Your company here — click to reach over 10,000 unique daily visitors

tlog-rec-session - Man Page

start a shell and log terminal I/O


tlog-rec-session [OPTION...] [CMD_FILE [CMD_ARG...]]
tlog-rec-session -c [OPTION...] CMD_STRING [CMD_NAME [CMD_ARG...]]


Tlog-rec-session is a terminal session I/O logging program, intended for use as the login shell for a user. The actual user shell to start is retrieved from configuration or environment. Tlog-rec-session starts the actual shell under a pseudo-TTY, connects it to the actual terminal and logs whatever passes between them including user input, program output, and terminal window size changes.

Tlog-rec-session will not start recording if another process with the same audit session ID (as seen in /proc/PID/sessionid) is already being recorded. Instead, it will simply start the shell.

If no "-c" option is specified, then the first non-option argument CMD_FILE specifies the location of a shell script the shell should read and the following arguments (CMD_ARG) specify its arguments.

If the "-c" option is specified, then a non-option argument CMD_STRING is required and should contain shell commands to execute, the following arguments can specify first the script name (CMD_NAME, i.e. argv[0]) and then its arguments (CMD_ARG).

If no non-option arguments are encountered, or the "-i" option is specified then the shell is started interactively.

If tlog-rec-session is invoked under a name beginning with a dash (i.e. argv[0] beginning with '-'), then the executed shell name is also prepended with a dash. This passes the "login shell" status to the recorded shell and is equivalent to using the "-l" option.

If tlog-rec-session is invoked under a name containing "-shell-", then the rest of the name after that string is considered an encoded absolute path to the shell to execute for the recorded session. The path is expected to be encoded by replacing all forward slashes '/' with dashes '-' and any characters to be preserved as is prepended with a backslash '\'. E.g. to have tlog-rec-session execute /bin/dash as the shell, invoke it with the name "tlog-rec-session-shell-bin-dash".

This is normally done by making a symlink with that name pointing to tlog-rec-session, and then executing the link. Such links can be assigned to users as their shells to have specific shells started under recording for specific users.

Tlog-rec-session loads its parameters first from the system-wide configuration file /etc/tlog/tlog-rec-session.conf, then from the file pointed at by TLOG_REC_SESSION_CONF_FILE environment variable (if set), then from the contents of the TLOG_REC_SESSION_CONF_TEXT environment variable (if set), and then from command-line options. Parameters from each of these sources override the previous one in turn.


General options

-h,  --help

Output a command-line usage message and exit.

-v,  --version

Output version information and exit.


Output program configuration in JSON and exit.

-l,  --login

Make the shell a login shell.

If specified, the shell is signalled to act as a login shell. This is done by prepending argv[0] of the shell with a dash character.

-i,  --interactive

Make the shell an interactive shell.

If specified, tlog-rec-session passes the -i option to the shell.

-c,  --command

Execute shell commands.

If specified, tlog-rec-session passes the -c option to the shell, followed by all the positional arguments, which specify the shell commands to execute along with command name and its arguments.



Specifies the location of a configuration file to be read. The configuration parameters in this file override the ones in the system-wide configuration file /etc/tlog/tlog-rec-session.conf.


Specifies the configuration text to be read. The configuration parameters in this variable override the ones in the file specified with TLOG_REC_SESSION_CONF_FILE.


Specifies the shell to spawn. Overrides configuration specified with TLOG_REC_SESSION_CONF_TEXT. Can be overridden by invoking tlog-rec-session under a special name (see above).



The system-wide configuration file


Start recording a login shell:

tlog-rec-session -l

Ask the recorded shell to execute a command:

tlog-rec-session -c whoami

See Also

tlog-rec-session.conf(5), tlog-rec(8), tlog-play(8)


Nikolai Kondrashov <spbnick@gmail.com>

Referenced By

sssd.conf(5), sssd-session-recording(5), tlog-rec(8), tlog-rec-session.conf(5).

May 2017 Tlog