Solved

sudosh - where is the sudosh user session id?

Posted on 2011-09-28
7
1,067 Views
Last Modified: 2012-05-12
I see 3 separate files logged as a result of a user running sudosh

./baja10/user1-user1-script-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-time-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-input-1317161743-uzzVVVV1111XXXXX

The sudosh-replay command is looking for something else, some other type of file apparently.
When I do a "sudosh-replay" without any arguments to see the available sessions, I get the following message:

baja7:/home/users/sudoshlogs#: sudosh-replay
No sessions are logged in /home/users/sudoshlogs/baja7

What format do the session files have, and what are the 3 files above used for?

*script*
*time*
*input*

Do I have sudosh misconfigured?

0
Comment
Question by:sonriks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36717170
>> what are the 3 files above used for? <<

Those are the recordings of input/output, keyboard input, and timing information, respectively.

Did you issue "sudosh-replay" when logged in as the same user who recorded the sessions?
The location of the logfiles is user-dependent ($HOME).

To replay  recordings from a given directory  use sudosh-replay with the "-d logdir" option.

wmp
0
 
LVL 1

Author Comment

by:sonriks
ID: 36717385
I am logged on as root.

The tree for sudosh logs: /home/users/sudoshlogs/$servername (it's a nas share)

The "baja10" dir has files for all users that use sudosh on that server., i.e.

./baja10/user1-user1-script-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-time-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-input-1317161743-uzzVVVV1111XXXXX

When I run the command "sudosh-replay -d baja10" from /home/users/sudoshlogs dir, I get the following output

Date                Duration From         To           ID
====                ======== ====         ==           ==
09/27/2011 18:15:43 36s      rbhatia      rbhatia      rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX

Usage: sudosh-replay ID [MULTIPLIER] [MAXWAIT]
See 'sudosh-replay -h' for more help.
Example: sudosh-replay rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX 1 2

The output of the "sudosh-replay -d baja10" returns
rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX

but I don't see that file in the baja10 dir. Instead what I see are 3 files

rbhatia-rbhatia-time-1317161743-uzzVVVV1111XXXXX
rbhatia-rbhatia-input-1317161743-uzzVVVV1111XXXXX
rbhatia-rbhatia-script-1317161743-uzzVVVV1111XXXXX

So how do I run the command in the example above
Example: sudosh-replay rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX 1 2

if I can't find the argument "rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX 1 2"


0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36717440
What you see with "sudosh-replay -d ..." is the ID of the session, not a filename.

filenames are composed of the ID and an inserted part "time"/"input"/"script"

Simply run the command suggested by sudosh-replay.

wmp



0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 1

Author Comment

by:sonriks
ID: 36717996
No such session message
********************************

baja7:/home/users/sudoshlogs#: sudosh-replay -d baja10

Date                Duration From         To           ID
====                ======== ====         ==           ==
09/28/2011 10:40:20 26m40s   akohojka     akohojka     akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE

Usage: sudosh-replay ID [MULTIPLIER] [MAXWAIT]
See 'sudosh-replay -h' for more help.
Example: sudosh-replay akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE 1 2


baja7:/home/users/sudoshlogs#: sudosh-replay akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE 1 2
[replay.c, line 316]: sudosh-replay: no such session: akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE

baja7:/home/users/sudoshlogs#: sudosh-replay baja10/akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE 1 2
[replay.c, line 316]: sudosh-replay: no such session: baja10/akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE

baja7:/home/users/sudoshlogs#:
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 36719124
... where is the "-d" option?

You need it for listing as well as for replaying:

sudosh-replay -d baja10 akohojka-akohojka...... 1 2
0
 
LVL 1

Accepted Solution

by:
sonriks earned 0 total points
ID: 36719442
thanks, wmp! I'm good to go now.
0
 
LVL 1

Author Closing Comment

by:sonriks
ID: 36902278
It took a little back and forth, but I finally have all the info. Again, wmp has come through for me!
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question