| Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
08-25-2010, 08:13 PM
|
#1
|
|
Member
Registered: Dec 2002
Location: Ohio
Distribution: LFS, Ubuntu
Posts: 157
Rep: 
|
internal-sftp logging sshd
I have been looking into how to get logging on my SSH server. I would like to have logs similar to what normal FTPs would have when you connect and download/upload. But the only logging I have been able to find is either VERBOSE or DEBUG. Both of which seem to give too much information. It would be nice if there was a logging mode that was just commands sent to the server, does anyone know if this exists?
|
|
|
|
|
08-25-2010, 09:44 PM
|
#2
|
|
Member
Registered: Aug 2007
Location: Vietnam
Distribution: RedHat based, Debian based, Slackware, Gentoo
Posts: 724
Rep:
|
In sshd_config, change this:
Code:
Subsystem sftp /usr/libexec/openssh/sftp-server
to:
Code:
Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f AUTH
Add a line into syslog.conf:
Code:
auth.info /var/log/sftp.log
Restart sshd, syslog and see it working. |
|
|
|
|
08-25-2010, 10:53 PM
|
#3
|
|
Member
Registered: Dec 2002
Location: Ohio
Distribution: LFS, Ubuntu
Posts: 157
Original Poster
Rep:
|
Code:
auth.info /var/log/sftp.log
Wouldn't that log all of my auth.info to sftp.log instead of just sftp though?
And you wouldn't happen to know where syslog.conf is located in Ubuntu 9.10 would you?
And I did implant the first part that was what I was looking for thank you. I must have over looked the info logging. verbose just had too much information that was not needed, I guess that is why they call it verbose  |
|
|
|
|
08-25-2010, 11:24 PM
|
#4
|
|
Member
Registered: Aug 2007
Location: Vietnam
Distribution: RedHat based, Debian based, Slackware, Gentoo
Posts: 724
Rep:
|
Quote:
Originally Posted by blither
Code:
auth.info /var/log/sftp.log
Wouldn't that log all of my auth.info to sftp.log instead of just sftp though? |
Because sftp run over ssh, it will included the info such as: session opened, closed in the log file.
Quote:
Originally Posted by blither
And you wouldn't happen to know where syslog.conf is located in Ubuntu 9.10 would you?
|
/etc/syslog.conf (not sure). |
|
|
|
|
01-12-2011, 07:19 PM
|
#5
|
|
Member
Registered: Jul 2008
Location: Orange County
Distribution: Ubuntu/Debian, CentOS, RHEL, FreeBSD, OS X
Posts: 75
Rep:
|
Quote:
Originally Posted by quanta
In sshd_config, change this:
Code:
Subsystem sftp /usr/libexec/openssh/sftp-server
to:
Code:
Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f AUTH
Add a line into syslog.conf:
Code:
auth.info /var/log/sftp.log
Restart sshd, syslog and see it working. |
I actually implemented an identical solution like this, however this configuration seems to only log the activity when ever root logs into the Linux machine using sftp but not with user accounts whose login shells have been set as /usr/libexec/openssh/sftp-server.
Any idea on why this would be the case? |
|
|
|
All times are GMT -5. The time now is 07:01 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
