10.8 sreplay Command Line Options

The sreplay option is used to view the audit records from the command line. The sreplay binary is located in the /opt/novell/npum/sbin/ directory for Linux and Unix platforms and in the \Program Files\Novell\npum\sbin\ directory for the Windows platform.

Syntax: sreplay <options> <host>

The various options are:

Option

Description

-U user

Username

-P passwd

Password

-N

Uses native account for authorization

-l

Lists available logs

-g <logfile>

Gets available session entries in log

-u <user>,<logfile>

Gets available session entries for a particular user

-r <session#>,<logfile>

Replays a particular session

-f

Date format

-c

csv output

-z

csv separator

Options that can be used with -g and -u

Option

Description

-F <FMT>

Displays extra info, specified by FMT (comma seperated list)

groupid[=n]

Display group id of session

time[=n]

Displays time of start of session

key[=n]

Displays session number

user[=n]

Displays submit user

host[=n]

Displays submit host

runas[=n]

Displays run user

runhost[=n]

Displays run host

cmd[=[-]n]

Displays command

term[=n]

Displays term type

size[=n]

Displays size of session in Kb

NOTE:This can cause high CPU utilization on large files.

all

Lists all events

Option that can be used with -g and -r

Option

Description

-z

Get using group ID

Options that can be used with -r

Option

Description

-i

Displays stdin

-o

Displays stdout

-e

Displays stderr

-s

Displays signals

-p

Displays passwords

-d <# ms>

Sets display delay

-c <charset>

Enables character set conversion

-a

Displays all data

-l

Displays character by character, waiting for keypress

-m

Displays line by line, waiting for keypress

-x

Displays x11 capture

Sample Commands