Solved

sudosh - where is the sudosh user session id?

Posted on 2011-09-28
7
1,098 Views
Last Modified: 2012-05-12
I see 3 separate files logged as a result of a user running sudosh

./baja10/user1-user1-script-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-time-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-input-1317161743-uzzVVVV1111XXXXX

The sudosh-replay command is looking for something else, some other type of file apparently.
When I do a "sudosh-replay" without any arguments to see the available sessions, I get the following message:

baja7:/home/users/sudoshlogs#: sudosh-replay
No sessions are logged in /home/users/sudoshlogs/baja7

What format do the session files have, and what are the 3 files above used for?

*script*
*time*
*input*

Do I have sudosh misconfigured?

0
Comment
Question by:sonriks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36717170
>> what are the 3 files above used for? <<

Those are the recordings of input/output, keyboard input, and timing information, respectively.

Did you issue "sudosh-replay" when logged in as the same user who recorded the sessions?
The location of the logfiles is user-dependent ($HOME).

To replay  recordings from a given directory  use sudosh-replay with the "-d logdir" option.

wmp
0
 
LVL 1

Author Comment

by:sonriks
ID: 36717385
I am logged on as root.

The tree for sudosh logs: /home/users/sudoshlogs/$servername (it's a nas share)

The "baja10" dir has files for all users that use sudosh on that server., i.e.

./baja10/user1-user1-script-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-time-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-input-1317161743-uzzVVVV1111XXXXX

When I run the command "sudosh-replay -d baja10" from /home/users/sudoshlogs dir, I get the following output

Date                Duration From         To           ID
====                ======== ====         ==           ==
09/27/2011 18:15:43 36s      rbhatia      rbhatia      rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX

Usage: sudosh-replay ID [MULTIPLIER] [MAXWAIT]
See 'sudosh-replay -h' for more help.
Example: sudosh-replay rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX 1 2

The output of the "sudosh-replay -d baja10" returns
rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX

but I don't see that file in the baja10 dir. Instead what I see are 3 files

rbhatia-rbhatia-time-1317161743-uzzVVVV1111XXXXX
rbhatia-rbhatia-input-1317161743-uzzVVVV1111XXXXX
rbhatia-rbhatia-script-1317161743-uzzVVVV1111XXXXX

So how do I run the command in the example above
Example: sudosh-replay rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX 1 2

if I can't find the argument "rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX 1 2"


0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36717440
What you see with "sudosh-replay -d ..." is the ID of the session, not a filename.

filenames are composed of the ID and an inserted part "time"/"input"/"script"

Simply run the command suggested by sudosh-replay.

wmp



0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 
LVL 1

Author Comment

by:sonriks
ID: 36717996
No such session message
********************************

baja7:/home/users/sudoshlogs#: sudosh-replay -d baja10

Date                Duration From         To           ID
====                ======== ====         ==           ==
09/28/2011 10:40:20 26m40s   akohojka     akohojka     akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE

Usage: sudosh-replay ID [MULTIPLIER] [MAXWAIT]
See 'sudosh-replay -h' for more help.
Example: sudosh-replay akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE 1 2


baja7:/home/users/sudoshlogs#: sudosh-replay akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE 1 2
[replay.c, line 316]: sudosh-replay: no such session: akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE

baja7:/home/users/sudoshlogs#: sudosh-replay baja10/akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE 1 2
[replay.c, line 316]: sudosh-replay: no such session: baja10/akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE

baja7:/home/users/sudoshlogs#:
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 36719124
... where is the "-d" option?

You need it for listing as well as for replaying:

sudosh-replay -d baja10 akohojka-akohojka...... 1 2
0
 
LVL 1

Accepted Solution

by:
sonriks earned 0 total points
ID: 36719442
thanks, wmp! I'm good to go now.
0
 
LVL 1

Author Closing Comment

by:sonriks
ID: 36902278
It took a little back and forth, but I finally have all the info. Again, wmp has come through for me!
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ready for our next Course of the Month? Here's what's on tap for June.
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question