[sudo-users] Sudoreplay "linear" text output?
Leroy Tennison
leroy at datavoiceint.com
Thu Mar 8 09:08:04 MST 2018
This couldn't have come at a better time, I was planning on posting about how to search sudo history to see if a specific action had occurred (such as a manually-entered 'ip route add' to see if any console changes accounted for the system state). Using 'grep -ir <text> /var/log/sudo-io/00/00/*' (my files aren't gziped - maybe a sudoers setting?), the escape sequences trashed my terminal, adding '| grep [[;print;]]' at least stopped that undesirable side effect but left plenty of escape sequence text behind. Doing a little research into ' linux "remove escape sequence"' surfaced ansi2txt on Ubuntu and ansifilter. Trying ansi2txt actually turned out worse, are there any more elegant solutions to getting just plain text in this situation?
BTW, the -m <negative number> option for removing timing proved to be an excellent option, thank you.
----- Original Message -----
From: "Thor Lancelot Simon" <tls at panix.com>
To: "Todd C. Miller" <Todd.Miller at sudo.ws>
Cc: "sudo-users" <sudo-users at sudo.ws>
Sent: Thursday, March 8, 2018 8:02:38 AM
Subject: Re: [sudo-users] Sudoreplay "linear" text output?
On Thu, Mar 08, 2018 at 06:16:21AM -0700, Todd C. Miller wrote:
> On Thu, 08 Mar 2018 07:41:33 -0500, Thor Lancelot Simon wrote:
>
> > I have an application where I need users to record and approve each
> > others' sudo session logs. I've had a few requests for "plain text"
> > output like what we'd get from script(1), rather than the time-accurate
> > (or sped up) output sudoreplay gives by default.
> >
> > I realize this will do screwy things with any kind of full-screen
> > program. Still, it would be nice to have for reviewing long shell
> > sessions, etc.
> >
> > I don't see an obvious way to get this, looking at the sudoreplay manpage,
> > but maybe I'm missing something. Is there an easy way to produce this
> > kind of output already, before I look at adding one?
>
> If you use the -m option with a negative number it will effectively
> skip the pauses. Alternately, you could just gzcat the ttyout file
> from in the timestamp directory. It is just a plain gzip file.
Thanks! The latter suggestion's exactly what I need.
Thor
____________________________________________________________
sudo-users mailing list <sudo-users at sudo.ws>
For list information, options, or to unsubscribe, visit:
https://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list