SUDO_SENDLOG(8)         FreeBSD System Manager's Manual        SUDO_SENDLOG(8)

NAME
     sudo_sendlog - send sudo I/O log to log server

SYNOPSIS
     sudo_sendlog [-AnV] [-b ca_bundle] [-c cert_file] [-h host] [-i iolog-id]
                  [-k key_file] [-p port] [-r restart-point]
                  [-R reject-reason] [-s stop-point] [-t number] path

DESCRIPTION
     sudo_sendlog can be used to send the existing sudoers I/O log path to a
     remote log server such as sudo_logsrvd(8) for central storage.

     The options are as follows:

     -A, --accept-only
                 Only send the accept event, not the I/O associated with the
                 log.  This can be used to test the logging of accept events
                 without any associated I/O.

     -b, --ca-bundle
                 The path to a certificate authority bundle file, in PEM
                 format, to use instead of the system's default certificate
                 authority database when authenticating the log server.  The
                 default is to use the system's default certificate authority
                 database.

     -c, --cert  The path to the client's certificate file in PEM format.
                 This setting is required when the connection to the remote
                 log server is secured with TLS.

     --help      Display a short help message to the standard output and exit.

     -h, --host  Connect to the specified host instead of localhost.

     -i, --iolog-id
                 Use the specified iolog-id when restarting a log transfer.
                 The iolog-id is reported by the server when it creates the
                 remote I/O log.  This option may only be used in conjunction
                 with the -r option.

     -k, --key   The path to the client's private key file in PEM format.
                 This setting is required when the connection to the remote
                 log server is secured with TLS.

     -n, --no-verify
                 If specified, the server's certificate will not be verified
                 during the TLS handshake.  By default, sudo_sendlog verifies
                 that the server's certificate is valid and that it contains
                 either the server's host name or its IP address.  This
                 setting is only supported when the connection to the remote
                 log server is secured with TLS.

     -p, --port  Use the specified network port when connecting to the log
                 server instead of the default, port 30344.

     -r, --restart
                 Restart an interrupted connection to the log server.  The
                 specified restart-point is used to tell the server the point
                 in time at which to continue the log.  The restart-point is
                 specified in the form "seconds,nanoseconds" and is usually
                 the last commit point received from the server.  The -i
                 option must also be specified when restarting a transfer.

     -R, --reject
                 Send a reject event for the command using the specified
                 reject-reason, even though it was actually accepted locally.
                 This can be used to test the logging of reject events; no I/O
                 will be sent.

     -s, --stop-after
                 Stop sending log records and close the connection when
                 stop-point is reached.  This can be used for testing purposes
                 to send a partial I/O log to the server.  Partial logs can be
                 restarted using the -r option.  The stop-point is an elapsed
                 time specified in the form "seconds,nanoseconds".

     -t, --test  Open number simultaneous connections to the log server and
                 send the specified I/O log file on each one.  This option is
                 useful for performance testing.

     -V, --version
                 Print the sudo_sendlog version and exit.

   Debugging sendlog
     sudo_sendlog supports a flexible debugging framework that is configured
     via Debug lines in the sudo.conf(5) file.

     For more information on configuring sudo.conf(5), please refer to its
     manual.

FILES
     /usr/local/etc/sudo.conf  Sudo front end configuration

SEE ALSO
     sudo.conf(5), sudo(8), sudo_logsrvd(8)

AUTHORS
     Many people have worked on sudo over the years; this version consists of
     code written primarily by:

           Todd C. Miller

     See the CONTRIBUTORS file in the sudo distribution
     (https://www.sudo.ws/contributors.html) for an exhaustive list of people
     who have contributed to sudo.

BUGS
     If you feel you have found a bug in sudo_sendlog, please submit a bug
     report at https://bugzilla.sudo.ws/

SUPPORT
     Limited free support is available via the sudo-users mailing list, see
     https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
     the archives.

DISCLAIMER
     sudo_sendlog is provided "AS IS" and any express or implied warranties,
     including, but not limited to, the implied warranties of merchantability
     and fitness for a particular purpose are disclaimed.  See the LICENSE
     file distributed with sudo or https://www.sudo.ws/license.html for
     complete details.

Sudo 1.9.7p1                      May 4, 2021                     Sudo 1.9.7p1