https://linoxide.com/linux-how-to/tlog-tool-record-play-terminal-io-sessions
Tlog is a terminal I/O recording and playback package for Linux Distros. It's suitable for implementing centralized user session recording. It logs everything that passes through as JSON messages. The primary purpose of logging in JSON format is to eventually deliver the recorded data to a storage service such as Elasticsearch, where it can be searched and queried, and from where it can be played back. At the same time, they retain all the passed data and timing.
Tlog contains three tools namely tlog-rec, tlog-rec-session and tlog-play.
![Tlog working process]()
Firstly, a user authenticates to login via PAM. The Name Service Switch (NSS) provides the information as
Tlog contains three tools namely tlog-rec, tlog-rec-session and tlog-play.
Tlog-rec toolis used for recording terminal input or output of programs or shells in general.Tlog-rec-session toolis used for recording I/O of whole terminal sessions, with protection from recorded users.Tlog-play toolfor playing back the recordings.
Installation
Before proceeding with the install, we need to ensure that our system meets all the software requirements for compiling and installing the application. On the first step, update your system repositories and software packages by using the below command.#yum updateWe need to install the required dependencies for this software installation. I've installed all dependency packages with these commands prior to the installation.
#yum install wget gccAfter completing these installations, we can download the source package for this tool and extract it on your server as required:
#yum install systemd-devel json-c-devel libcurl-devel m4
#wget https://github.com/Scribery/tlog/releases/download/v3/tlog-3.tar.gzNow you can start building this tool using our usual configure and make approach.
#tar -xvf tlog-3.tar.gz
# cd tlog-3
#./configure --prefix=/usr --sysconfdir=/etc && makeFinally, you need to run
#make install
#ldconfig
ldconfig. It creates the necessary links and cache to the most recent shared libraries found in the directories specified on the command line, in the file /etc/ld.so.conf, and in the trusted directories (/lib and /usr/lib).Tlog workflow chart
Firstly, a user authenticates to login via PAM. The Name Service Switch (NSS) provides the information as
tlog is a shell to the user. This initiates the tlog section and it collects the information from the Env/config files about the actual shell and starts the actual shell in a PTY. Then it starts logging everything passing between the terminal and the PTY via syslog or sd-journal.Usage
You can test if session recording and playback work in general with a freshly installed tlog, by recording a session into a file withtlog-rec and then playing it back with tlog-play.Recording to a file
To record a session into a file, executetlog-rec on the command line as such:tlog-rec --writer=file --file-path=tlog.logThis command will record our terminal session to a file named tlog.log and save it in the path specified in the command.
Playing back from a file
You can playback the recorded session during or after recording usingtlog-play command.tlog-play --reader=file --file-path=tlog.logThis command reads the previously recorded file tlog.log from the file path mentioned in the command line.
