[sudo-users] centralized iolog deployment
Todd C. Miller
Todd.Miller at courtesan.com
Wed Apr 4 10:32:49 EDT 2012
This is on my todo list. It won't make sudo 1.8.5 but will probably
be in 1.8.6 or 1.8.7.
My basic plan was to log via syslog an initial message with the
date, host, user, runas user, tty, cwd, command and a sequence
number (used to associate the keypress with the command meta data).
The keypress events would contain the host, sequence number, keypress
type (ttyin, ttyout, stdin, stdout, stderr), the time between the
last event (for accurate playback) and the actual data (base64
This would then be consumed by a program on the loghost run via
Encoding the data using JSON is fairly straightforward using key/value
pairs. I hadn't heard of syslog-cee before but from what I've read
so far it should be easy to support.
Logging the structured data via a pipe to an external program isn't
really much more work once above is done.
More information about the sudo-users