[GH-ISSUE #184] Log parsing to determine commands issued #749

New issue

Closed

opened 2026-03-15 10:09:39 +03:00 by kerem · 1 comment

kerem commented

2026-03-15 10:09:39 +03:00

Owner

Originally created by @samkaufman01 on GitHub (Dec 1, 2016).
Original GitHub issue: https://github.com/asciinema/asciinema/issues/184

In accordance with our network monitoring needs here at the NCSA, I've been working on a processing class that can go through an asciicast and determines what commands were issued by the user and at what time. I'm using the python regex library to do the searching and am exploring using genetic algorithms for dynamically training the searches.

Our overarching goal is to accurately determine who (user) did what, when and where (host). So far, this is just a matter of pulling from the command prompt ($PS1), but I recognize that this is far from fool-proof given that plenty of our admins use their own, stripped-down $PS1 variables. If anyone has any insight into how we could determine user/host propagation over the course of an asciicast, please share :)

Is this an addition that many other users would find useful? If so, would it be best served as an additional asciinema function, or should I keep it as a stand-alone application?

Originally created by @samkaufman01 on GitHub (Dec 1, 2016). Original GitHub issue: https://github.com/asciinema/asciinema/issues/184 In accordance with our network monitoring needs here at the NCSA, I've been working on a processing class that can go through an asciicast and determines what commands were issued by the user and at what time. I'm using the python regex library to do the searching and am exploring using genetic algorithms for dynamically training the searches. Our overarching goal is to accurately determine who (user) did what, when and where (host). So far, this is just a matter of pulling from the command prompt ($PS1), but I recognize that this is far from fool-proof given that plenty of our admins use their own, stripped-down $PS1 variables. If anyone has any insight into how we could determine user/host propagation over the course of an asciicast, please share :) Is this an addition that many other users would find useful? If so, would it be best served as an additional asciinema function, or should I keep it as a stand-alone application?

kerem closed this issue

2026-03-15 10:09:45 +03:00

kerem commented

2026-03-15 10:09:50 +03:00

Author

Owner

@ku1ik commented on GitHub (Dec 29, 2016):

As you wrote, there isn't really a proven way of filtering commands entered by the user. I'd like to keep the asciinema recorder simple so I think it's best to keep your solution as a stand-alone thing.

@ku1ik commented on GitHub (Dec 29, 2016): As you wrote, there isn't really a proven way of filtering commands entered by the user. I'd like to keep the asciinema recorder simple so I think it's best to keep your solution as a stand-alone thing.