Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SUDO_SENDLOG(8)		FreeBSD	System Manager's Manual	       SUDO_SENDLOG(8)

     sudo_sendlog -- send sudo I/O log to log server

     sudo_sendlog [-AnV] [-b ca_bundle]	[-c cert_file] [-h host] [-i iolog-id]
		  [-k key_file]	[-p port] [-r restart-point]
		  [-R reject-reason] [-t number] path

     sudo_sendlog can be used to send the existing sudoers I/O log path	to a
     remote log	server such as sudo_logsrvd(8) for central storage.

     The options are as	follows:

     -A, --accept-only
		 Only send the accept event, not the I/O associated with the
		 log.  This can	be used	to test	the logging of accept events
		 without any associated	I/O.

     -b, --ca-bundle
		 The path to a certificate authority bundle file, in PEM for-
		 mat, to use instead of	the system's default certificate au-
		 thority database when authenticating the log server.  The de-
		 fault is to use the system's default certificate authority

     -c, --cert	 The path to the client's certificate file in PEM format.
		 This setting is required when the connection to the remote
		 log server is secured with TLS.

     --help	 Display a short help message to the standard output and exit.

     -h, --host	 Connect to the	specified host instead of localhost.

     -i, --iolog-id
		 Use the specified iolog-id when restarting a log transfer.
		 The iolog-id is reported by the server	when it	creates	the
		 remote	I/O log.  This option may only be used in conjunction
		 with the -r option.

     -k, --key	 The path to the client's private key file in PEM format.
		 This setting is required when the connection to the remote
		 log server is secured with TLS.

     -n, --no-verify
		 If specified, the server's certificate	will not be verified
		 during	the TLS	handshake.  By default,	sudo_sendlog verifies
		 that the server's certificate is valid	and that it contains
		 either	the server's host name or its IP address.  This	set-
		 ting is only supported	when the connection to the remote log
		 server	is secured with	TLS.

     -p, --port	 Use the specified network port	when connecting	to the log
		 server	instead	of the default,	port 30344.

     -r, --restart
		 Restart an interrupted	connection to the log server.  The
		 specified restart-point is used to tell the server the	point
		 in time at which to continue the log.	The restart-point is
		 specified in the form "seconds,nanoseconds" and is usually
		 the last commit point received	from the server.  The -i op-
		 tion must also	be specified when restarting a transfer.

     -R, --reject
		 Send a	reject event for the command using the specified
		 reject-reason,	even though it was actually accepted locally.
		 This can be used to test the logging of reject	events;	no I/O
		 will be sent.

     -t, --test	 Open number simultaneous connections to the log server	and
		 send the specified I/O	log file on each one.  This option is
		 useful	for performance	testing.

     -V, --version
		 Print the sudo_sendlog	version	and exit.

   Debugging sendlog
     sudo_sendlog supports a flexible debugging	framework that is configured
     via Debug lines in	the sudo.conf(5) file.

     For more information on configuring sudo.conf(5), please refer to its

     /usr/local/etc/sudo.conf  Sudo front end configuration

     sudo.conf(5), sudo(8), sudo_logsrvd(8)

     Many people have worked on	sudo over the years; this version consists of
     code written primarily by:

	   Todd	C. Miller

     See the CONTRIBUTORS file in the sudo distribution
     ( for an exhaustive list of people
     who have contributed to sudo.

     If	you feel you have found	a bug in sudo_sendlog, please submit a bug re-
     port at

     Limited free support is available via the sudo-users mailing list,	see to	subscribe or search
     the archives.

     sudo_sendlog is provided "AS IS" and any express or implied warranties,
     including,	but not	limited	to, the	implied	warranties of merchantability
     and fitness for a particular purpose are disclaimed.  See the LICENSE
     file distributed with sudo	or for	com-
     plete details.

Sudo 1.9.2			 May 12, 2020			    Sudo 1.9.2


Want to link to this manual page? Use this URL:

home | help