Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SUDO_SENDLOG(8)		    System Manager's Manual	       SUDO_SENDLOG(8)

NAME
       sudo_sendlog -- send sudo I/O log to log	server

SYNOPSIS
       sudo_sendlog   [-AnV]   [-b   ca_bundle]	  [-c	cert_file]  [-h	 host]
		    [-i	iolog-id] [-k key_file]	[-p port]  [-r	restart-point]
		    [-R	reject-reason] [-s stop-point] [-t number] path

DESCRIPTION
       sudo_sendlog can	be used	to send	the existing sudoers I/O log path to a
       remote log server such as sudo_logsrvd(8) for central storage.

       The options are as follows:

       -A, --accept-only
	       Only  send  the	accept	event, not the I/O associated with the
	       log.  This can be used to test the  logging  of	accept	events
	       without any associated I/O.

       -b, --ca-bundle
	       The path	to a certificate authority bundle file,	in PEM format,
	       to  use	instead	 of the	system's default certificate authority
	       database	when authenticating the	log server.  The default is to
	       use the system's	default	certificate authority database.

       -c, --cert
	       The path	to the client's	certificate file in PEM	format.	  This
	       setting	is  required  when  the	 connection  to	the remote log
	       server is secured with TLS.

       --help  Display a short help message to the standard output and exit.

       -h, --host
	       Connect to the specified	host instead of	localhost.

       -i, --iolog-id
	       Use the specified iolog-id when restarting a log	transfer.  The
	       iolog-id	is reported by the server when it creates  the	remote
	       I/O  log.  This option may only be used in conjunction with the
	       -r option.

       -k, --key
	       The path	to the client's	private	key file in PEM	format.	  This
	       setting	is  required  when  the	 connection  to	the remote log
	       server is secured with TLS.

       -n, --no-verify
	       If specified, the server's certificate  will  not  be  verified
	       during  the  TLS	 handshake.  By	default, sudo_sendlog verifies
	       that the	server's certificate is	valid and that it contains ei-
	       ther the	server's host name or its IP address.  This setting is
	       only supported when the connection to the remote	log server  is
	       secured with TLS.

       -p, --port
	       Use  the	 specified  network  port  when	 connecting to the log
	       server instead of the default, port 30344.

       -r, --restart
	       Restart an interrupted connection to the	log server.  The spec-
	       ified restart-point is used to tell the	server	the  point  in
	       time at which to	continue the log.  The restart-point is	speci-
	       fied  in	the form "seconds,nanoseconds" and is usually the last
	       commit point received from the server.  The -i option must also
	       be specified when restarting a transfer.

       -R, --reject
	       Send a  reject  event  for  the	command	 using	the  specified
	       reject-reason,  even  though  it	was actually accepted locally.
	       This can	be used	to test	the logging of reject events;  no  I/O
	       will be sent.

       -s, --stop-after
	       Stop   sending  log  records  and  close	 the  connection  when
	       stop-point is reached.  This can	be used	for  testing  purposes
	       to  send	 a partial I/O log to the server.  Partial logs	can be
	       restarted using the -r option.  The stop-point  is  an  elapsed
	       time specified in the form "seconds,nanoseconds".

       -t, --test
	       Open number simultaneous	connections to the log server and send
	       the  specified I/O log file on each one.	 This option is	useful
	       for performance testing.

       -V, --version
	       Print the sudo_sendlog version and exit.

   Debugging sendlog
       sudo_sendlog supports a flexible	debugging framework that is configured
       via Debug lines in the sudo.conf(5) file.

       For more	information on configuring sudo.conf(5), refer to its manual.

FILES
       /usr/local/etc/sudo.conf	 Sudo front-end	configuration

SEE ALSO
       sudo.conf(5), sudo_logsrv.proto(5), sudo(8), sudo_logsrvd(8)

AUTHORS
       Many people have	worked on sudo over the	years; this  version  consists
       of code written primarily by:

	     Todd C. Miller

       See    the    CONTRIBUTORS.md	file	in   the   sudo	  distribution
       (https://www.sudo.ws/about/contributors/) for  an  exhaustive  list  of
       people who have contributed to sudo.

BUGS
       If  you	believe	 you  have found a bug in sudo_sendlog,	you can	either
       file a bug report in the	sudo bug database,  https://bugzilla.sudo.ws/,
       or  open	 an  issue at https://github.com/sudo-project/sudo/issues.  If
       you would prefer	to use email, messages may be sent to the sudo-workers
       mailing list,  https://www.sudo.ws/mailman/listinfo/sudo-workers	 (pub-
       lic) or <sudo@sudo.ws> (private).

       Please do not report security vulnerabilities through public GitHub is-
       sues,  Bugzilla	or  mailing  lists.  Instead, report them via email to
       <Todd.Miller@sudo.ws>.  You may encrypt your message with  PGP  if  you
       would like, using the key found at https://www.sudo.ws/dist/PGPKEYS.

SUPPORT
       Limited	free support is	available via the sudo-users mailing list, see
       https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or	search
       the archives.

DISCLAIMER
       sudo_sendlog is provided	"AS IS"	and any	express	or implied warranties,
       including,  but not limited to, the implied warranties of merchantabil-
       ity and fitness for a particular	purpose	are disclaimed.	 See  the  LI-
       CENSE.md	 file  distributed  with sudo or https://www.sudo.ws/about/li-
       cense/ for complete details.

Sudo 1.9.17p2			 July 14, 2024		       SUDO_SENDLOG(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sudo_sendlog&sektion=8&manpath=FreeBSD+Ports+15.1.quarterly>

home | help