12.8 sreplay Command Line Options

The sreplay option is used to view the audit records from the command line. The sreplay binary is located in the /opt/netiq/npum/sbin/ directory for Linux and Unix platforms.

Syntax: sreplay <options> <host>

The various options are:

Option	Description
-U user	Username
-P passwd	Password
-N	Uses native account for authorization
-l	Lists available logs
-g <logfile>	Gets available session entries in log
-u <user>,<logfile>	Gets available session entries for a particular user
-r <session#>,<logfile>	Replays a particular session
-f	Date format
-C	csv output
-Z	csv separator

Options that can be used with -g and -u

Option	Description
-F <FMT>	Displays extra info, specified by FMT (comma seperated list)
groupid[=n]	Display group id of session
time[=n]	Displays time of start of session
key[=n]	Displays session number
user[=n]	Displays submit user
host[=n]	Displays submit host
runas[=n]	Displays run user
runhost[=n]	Displays run host
cmd[=[-]n]	Displays command
term[=n]	Displays term type
size[=n]	Displays size of session in Kb NOTE:This can cause high CPU utilization on large files.
all	Lists all events

Option that can be used with -g and -r

Option	Description
-z	Get using group ID

Options that can be used with -r

Option	Description
-i	Displays stdin
-o	Displays stdout
-e	Displays stderr
-s	Displays signals
-p	Displays passwords
-d <# ms>	Sets display delay
-c <charset>	Enables character set conversion
-a	Displays all data
-l	Displays character by character, waiting for keypress
-m	Displays line by line, waiting for keypress
-x	Displays x11 capture

Sample Commands

To list all the available logs

Syntax: ./sreplay -l -U admin -P netiq123

Sample output:
```
Audit Group: cmdctrl
Archive: cmdctrl.db - available
```
To get the available sessions stored in log file

Syntax: ./sreplay -l -U admin -P netiq123 -g cmdctrl.db

Sample output:
```
root 1 "25-Feb-2011 11:05:29"
root 161 "25-Feb-2011 11:08:51"
user2 331 "25-Feb-2011 11:09:07"
```