LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   internal-sftp logging sshd (http://www.linuxquestions.org/questions/linux-server-73/internal-sftp-logging-sshd-828498/)

blither 08-25-2010 09:13 PM

internal-sftp logging sshd
 
I have been looking into how to get logging on my SSH server. I would like to have logs similar to what normal FTPs would have when you connect and download/upload. But the only logging I have been able to find is either VERBOSE or DEBUG. Both of which seem to give too much information. It would be nice if there was a logging mode that was just commands sent to the server, does anyone know if this exists?

quanta 08-25-2010 10:44 PM

In sshd_config, change this:
Code:

Subsystem        sftp        /usr/libexec/openssh/sftp-server
to:
Code:

Subsystem        sftp        /usr/libexec/openssh/sftp-server -l INFO -f AUTH
Add a line into syslog.conf:
Code:

auth.info                                                /var/log/sftp.log
Restart sshd, syslog and see it working.

blither 08-25-2010 11:53 PM

Code:

auth.info                /var/log/sftp.log
Wouldn't that log all of my auth.info to sftp.log instead of just sftp though?

And you wouldn't happen to know where syslog.conf is located in Ubuntu 9.10 would you?

And I did implant the first part that was what I was looking for thank you. I must have over looked the info logging. verbose just had too much information that was not needed, I guess that is why they call it verbose :)

quanta 08-26-2010 12:24 AM

Quote:

Originally Posted by blither (Post 4077949)
Code:

auth.info                /var/log/sftp.log
Wouldn't that log all of my auth.info to sftp.log instead of just sftp though?

Because sftp run over ssh, it will included the info such as: session opened, closed in the log file.
Quote:

Originally Posted by blither (Post 4077949)
And you wouldn't happen to know where syslog.conf is located in Ubuntu 9.10 would you?

/etc/syslog.conf (not sure).

alpha01 01-12-2011 08:19 PM

Quote:

Originally Posted by quanta (Post 4077903)
In sshd_config, change this:
Code:

Subsystem        sftp        /usr/libexec/openssh/sftp-server
to:
Code:

Subsystem        sftp        /usr/libexec/openssh/sftp-server -l INFO -f AUTH
Add a line into syslog.conf:
Code:

auth.info                                                /var/log/sftp.log
Restart sshd, syslog and see it working.

I actually implemented an identical solution like this, however this configuration seems to only log the activity when ever root logs into the Linux machine using sftp but not with user accounts whose login shells have been set as /usr/libexec/openssh/sftp-server.

Any idea on why this would be the case?


All times are GMT -5. The time now is 06:45 PM.