Solved

sudosh - where is the sudosh user session id?

Posted on 2011-09-28
7
1,112 Views
Last Modified: 2012-05-12
I see 3 separate files logged as a result of a user running sudosh

./baja10/user1-user1-script-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-time-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-input-1317161743-uzzVVVV1111XXXXX

The sudosh-replay command is looking for something else, some other type of file apparently.
When I do a "sudosh-replay" without any arguments to see the available sessions, I get the following message:

baja7:/home/users/sudoshlogs#: sudosh-replay
No sessions are logged in /home/users/sudoshlogs/baja7

What format do the session files have, and what are the 3 files above used for?

*script*
*time*
*input*

Do I have sudosh misconfigured?

0
Comment
Question by:sonriks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36717170
>> what are the 3 files above used for? <<

Those are the recordings of input/output, keyboard input, and timing information, respectively.

Did you issue "sudosh-replay" when logged in as the same user who recorded the sessions?
The location of the logfiles is user-dependent ($HOME).

To replay  recordings from a given directory  use sudosh-replay with the "-d logdir" option.

wmp
0
 
LVL 1

Author Comment

by:sonriks
ID: 36717385
I am logged on as root.

The tree for sudosh logs: /home/users/sudoshlogs/$servername (it's a nas share)

The "baja10" dir has files for all users that use sudosh on that server., i.e.

./baja10/user1-user1-script-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-time-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-input-1317161743-uzzVVVV1111XXXXX

When I run the command "sudosh-replay -d baja10" from /home/users/sudoshlogs dir, I get the following output

Date                Duration From         To           ID
====                ======== ====         ==           ==
09/27/2011 18:15:43 36s      rbhatia      rbhatia      rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX

Usage: sudosh-replay ID [MULTIPLIER] [MAXWAIT]
See 'sudosh-replay -h' for more help.
Example: sudosh-replay rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX 1 2

The output of the "sudosh-replay -d baja10" returns
rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX

but I don't see that file in the baja10 dir. Instead what I see are 3 files

rbhatia-rbhatia-time-1317161743-uzzVVVV1111XXXXX
rbhatia-rbhatia-input-1317161743-uzzVVVV1111XXXXX
rbhatia-rbhatia-script-1317161743-uzzVVVV1111XXXXX

So how do I run the command in the example above
Example: sudosh-replay rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX 1 2

if I can't find the argument "rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX 1 2"


0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36717440
What you see with "sudosh-replay -d ..." is the ID of the session, not a filename.

filenames are composed of the ID and an inserted part "time"/"input"/"script"

Simply run the command suggested by sudosh-replay.

wmp



0
Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

 
LVL 1

Author Comment

by:sonriks
ID: 36717996
No such session message
********************************

baja7:/home/users/sudoshlogs#: sudosh-replay -d baja10

Date                Duration From         To           ID
====                ======== ====         ==           ==
09/28/2011 10:40:20 26m40s   akohojka     akohojka     akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE

Usage: sudosh-replay ID [MULTIPLIER] [MAXWAIT]
See 'sudosh-replay -h' for more help.
Example: sudosh-replay akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE 1 2


baja7:/home/users/sudoshlogs#: sudosh-replay akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE 1 2
[replay.c, line 316]: sudosh-replay: no such session: akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE

baja7:/home/users/sudoshlogs#: sudosh-replay baja10/akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE 1 2
[replay.c, line 316]: sudosh-replay: no such session: baja10/akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE

baja7:/home/users/sudoshlogs#:
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 500 total points
ID: 36719124
... where is the "-d" option?

You need it for listing as well as for replaying:

sudosh-replay -d baja10 akohojka-akohojka...... 1 2
0
 
LVL 1

Accepted Solution

by:
sonriks earned 0 total points
ID: 36719442
thanks, wmp! I'm good to go now.
0
 
LVL 1

Author Closing Comment

by:sonriks
ID: 36902278
It took a little back and forth, but I finally have all the info. Again, wmp has come through for me!
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses
Course of the Month4 days, 1 hour left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question