Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFE: tlog-play improvements #319

Open
myllynen opened this issue Nov 20, 2020 · 3 comments
Open

RFE: tlog-play improvements #319

myllynen opened this issue Nov 20, 2020 · 3 comments

Comments

@myllynen
Copy link

When using tlog on systems where journal is not an option (not available or not in use for some reason), logging to a separate file allows to separate recorded sessions from other logging. However, tlog-play doesn't seem to grok the file. To improve user experience without journal it would be nice to have:

  1. tlog-play support for separate log files (perhaps support for parsing tlog messages from /var/log/messages would be in theory possible as well but I think that would lower priority than support for separate log files)
  2. tlog-play support at least for listing users with recorded sessions (from a log file or from journal), tlog-play listing sessions for each user (including start and end time), and listing sessions between a certain timeframe
  3. tlog-play support for dumping instantly any given session, instead of any sort of "fast-forward" playback or such

Thanks.
@justin-stephenson
Copy link
Collaborator

Hi, thanks for your feedback. tlog-play does support playing back recordings written to a file(with --writer=file), and recently the following option was added to specify which recording to playback, when multiple recordings exist in the same log file.

       -m, --file-match=STRING
              Playback explicit recording id specified in STRING.

              STRING is the recording id of the recording the "file" reader should seek to for playback.

@myllynen
Copy link
Author

Thanks for pointing out -m, I had tested only the RHEL 8 version so didn't know about it, mea culpa. So yes, it's certainly helpful.

I think I earlier had some "short" session at the beginning of the log file as now that I've recreated the log I can play the first session but after that I get an error (so if there's a "short" session at the beginning you'll basically see a prompt and an error):

root@localhost:~# tlog-play -i tlog.log
[...]
testuser@rhel-8-server:~$ whoami
testuser
testuser@rhel-8-server:~$ ls
testuser@rhel-8-server:~$ logout

Message ID is out of order
Failed reading the source at line 10

Thanks.

@myllynen
Copy link
Author

I now created an imaginary screenshot with tlog-play examples how things might look eventually in an ideal world. Not sure will there be a chance for anyone to ever implement these but just listing some ideas here from user perspective of what could be helpful. I'm using file as an example here but this could hopefully work with reader backend.

# tlog-play -r file --check --verbose tlog.log
tlog.log is a valid tlog log file.
# tlog-play -r file --check --verbose partial.log
tlog.log is a corrupt tlog log file.
# tlog-play -r file --check --verbose httpd.log
httpd.log is not a tlog log file.
# tlog-play -r file --list-sessions --verbose tlog.log
USER    HOST        SESSION    START                  END                    RECORDING
user1   localhost   <sid1>     2020-10-10 10:10:10    2020-10-10 11:11:11    <rid1>
user2   localhost   <sid2>     2020-10-10 12:12:12    2020-10-10 13:13:13    <rid2>
user1   localhost   <sid3>     2020-10-10 14:14:14    2020-10-10 15:15:15    <rid3>
# tlog-play -r file --list-sessions --host remote.example.com --verbose tlog.log
USER    HOST        SESSION    START                  END                    RECORDING
# tlog-play -r file --list-sessions --user user1 --verbose tlog.log
USER    HOST        SESSION    START                  END                    RECORDING
user1   localhost   <sid1>     2020-10-10 10:10:10    2020-10-10 11:11:11    <rid1>
user1   localhost   <sid3>     2020-10-10 14:14:14    2020-10-10 15:15:15    <rid3>
# tlog-play -r file --list-sessions --user user1 --start-time "2020-10-10 13:13:13" --verbose tlog.log
USER    HOST        SESSION    START                  END                    RECORDING
user1   localhost   <sid3>     2020-10-10 14:14:14    2020-10-10 15:15:15    <rid3>
# tlog-play -r file --list-sessions --user user1 --end-time "2020-10-10 13:13:13" --verbose tlog.log
USER    HOST        SESSION    START                  END                    RECORDING
user1   localhost   <sid1>     2020-10-10 10:10:10    2020-10-10 11:11:11    <rid1>
# tlog-play -r file --verbose tlog.tlog
Playing user1 session <sid1> at localhost starting on 2020-10-10 10:10:10.
$ whoami
user1
exit
# tlog-play -r file --file-match <sid2> --verbose tlog.tlog
Playing user2 session <sid2> at localhost starting on 2020-10-10 12:12:12.
$ whoami
user2
exit
# tlog-play -r file --file-match -1 --verbose tlog.tlog
Playing user1 session <sid3> at localhost starting on 2020-10-10 14:14:14.
$ echo $USER
user1
exit
# tlog-play -r file --file-match <sid2> --instant --verbose tlog.tlog
Dumping user2 session <sid2> at localhost starting on 2020-10-10 12:12:12.
$ whoami
user2
exit
#

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@justin-stephenson @myllynen