How to log internal-sftp chroot jailed users access log to /var/log/sftp.log file
 

Hi All,

I am getting /dev/log directory auto generated on user sftp home directory .

Operating system version : Redhat 7.1

I have followed below mentioned Redhat Article

https://access.redhat.com/articles/1374633


I have configured /etc/ssh/sshd_config as below


Subsystem sftp internal-sftp -f LOCAL6 -l INFO

Match Group sftponly
ChrootDirectory /chroots/welcome
AllowTcpForwarding no
ForceCommand internal-sftp -f LOCAL6 -l INFO
X11Forwarding no


added the following line in /etc/rsyslog.conf to ensure
that the sftp entries will be seperated out to sftp.log:


input(type="imuxsock" Socket="/home/welcome/dev/log" CreatePath="on")
local3.* /var/log/sftp.log




sFTP user home directory I could see /dev/log getting created after rsyslog service restart.


[root@porsche sftp]# ls -al
total 19
drwxr-xr-x. 7 root root 1024 Sep 3 18:15 .
drwxr-xr-x. 9 root root 1024 Sep 3 09:37 ..
-rw-r--r--. 1 sftp sftp 18 Aug 3 2017 .bash_logout
-rw-r--r--. 1 sftp sftp 193 Aug 3 2017 .bash_profile
-rw-r--r--. 1 sftp sftp 231 Aug 3 2017 .bashrc
drwxrwxrwx. 3 sftp sftp 1 Sep 2 23:30 test
drwxr-x---. 2 sftp sftp 1024 Sep 3 09:37 test_1
drwx--x--x. 2 root root 1024 Sep 3 18:18 dev
drwxr-xr-x. 3 root root 1024 Sep 3 09:37 welcome
drwxr-xr-x. 3 root root 1024 Sep 3 09:37 welcome_1
[root@porsche sftp]# cd dev/
[root@porsche dev]# ll
total 1
srw-rw-rw-. 1 root root 0 Sep 3 18:18 log

[root@porsche dev]# cd log
-bash: cd: log: Not a directory
[root@porsche dev]# ll
total 1
srw-rw-rw-. 1 root root 0 Sep 3 18:18 log