sudo_sendlog(8) — Linux manual page


SUDO_SENDLOG(8)        BSD System Manager's Manual       SUDO_SENDLOG(8)

NAME         top

     sudo_sendlog — send sudo I/O log to log server

SYNOPSIS         top

     sudo_sendlog [-AnV] [-b ca_bundle] [-c cert_file] [-h host]
                  [-i iolog-id] [-k key_file] [-p port]
                  [-r restart-point] [-R reject-reason] [-s stop-point]
                  [-t number] path

DESCRIPTION         top

     sudo_sendlog can be used to send the existing sudoers I/O log path
     to a remote log server such as sudo_logsrvd(8) for central storage.

     The options are as follows:

     -A, --accept-only
                 Only send the accept event, not the I/O associated with
                 the log.  This can be used to test the logging of
                 accept events without any associated I/O.

     -b, --ca-bundle
                 The path to a certificate authority bundle file, in PEM
                 format, to use instead of the system's default
                 certificate authority database when authenticating the
                 log server.  The default is to use the system's default
                 certificate authority database.

     -c, --cert  The path to the client's certificate file in PEM
                 format.  This setting is required when the connection
                 to the remote log server is secured with TLS.

     --help      Display a short help message to the standard output and

     -h, --host  Connect to the specified host instead of localhost.

     -i, --iolog-id
                 Use the specified iolog-id when restarting a log
                 transfer.  The iolog-id is reported by the server when
                 it creates the remote I/O log.  This option may only be
                 used in conjunction with the -r option.

     -k, --key   The path to the client's private key file in PEM
                 format.  This setting is required when the connection
                 to the remote log server is secured with TLS.

     -n, --no-verify
                 If specified, the server's certificate will not be
                 verified during the TLS handshake.  By default,
                 sudo_sendlog verifies that the server's certificate is
                 valid and that it contains either the server's host
                 name or its IP address.  This setting is only supported
                 when the connection to the remote log server is secured
                 with TLS.

     -p, --port  Use the specified network port when connecting to the
                 log server instead of the default, port 30344.

     -r, --restart
                 Restart an interrupted connection to the log server.
                 The specified restart-point is used to tell the server
                 the point in time at which to continue the log.  The
                 restart-point is specified in the form
                 “seconds,nanoseconds” and is usually the last commit
                 point received from the server.  The -i option must
                 also be specified when restarting a transfer.

     -R, --reject
                 Send a reject event for the command using the specified
                 reject-reason, even though it was actually accepted
                 locally.  This can be used to test the logging of
                 reject events; no I/O will be sent.

     -s, --stop-after
                 Stop sending log records and close the connection when
                 stop-point is reached.  This can be used for testing
                 purposes to send a partial I/O log to the server.
                 Partial logs can be restarted using the -r option.  The
                 stop-point is an elapsed time specified in the form

     -t, --test  Open number simultaneous connections to the log server
                 and send the specified I/O log file on each one.  This
                 option is useful for performance testing.

     -V, --version
                 Print the sudo_sendlog version and exit.

   Debugging sendlog
     sudo_sendlog supports a flexible debugging framework that is
     configured via Debug lines in the sudo.conf(5) file.

     For more information on configuring sudo.conf(5), refer to its

FILES         top

     /etc/sudo.conf            Sudo front-end configuration

SEE ALSO         top

     sudo.conf(5), sudo(8), sudo_logsrvd(8)

AUTHORS         top

     Many people have worked on sudo over the years; this version
     consists of code written primarily by:

           Todd C. Miller

     See the file in the sudo distribution
     ( for an exhaustive list of
     people who have contributed to sudo.

BUGS         top

     If you believe you have found a bug in sudo_sendlog, you can submit
     a bug report at

SUPPORT         top

     Limited free support is available via the sudo-users mailing list,
     see to subscribe or
     search the archives.

DISCLAIMER         top

     sudo_sendlog is provided “AS IS” and any express or implied
     warranties, including, but not limited to, the implied warranties
     of merchantability and fitness for a particular purpose are
     disclaimed.  See the file distributed with sudo or for complete details.

COLOPHON         top

     This page is part of the sudo (execute a command as another user)
     project.  Information about the project can be found at  If you have a bug report for this manual
     page, see ⟨⟩.  This page was obtained from
     the project's upstream Git repository
     ⟨⟩ on 2022-12-17.  (At that
     time, the date of the most recent commit that was found in the
     repository was 2022-12-15.)  If you discover any rendering problems
     in this HTML version of the page, or you believe there is a better
     or more up-to-date source for the page, or you have corrections or
     improvements to the information in this COLOPHON (which is not part
     of the original manual page), send a mail to

Sudo 1.9.12p1               February 16, 2022              Sudo 1.9.12p1