[sudo-users] sudoreplay -l filter weirdness
Todd C. Miller
Todd.Miller at courtesan.com
Wed Sep 4 20:45:18 MDT 2013
On Wed, 04 Sep 2013 21:13:57 -0400, "Michael W. Lucas" wrote:
> # sudoreplay -l fromdate 4 hours ago
> sudoreplay: unknown search term "hours"
>
> # sudoreplay -l fromdate this week
> sudoreplay: unknown search term "week"
You need to quote those. E.g.
# sudoreplay -l fromdate "4 hours ago"
# sudoreplay -l fromdate "this week"
I don't think that "this week" by itself actually does what it
sounds like it should.
> It appears that "todate" with dates matches only before, not on, the
> given date?
It's possible that this is a documentation error. I'll have to
delve into getdate.y and see.
- todd
More information about the sudo-users
mailing list