sudoreplay - replay sudo session logs

Before running this command add these lines to the end of the sudoers file $ sudo vim /etc/sudoers Defaults log_output Defaults!/usr/bin/sudoreplay !log_output Defaults!/sbin/reboot !log_output :wq! save and exit

To list sessions run by user venus $ sudo sudoreplay -l user venus

To list sessions run by user venus with a command containing the string vim $ sudo sudoreplay -l user venus command vim

regards, T.Dhanasekar