1SUDO_SENDLOG(8)           BSD System Manager's Manual          SUDO_SENDLOG(8)
2

NAME

4     sudo_sendlog — send sudo I/O log to log server
5

SYNOPSIS

7     sudo_sendlog [-AnV] [-b ca_bundle] [-c cert_file] [-h host] [-i iolog-id]
8                  [-k key_file] [-p port] [-r restart-point]
9                  [-R reject-reason] [-s stop-point] [-t number] path
10

DESCRIPTION

12     sudo_sendlog can be used to send the existing sudoers I/O log path to a
13     remote log server such as sudo_logsrvd(8) for central storage.
14
15     The options are as follows:
16
17     -A, --accept-only
18             Only send the accept event, not the I/O associated with the log.
19             This can be used to test the logging of accept events without any
20             associated I/O.
21
22     -b, --ca-bundle
23             The path to a certificate authority bundle file, in PEM format,
24             to use instead of the system's default certificate authority
25             database when authenticating the log server.  The default is to
26             use the system's default certificate authority database.
27
28     -c, --cert
29             The path to the client's certificate file in PEM format.  This
30             setting is required when the connection to the remote log server
31             is secured with TLS.
32
33     --help  Display a short help message to the standard output and exit.
34
35     -h, --host
36             Connect to the specified host instead of localhost.
37
38     -i, --iolog-id
39             Use the specified iolog-id when restarting a log transfer.  The
40             iolog-id is reported by the server when it creates the remote I/O
41             log.  This option may only be used in conjunction with the -r op‐
42             tion.
43
44     -k, --key
45             The path to the client's private key file in PEM format.  This
46             setting is required when the connection to the remote log server
47             is secured with TLS.
48
49     -n, --no-verify
50             If specified, the server's certificate will not be verified dur‐
51             ing the TLS handshake.  By default, sudo_sendlog verifies that
52             the server's certificate is valid and that it contains either the
53             server's host name or its IP address.  This setting is only sup‐
54             ported when the connection to the remote log server is secured
55             with TLS.
56
57     -p, --port
58             Use the specified network port when connecting to the log server
59             instead of the default, port 30344.
60
61     -r, --restart
62             Restart an interrupted connection to the log server.  The speci‐
63             fied restart-point is used to tell the server the point in time
64             at which to continue the log.  The restart-point is specified in
65             the form “seconds,nanoseconds” and is usually the last commit
66             point received from the server.  The -i option must also be spec‐
67             ified when restarting a transfer.
68
69     -R, --reject
70             Send a reject event for the command using the specified
71             reject-reason, even though it was actually accepted locally.
72             This can be used to test the logging of reject events; no I/O
73             will be sent.
74
75     -s, --stop-after
76             Stop sending log records and close the connection when stop-point
77             is reached.  This can be used for testing purposes to send a par‐
78             tial I/O log to the server.  Partial logs can be restarted using
79             the -r option.  The stop-point is an elapsed time specified in
80             the form “seconds,nanoseconds”.
81
82     -t, --test
83             Open number simultaneous connections to the log server and send
84             the specified I/O log file on each one.  This option is useful
85             for performance testing.
86
87     -V, --version
88             Print the sudo_sendlog version and exit.
89
90   Debugging sendlog
91     sudo_sendlog supports a flexible debugging framework that is configured
92     via Debug lines in the sudo.conf(5) file.
93
94     For more information on configuring sudo.conf(5), refer to its manual.
95

FILES

97     /etc/sudo.conf            Sudo front-end configuration
98

SEE ALSO

100     sudo.conf(5), sudo(8), sudo_logsrvd(8)
101

AUTHORS

103     Many people have worked on sudo over the years; this version consists of
104     code written primarily by:
105
106           Todd C. Miller
107
108     See the CONTRIBUTORS.md file in the sudo distribution
109     (https://www.sudo.ws/about/contributors/) for an exhaustive list of peo‐
110     ple who have contributed to sudo.
111

BUGS

113     If you believe you have found a bug in sudo_sendlog, you can submit a bug
114     report at https://bugzilla.sudo.ws/
115

SUPPORT

117     Limited free support is available via the sudo-users mailing list, see
118     https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
119     the archives.
120

DISCLAIMER

122     sudo_sendlog is provided “AS IS” and any express or implied warranties,
123     including, but not limited to, the implied warranties of merchantability
124     and fitness for a particular purpose are disclaimed.  See the LICENSE.md
125     file distributed with sudo or https://www.sudo.ws/about/license/ for com‐
126     plete details.
127
128Sudo 1.9.13p2                  January 16, 2023                  Sudo 1.9.13p2
Impressum