v7

Release v7

• Allow tlog-play redirection of stdout
• Add -i/--interactive option to tlog-rec-session. Allows login
  programs to call tlog-rec-session more transparently.
• Make in_txt/out_txt fields optional. This handles missing fields
  when reading from ElasticSearch or other backends.

v6

Release v6. Added features and implemented fixes follow. See README.md and manpages for documentation of new features.

• Add integration tests for end-to-end test coverage
• Fix compiler type comparison error with json-c json_object_array_length return value
• Fix a distribution issue causing incorrect M4_CONF_PATH expansion
• Log more detailed error when systemd journal is not present

v5

Release v5. Added features and implemented fixes follow. See README.md and manpages for documentation of new features.

• Implement support for --configuration option for all programs.
  The option makes the program output its configuration in JSON and then
  exit.
• Add BuildDependencies to allow yum-builddep.
• Open JSON writer file with euid/egid. To allow creating protected log files
  with tlog-rec-session, open the JSON writer's file with the EUID and
  GUID the program was started with.
• Installing Packages with the APT Addon instead of apt-get.
• Switch to using TLOG_ERRS_RAISE macros.
• Fix tlog-play cleanup-path segfault.
• Modify command-line option parsing.
• Remove "fields" field from ES query URL to fix compatibility with
  Elasticsearch 5.
• Remove unused _source parameter from ES query URL.
• Fix tlog-rec-session file permissions bug.
• Use CLOCK_MONOTONIC for rate-limiting writing.
• Filter out some more input control sequences.

Contributions from @trevor-vaughan @danghai @theblazehen are appreciated.

v4

Release v4. Added features and implemented fixes follow. See README.md and
manpages for documentation of new features.

• Extract user session recording functionality from tlog-rec into a new
  tool: tlog-rec-session. It should be used as the user's login shell now,
  and tlog-rec should be used as a general recording and testing tool.
• Add (optional) support for writing to and reading from Systemd Journal - the
  journal reader and writer.
• Make tlog-rec default to file writer, and tlog-rec-session to journal,
  if built with Journal support, and to syslog otherwise.
• Add -o option to tlog-rec as an alias to --file-path.
• Add -i option to tlog-play as an alias to --file-path.
• Assume locale charset is UTF-8, if ASCII charset is detected, since that is
  a likely indication the locale settings were lost. E.g. upon console login
  or su - on Fedora and RHEL.
• Switch the ver JSON field type to string. Now it should be two numbers
  separated by a dot. The increase of the first number indicates
  forward-incompatible changes, the increase of the second number -
  forward-compatible. If the dot and the second number are omitted, the second
  number is considered to be zero. Bump the format version to 2.
• Add a new JSON field: rec, containing an opaque host-unique recording ID.
  Bump the format version to 2.1.
• Add support for playback controls, both through the command line and via
  playback-time control keys, including: speed adjustment, pause/resume,
  fast-forward to a time, and packet-by-packet stepping through the recording.
• Add optional rate-limiting of logged messages. Both throttling and dropping
  messages are supported.
• Add --lax option to tlog-play to allow playing back recordings with
  missing messages.
• Fix input being ignored when there is a lot of output, while recording.
• Remove addition of tlog-rec (tlog-rec-session) to /etc/shells from RPM
  packaging to prevent users from changing their shells themselves once it has
  been assigned.
• Add support for specifying the shell to start via the tlog-rec-session
  executable name. E.g. by making a tlog-rec-session-shell-bin-zsh ->
  tlog-rec-session symlink and executing it. That can be used to specify
  particular shells to be recorded for specific users by assigning these
  symlinks as their login shells.
• Make error messages from all the tools a bit less noisy and more readable.

v3

Release v3. Added features and implemented fixes follow.

• Make each JSON message timing data start with window size.
  This makes it possible to pick up the stream from any message and also
  combine messages, with window size known and preserved at all times.
• Add "term" field to JSON messages, specifying terminal type.
• Add "ver" field to JSON messages, specifying message format version.
• Set "SHELL" environment variable to actual user shell in tlog-rec.
• Check for locale's charset and abort tlog-rec if it's anything but the only
  supported UTF-8.
• Add -v/--version option support to tlog-rec and tlog-play.
• Fix tlog-rec and tlog-play error output by accumulating error messages and
  outputting them only after terminal settings are restored, on exit. Output
  startup warnings before switching to raw terminal settings.
• Output a newline after restoring terminal settings in tlog-rec and
  tlog-play, so that following output is not stuck to the end of the last line
  of the raw output.
• Add an Elasticsearch mapping to documentation directory.
• Disable input logging by default to avoid storing passwords. Please enable
  it explicitly in configuration, or on the command line, if necessary.
• Close log file written by tlog-rec on executing the shell in the child to
  prevent log modification by the recorded user.
• Support running tlog-rec SUID/SGID to prevent recorded users from killing or
  modifying it. Make tlog-rec SUID/SGID to user "tlog" in the RPM package.
• Add session locking to tlog-rec. This prevents tlog-rec from recording if
  the audit session is already recorded by creating per-audit-session lock
  files in /var/run/tlog. This only makes sense with tlog-rec SUID/SGID.
  When certain failures occur while creating a lock file, session is assumed
  unlocked and is recorded anyway, as it is safer to record a session than
  not. Add corresponding setup to the RPM package.
• Reproduce the recorded program (shell) exit status in tlog-rec similarly to
  how Bash reproduces the last executed command status.
• Update and expand README.md to describe secure log message filtering with
  rsyslog, and playback directly from Elasticsearch, among other, smaller
  additions.

v2

Release v2. Not ready for production. Following features are added:

• Fully-fledged command-line interface to tlog-play, along with config file
  and man pages.
• Support for playback from file in tlog-play.
• Make tlog-play follow mode controllable and off by default.
• Get tlog-rec shell also from TLOG_REC_SHELL environment variable.
• Support non-TTY stdin/stdout in tlog-rec, allowing its use with
  non-interactive SSH sessions.
• Support building on and packaging for EPEL5.

v1

This is the first release of tlog. It is not ready for production and
should be considered a development preview.

Features implemented so far include:

• Recording of user input, program output and window size changes.
• Support for writing into syslog and files.
• Tlog-rec configuration through system-wide configuration file
  /etc/tlog/tlog-rec.conf, environment variables and command line.
• Very basic playback directly from ElasticSearch.