Provided by: sudo-ldap_1.9.16p2-1ubuntu1.1_amd64 bug

NAME
       sudo_sendlog — send sudo I/O log to log server


SYNOPSIS
       sudo_sendlog  [-AnV]  [-b  ca_bundle]  [-c  cert_file]  [-h  host]  [-i iolog-id] [-k key_file] [-p port]
                    [-r restart-point] [-R reject-reason] [-s stop-point] [-t number] path


DESCRIPTION
       sudo_sendlog can be used to send the existing sudoers I/O log  path  to  a  remote  log  server  such  as
       sudo_logsrvd(8) for central storage.

       The options are as follows:

       -A, --accept-only
               Only  send  the  accept event, not the I/O associated with the log.  This can be used to test the
               logging of accept events without any associated I/O.

       -b, --ca-bundle
               The path to a certificate authority bundle file, in PEM format, to use instead  of  the  system's
               default certificate authority database when authenticating the log server.  The default is to use
               the system's default certificate authority database.

       -c, --cert
               The  path  to  the  client's  certificate  file in PEM format.  This setting is required when the
               connection to the remote log server is secured with TLS.

       --help  Display a short help message to the standard output and exit.

       -h, --host
               Connect to the specified host instead of localhost.

       -i, --iolog-id
               Use the specified iolog-id when restarting a log transfer.   The  iolog-id  is  reported  by  the
               server  when it creates the remote I/O log.  This option may only be used in conjunction with the
               -r option.

       -k, --key
               The path to the client's private key file in PEM format.   This  setting  is  required  when  the
               connection to the remote log server is secured with TLS.

       -n, --no-verify
               If  specified,  the  server's  certificate  will  not  be  verified during the TLS handshake.  By
               default, sudo_sendlog verifies that the server's certificate is valid and that it contains either
               the server's host name or its IP address.  This setting is only supported when the connection  to
               the remote log server is secured with TLS.

       -p, --port
               Use  the  specified  network  port when connecting to the log server instead of the default, port
               30344.

       -r, --restart
               Restart an interrupted connection to the log server.  The specified restart-point is used to tell
               the server the point in time at which to continue the log.  The restart-point is specified in the
               form “seconds,nanoseconds” and is usually the last commit point received from the server.  The -i
               option must also be specified when restarting a transfer.

       -R, --reject
               Send a reject event for the command  using  the  specified  reject-reason,  even  though  it  was
               actually accepted locally.  This can be used to test the logging of reject events; no I/O will be
               sent.

       -s, --stop-after
               Stop  sending  log records and close the connection when stop-point is reached.  This can be used
               for testing purposes to send a partial I/O log to the server.   Partial  logs  can  be  restarted
               using   the   -r   option.    The   stop-point   is   an  elapsed  time  specified  in  the  form
               “seconds,nanoseconds”.

       -t, --test
               Open number simultaneous connections to the log server and send the specified  I/O  log  file  on
               each one.  This option is useful for performance testing.

       -V, --version
               Print the sudo_sendlog version and exit.

   Debugging sendlog
       sudo_sendlog  supports  a  flexible  debugging  framework  that  is  configured  via  Debug  lines in the
       sudo.conf(5) file.

       For more information on configuring sudo.conf(5), refer to its manual.


FILES
       /etc/sudo.conf            Sudo front-end configuration


SEE ALSO
       sudo.conf(5), sudo(8), sudo_logsrv.proto(5), sudo_logsrvd(8)


AUTHORS
       Many people have worked on sudo over the years; this version consists of code written primarily by:

             Todd C. Miller

       See the CONTRIBUTORS.md file in the sudo distribution  (https://www.sudo.ws/about/contributors/)  for  an
       exhaustive list of people who have contributed to sudo.


BUGS
       If  you  believe  you  have found a bug in sudo_sendlog, you can either file a bug report in the sudo bug
       database, https://bugzilla.sudo.ws/, or open an issue at https://github.com/sudo-project/sudo/issues.  If
       you  would  prefer  to  use  email,  messages  may  be   sent   to   the   sudo-workers   mailing   list,
       https://www.sudo.ws/mailman/listinfo/sudo-workers (public) or <sudo@sudo.ws> (private).

       Please  not  report  security  vulnerabilities  through  public GitHub issues, Bugzilla or mailing lists.
       Instead, report them via email to <Todd.Miller@sudo.ws>.  You may encrypt your message with  PGP  if  you
       would like, using the key found at https://www.sudo.ws/dist/PGPKEYS.


SUPPORT
       Limited     free     support     is     available     via    the    sudo-users    mailing    list,    see
       https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the archives.


DISCLAIMER
       sudo_sendlog is provided “AS IS” and any express or implied warranties, including, but  not  limited  to,
       the  implied  warranties of merchantability and fitness for a particular purpose are disclaimed.  See the
       LICENSE.md file distributed with sudo or https://www.sudo.ws/about/license/ for complete details.

Sudo 1.9.16p2                                     July 14, 2024                                  SUDO_SENDLOG(8)