
56                 server instead of the default, port 30344.
57
58     -r, --restart
59                 Restart an interrupted connection to the log server.  The
60                 specified restart-point is used to tell the server the point
61                 in time at which to continue the log.  The restart-point is
62                 specified in the form “seconds,nanoseconds” and is usually
63                 the last commit point received from the server.  The -i op‐
64                 tion must also be specified when restarting a transfer.
65
66     -R, --reject
67                 Send a reject event for the command using the specified
68                 reject-reason, even though it was actually accepted locally.
69                 This can be used to test the logging of reject events; no I/O
70                 will be sent.
71
72     -s, --stop-after
73                 Stop sending log records and close the connection when
74                 stop-point is reached.  This can be used for testing purposes
75                 to send a partial I/O log to the server.  Partial logs can be
76                 restarted using the -r option.  The stop-point is an elapsed
77                 time specified in the form “seconds,nanoseconds”.
78
79     -t, --test  Open number simultaneous connections to the log server and
80                 send the specified I/O log file on each one.  This option is
81                 useful for performance testing.
82
83     -V, --version
84                 Print the sudo_sendlog version and exit.
85
86   Debugging sendlog
87     sudo_sendlog supports a flexible debugging framework that is configured
88     via Debug lines in the sudo.conf(5) file.
89
90     For more information on configuring sudo.conf(5), please refer to its
91     manual.
92

FILES

94     /etc/sudo.conf            Sudo front end configuration
95

SEE ALSO

97     sudo.conf(5), sudo(8), sudo_logsrvd(8)
98

AUTHORS

100     Many people have worked on sudo over the years; this version consists of
101     code written primarily by:
102
103           Todd C. Miller
104
105     See the CONTRIBUTORS file in the sudo distribution
106     (https://www.sudo.ws/contributors.html) for an exhaustive list of people
107     who have contributed to sudo.
108

BUGS

110     If you feel you have found a bug in sudo_sendlog, please submit a bug re‐
111     port at https://bugzilla.sudo.ws/
112

SUPPORT

114     Limited free support is available via the sudo-users mailing list, see
115     https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
116     the archives.
117

DISCLAIMER

119     sudo_sendlog is provided “AS IS” and any express or implied warranties,
120     including, but not limited to, the implied warranties of merchantability
121     and fitness for a particular purpose are disclaimed.  See the LICENSE
122     file distributed with sudo or https://www.sudo.ws/license.html for com‐
123     plete details.
124
125Sudo 1.9.8p2                      May 4, 2021                     Sudo 1.9.8p2
Impressum