My Favorites

Close

Please to see your favorites.


How to use the sreplay tool to view audit records and keystroke reports from the command line

This document (7021040) is provided subject to the disclaimer at the end of this document.

Environment

NetIQ Privileged Account Manager

Situation

How to use the sreplay tool to view audit records and keystroke reports from the command line
Session playback to view the keystroke logs

Resolution

For detailed information regarding the available sreplay command line options and syntax, please refer to the following:
https://www.netiq.com/documentation/privileged-account-manager-3/npam_admin/data/bvxdo3d.html

View a list of available sessions from a particular logfile in csv format (cmdctrl.db):
/opt/netiq/npum/sbin/sreplay -lC -U admin -F key,user,runas,host,runhost,time,cmd,all -g cmdctrl.db
Note: The session id is displayed as the first "key" column.

How to view the keystroke report of a particular session:
Note: Replace <key> with the unique session id obtained from the above command.
  • Replay a particular session (console / terminal playback):
    /opt/netiq/npum/sbin/sreplay -lCp -U admin -r <key>,cmdctrl.db

    Note: Please replace <key> with a valid session key from the first command above. Only terminal-type sessions will be simulated in console playback.

  • View ALL (STDIN, STDOUT, STDERR) keystroke data for a particular session (verbose):
    /opt/netiq/npum/sbin/sreplay -U admin -r <key>,cmdctrl.db -a

  • View STDIN keystroke data for a particular session:
    /opt/netiq/npum/sbin/sreplay -U admin -r <key>,cmdctrl.db -i

  • View STDOUT keystroke data for a particular session:
    /opt/netiq/npum/sbin/sreplay -U admin -r <key>,cmdctrl.db -o

  • View STDERR keystroke data for a particular session:
    /opt/netiq/npum/sbin/sreplay -U admin -r <key>,cmdctrl.db -e

Additional Information

To configure the output to be exported in csv format, please use the "-C" option with the sreplay command.

To generate a csv file, just redirect the output to a file, for example:
/opt/netiq/npum/sbin/sreplay -lC -U admin -F key,user,runas,host,runhost,time,cmd,all -g cmdctrl.db > sessions-report.csv

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7021040
  • Creation Date:28-JUN-17
  • Modified Date:08-NOV-17
    • NovellPrivileged Account Manager (Privileged User Manager)

Did this document solve your problem? Provide Feedback