LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-12-2012, 04:18 PM   #1
arashi256
Member
 
Registered: Jan 2008
Location: Brighton, UK
Distribution: Ubuntu 12.04 / CentOS 6.5
Posts: 384

Rep: Reputation: 61
SFTP and rsyslogd not actually logging. Config help?


I want to log everything I can about what's happening over my SFTP service. The service works fine, but I cannot get it to log anything.

I'm using Fedora 16.

Here is my config additions...

/etc/ssh/sshd_config: -

Code:
Subsystem   sftp   internal-sftp -f LOCAL5 -l VERBOSE
And the addition to /etc/rsyslog.conf: -

Code:
local5.* /var/log/sftpd.log
Restarted both services with: -

Code:
service rsyslog restart
service sshd restart
I tested it by logging in and downloading a file. No /var/log/sftpd.log file is created and I get no logging.

It's running in an SFTP chroot jail, if it's makes a difference, but my gut instinct is that's not the problem. Any help please?
 
Old 04-13-2012, 06:30 AM   #2
arashi256
Member
 
Registered: Jan 2008
Location: Brighton, UK
Distribution: Ubuntu 12.04 / CentOS 6.5
Posts: 384

Original Poster
Rep: Reputation: 61
Update - SFTP logging *does* appear to work with accounts outside the chrooted SFTP account environment. So it must be something to do with that. Any ideas from here? Thanks.
 
Old 04-13-2012, 06:48 AM   #3
david1941
Member
 
Registered: May 2005
Location: St. Louis, MO
Distribution: CentOS6
Posts: 267

Rep: Reputation: 57
Sounds like a permissions problem. Selinux? Try creating the configured log file, /var/log/sftpd.log (touch /var/log/sftpd.log) and change the owner to whatever user is running in the chroot (chown user:user /var/log/sftpd.log). You might need to do all that as root.
 
Old 04-13-2012, 07:15 AM   #4
arashi256
Member
 
Registered: Jan 2008
Location: Brighton, UK
Distribution: Ubuntu 12.04 / CentOS 6.5
Posts: 384

Original Poster
Rep: Reputation: 61
I think it means somehow that the chrooted user cannot write to the sftpd.log as it's outside the jail. I don't really understand this as it's supposed to be handled by rsyslog which is a system service. Whut? Is there a way to configure rsyslog to write a log to it's own jail while at the same time being invisible to the chrooted user? This is assuming I cannot write this chrooted user's activities to the normal /var/log/sftpd.log as it can for "normal" SFTP users who are not chrooted.

This stuff is good and secure but a right pain to set up. :-/
 
  


Reply

Tags
configuration, logging, rsyslog, sftp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Can't get SFTP logging to work GlowingApple Linux - Server 2 03-01-2012 05:32 PM
RHEL 6.1: bash logging to rsyslogd Paul.Preston Red Hat 8 08-31-2011 01:47 PM
Chrooted OpenSSH SFTP server logging issue Sea-you Linux - Server 2 08-03-2011 09:09 PM
internal-sftp logging sshd blither Linux - Server 4 01-12-2011 07:19 PM
SSH / SFTP session logging phatgeezer Linux - Security 2 05-07-2007 10:42 AM


All times are GMT -5. The time now is 04:12 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration