Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

sudosh - where is the sudosh user session id?

Posted on 2011-09-28
7
Medium Priority
?
1,171 Views
Last Modified: 2012-05-12
I see 3 separate files logged as a result of a user running sudosh

./baja10/user1-user1-script-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-time-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-input-1317161743-uzzVVVV1111XXXXX

The sudosh-replay command is looking for something else, some other type of file apparently.
When I do a "sudosh-replay" without any arguments to see the available sessions, I get the following message:

baja7:/home/users/sudoshlogs#: sudosh-replay
No sessions are logged in /home/users/sudoshlogs/baja7

What format do the session files have, and what are the 3 files above used for?

*script*
*time*
*input*

Do I have sudosh misconfigured?

0
Comment
Question by:sonriks
  • 4
  • 3
7 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36717170
>> what are the 3 files above used for? <<

Those are the recordings of input/output, keyboard input, and timing information, respectively.

Did you issue "sudosh-replay" when logged in as the same user who recorded the sessions?
The location of the logfiles is user-dependent ($HOME).

To replay  recordings from a given directory  use sudosh-replay with the "-d logdir" option.

wmp
0
 
LVL 1

Author Comment

by:sonriks
ID: 36717385
I am logged on as root.

The tree for sudosh logs: /home/users/sudoshlogs/$servername (it's a nas share)

The "baja10" dir has files for all users that use sudosh on that server., i.e.

./baja10/user1-user1-script-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-time-1317161743-uzzVVVV1111XXXXX
./baja10/user1-user1-input-1317161743-uzzVVVV1111XXXXX

When I run the command "sudosh-replay -d baja10" from /home/users/sudoshlogs dir, I get the following output

Date                Duration From         To           ID
====                ======== ====         ==           ==
09/27/2011 18:15:43 36s      rbhatia      rbhatia      rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX

Usage: sudosh-replay ID [MULTIPLIER] [MAXWAIT]
See 'sudosh-replay -h' for more help.
Example: sudosh-replay rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX 1 2

The output of the "sudosh-replay -d baja10" returns
rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX

but I don't see that file in the baja10 dir. Instead what I see are 3 files

rbhatia-rbhatia-time-1317161743-uzzVVVV1111XXXXX
rbhatia-rbhatia-input-1317161743-uzzVVVV1111XXXXX
rbhatia-rbhatia-script-1317161743-uzzVVVV1111XXXXX

So how do I run the command in the example above
Example: sudosh-replay rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX 1 2

if I can't find the argument "rbhatia-rbhatia-1317161743-uzzVVVV1111XXXXX 1 2"


0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 36717440
What you see with "sudosh-replay -d ..." is the ID of the session, not a filename.

filenames are composed of the ID and an inserted part "time"/"input"/"script"

Simply run the command suggested by sudosh-replay.

wmp



0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
LVL 1

Author Comment

by:sonriks
ID: 36717996
No such session message
********************************

baja7:/home/users/sudoshlogs#: sudosh-replay -d baja10

Date                Duration From         To           ID
====                ======== ====         ==           ==
09/28/2011 10:40:20 26m40s   akohojka     akohojka     akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE

Usage: sudosh-replay ID [MULTIPLIER] [MAXWAIT]
See 'sudosh-replay -h' for more help.
Example: sudosh-replay akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE 1 2


baja7:/home/users/sudoshlogs#: sudosh-replay akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE 1 2
[replay.c, line 316]: sudosh-replay: no such session: akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE

baja7:/home/users/sudoshlogs#: sudosh-replay baja10/akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE 1 2
[replay.c, line 316]: sudosh-replay: no such session: baja10/akohojka-akohojka-1317220820-bggCCCCiiiiEEEEE

baja7:/home/users/sudoshlogs#:
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 2000 total points
ID: 36719124
... where is the "-d" option?

You need it for listing as well as for replaying:

sudosh-replay -d baja10 akohojka-akohojka...... 1 2
0
 
LVL 1

Accepted Solution

by:
sonriks earned 0 total points
ID: 36719442
thanks, wmp! I'm good to go now.
0
 
LVL 1

Author Closing Comment

by:sonriks
ID: 36902278
It took a little back and forth, but I finally have all the info. Again, wmp has come through for me!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question