[sudo-users] sudoreplay -l filter weirdness
Michael W. Lucas
mwlucas at michaelwlucas.com
Thu Sep 5 10:00:51 MDT 2013
Thanks for the education, much appreciated.
==ml
On Thu, Sep 05, 2013 at 09:55:01AM -0600, Todd C. Miller wrote:
> On Wed, 04 Sep 2013 21:13:57 -0400, "Michael W. Lucas" wrote:
>
> > # sudoreplay -l fromdate this week
>
> The sudoreplay manual says:
>
> this week
> The current time but the first day of the coming week
>
> which is confusing but that's what getdate.y does. So for instance
> "this week" evaluates to "Thu Sep 5 09:43:03 MDT 2013" at this
> moment for me.
>
> The way that "this" and "next" are treated is somewhat confusing.
> For instance, "this month" is the coming month and "next month" is
> the one after that.
>
> > It appears that "todate" with dates matches only before, not on, the
> > given date?
> >
> > # sudoreplay -l todate 9/1/2013 fromdate 9/1/2013
>
> "9/1/2013" will evaluate to "Sep 1 00:00:00 2013" so if you use
> 9/1/2013 for both fromdate and todate you'll only match entries at
> that time exactly.
>
> Same problem with using "yesterday" -- you are setting the fromdate and
> todate to the same absolute time.
>
> - todd
--
Michael W. Lucas - mwlucas at michaelwlucas.com, Twitter @mwlauthor
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e
coupon code "ILUVMICHAEL" gets you 30% off & helps me.
More information about the sudo-users
mailing list