The sreplay option is used to view the audit records from the command line. The sreplay binary is located in the /opt/novell/npum/sbin/ directory for Linux and Unix platforms and in the \Program Files\Novell\npum\sbin\ directory for the Windows platform.
Syntax: sreplay <options> <host>
The various options are:
Option |
Description |
---|---|
-U user |
Username |
-P passwd |
Password |
-N |
Uses native account for authorization |
-l |
Lists available logs |
-g <logfile> |
Gets available session entries in log |
-u <user>,<logfile> |
Gets available session entries for a particular user |
-r <session#>,<logfile> |
Replays a particular session |
-f |
Date format |
-c |
csv output |
-z |
csv separator |
Options that can be used with -g and -u
Option |
Description |
---|---|
-F <FMT> |
Displays extra info, specified by FMT (comma seperated list) |
groupid[=n] |
Display group id of session |
time[=n] |
Displays time of start of session |
key[=n] |
Displays session number |
user[=n] |
Displays submit user |
host[=n] |
Displays submit host |
runas[=n] |
Displays run user |
runhost[=n] |
Displays run host |
cmd[=[-]n] |
Displays command |
term[=n] |
Displays term type |
size[=n] |
Displays size of session in Kb NOTE:This can cause high CPU utilization on large files. |
all |
Lists all events |
Option that can be used with -g and -r
Option |
Description |
---|---|
-z |
Get using group ID |
Options that can be used with -r
Option |
Description |
---|---|
-i |
Displays stdin |
-o |
Displays stdout |
-e |
Displays stderr |
-s |
Displays signals |
-p |
Displays passwords |
-d <# ms> |
Sets display delay |
-c <charset> |
Enables character set conversion |
-a |
Displays all data |
-l |
Displays character by character, waiting for keypress |
-m |
Displays line by line, waiting for keypress |
-x |
Displays x11 capture |
To list all the available logs
Syntax: ./sreplay -l -U admin -P netiq123
Sample output:
Audit Group: cmdctrl Archive: cmdctrl.db - available
To get the available sessions stored in log file
Syntax: ./sreplay -l -U admin -P netiq123 -g cmdctrl.db
Sample output:
root 1 "25-Feb-2011 11:05:29" root 161 "25-Feb-2011 11:08:51" user2 331 "25-Feb-2011 11:09:07"