#2 [replay.c, line 278]: sudosh-replay: invalid format: ID ver 1.0.4

[Ray Vin]

Attempting to run this on CentOS 6.6 and 7. Same results on both. Nothing else logged and not sure what the actual problem is. We did set the sticky bit on /var/log/sudosh

drwx-wx-wt 2 root root 4096 Feb 24 19:24 sudosh

sudosh]# sudosh-replay ID
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-time-1456341871-BHBbxs7GLT2ft1Ky
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-time-1456271066-lnOl44k7ljOeGCf9
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-time-1456271066-lAfZjMHT4nKGk7qM
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-script-1456335739-2RCGQWrx89oJtHU5
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-time-1456271063-K6YMFJRATskc0Fhn
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-script-1456335742-UINI8w7dColwsapd
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-time-1456335747-hZCRPvw4hsDAiejI
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-script-1456341867-kOuUvZYvBpDSXrk2
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-script-1456341864-cpVH4XWYHLo4CXek
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-time-1456341864-cpVH4XWYHLo4CXek
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-time-1456271091-g4ZDjH4ZO9a6Lcsd
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-script-1456341871-BHBbxs7GLT2ft1Ky
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-time-1456271059-uL3EUP8kPXkuNSkT
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-script-1456271091-g4ZDjH4ZO9a6Lcsd
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-time-1456335739-2RCGQWrx89oJtHU5
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-script-1456335736-Li7Xy4ntIDWL6jin
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-script-1456341876-YngsCNP14dtj9OQw
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-script-1456271059-uL3EUP8kPXkuNSkT
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-script-1456271063-K6YMFJRATskc0Fhn
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-script-1456271066-lAfZjMHT4nKGk7qM
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-script-1456271066-XHLZc4cQfSLRtasE
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-time-1456335742-UINI8w7dColwsapd
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-script-1456335747-hZCRPvw4hsDAiejI
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-time-1456341867-kOuUvZYvBpDSXrk2
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-time-1456341876-YngsCNP14dtj9OQw
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-time-1456335736-Li7Xy4ntIDWL6jin
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-time-1456271066-XHLZc4cQfSLRtasE
[replay.c, line 171]: [warning]: invalid file: testuser-testuser-script-1456271066-lnOl44k7ljOeGCf9
[replay.c, line 278]: sudosh-replay: invalid format: ID
sudosh-replay: the appropiate format is %32[^-]-%32[^-]-%ld-%64[A-Za-z0-9]

[Ray Vin]

I have a bit more information. We were attempting to watch Qualys vulnerability scanning doing authenticated scans. I've done this before with sudosh, but this time it fails as shown above. In testing however, if you manually login as the user we use for Qualys it logs your activity no problem! It only does this when the actually scanner logs in.