1SUDO_SENDLOG(8)           BSD System Manager's Manual          SUDO_SENDLOG(8)
2

NAME

4     sudo_sendlog — send sudo I/O log to log server
5

SYNOPSIS

7     sudo_sendlog [-AnV] [-b ca_bundle] [-c cert_file] [-h host] [-i iolog-id]
8                  [-k key_file] [-p port] [-r restart-point]
9                  [-R reject-reason] [-s stop-point] [-t number] path
10

DESCRIPTION

12     sudo_sendlog can be used to send the existing sudoers I/O log path to a
13     remote log server such as sudo_logsrvd(8) for central storage.
14
15     The options are as follows:
16
17     -A, --accept-only
18                 Only send the accept event, not the I/O associated with the
19                 log.  This can be used to test the logging of accept events
20                 without any associated I/O.
21
22     -b, --ca-bundle
23                 The path to a certificate authority bundle file, in PEM for‐
24                 mat, to use instead of the system's default certificate au‐
25                 thority database when authenticating the log server.  The de‐
26                 fault is to use the system's default certificate authority
27                 database.
28
29     -c, --cert  The path to the client's certificate file in PEM format.
30                 This setting is required when the connection to the remote
31                 log server is secured with TLS.
32
33     --help      Display a short help message to the standard output and exit.
34
35     -h, --host  Connect to the specified host instead of localhost.
36
37     -i, --iolog-id
38                 Use the specified iolog-id when restarting a log transfer.
39                 The iolog-id is reported by the server when it creates the
40                 remote I/O log.  This option may only be used in conjunction
41                 with the -r option.
42
43     -k, --key   The path to the client's private key file in PEM format.
44                 This setting is required when the connection to the remote
45                 log server is secured with TLS.
46
47     -n, --no-verify
48                 If specified, the server's certificate will not be verified
49                 during the TLS handshake.  By default, sudo_sendlog verifies
50                 that the server's certificate is valid and that it contains
51                 either the server's host name or its IP address.  This set‐
52                 ting is only supported when the connection to the remote log
53                 server is secured with TLS.
54
55     -p, --port  Use the specified network port when connecting to the log
56                 server instead of the default, port 30344.
57
58     -r, --restart
59                 Restart an interrupted connection to the log server.  The
60                 specified restart-point is used to tell the server the point
61                 in time at which to continue the log.  The restart-point is
62                 specified in the form “seconds,nanoseconds” and is usually
63                 the last commit point received from the server.  The -i op‐
64                 tion must also be specified when restarting a transfer.
65
66     -R, --reject
67                 Send a reject event for the command using the specified
68                 reject-reason, even though it was actually accepted locally.
69                 This can be used to test the logging of reject events; no I/O
70                 will be sent.
71
72     -s, --stop-after
73                 Stop sending log records and close the connection when
74                 stop-point is reached.  This can be used for testing purposes
75                 to send a partial I/O log to the server.  Partial logs can be
76                 restarted using the -r option.  The stop-point is an elapsed
77                 time specified in the form “seconds,nanoseconds”.
78
79     -t, --test  Open number simultaneous connections to the log server and
80                 send the specified I/O log file on each one.  This option is
81                 useful for performance testing.
82
83     -V, --version
84                 Print the sudo_sendlog version and exit.
85
86   Debugging sendlog
87     sudo_sendlog supports a flexible debugging framework that is configured
88     via Debug lines in the sudo.conf(5) file.
89
90     For more information on configuring sudo.conf(5), refer to its manual.
91

FILES

93     /etc/sudo.conf            Sudo front-end configuration
94

SEE ALSO

96     sudo.conf(5), sudo(8), sudo_logsrvd(8)
97

AUTHORS

99     Many people have worked on sudo over the years; this version consists of
100     code written primarily by:
101
102           Todd C. Miller
103
104     See the CONTRIBUTORS.md file in the sudo distribution
105     (https://www.sudo.ws/about/contributors/) for an exhaustive list of peo‐
106     ple who have contributed to sudo.
107

BUGS

109     If you believe you have found a bug in sudo_sendlog, you can submit a bug
110     report at https://bugzilla.sudo.ws/
111

SUPPORT

113     Limited free support is available via the sudo-users mailing list, see
114     https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
115     the archives.
116

DISCLAIMER

118     sudo_sendlog is provided “AS IS” and any express or implied warranties,
119     including, but not limited to, the implied warranties of merchantability
120     and fitness for a particular purpose are disclaimed.  See the LICENSE.md
121     file distributed with sudo or https://www.sudo.ws/about/license/ for com‐
122     plete details.
123
124Sudo 1.9.12p2                  February 16, 2022                 Sudo 1.9.12p2
Impressum