-   Linux - Server (
-   -   SFTP and rsyslogd not actually logging. Config help? (

arashi256 04-12-2012 04:18 PM

SFTP and rsyslogd not actually logging. Config help?
I want to log everything I can about what's happening over my SFTP service. The service works fine, but I cannot get it to log anything.

I'm using Fedora 16.

Here is my config additions...

/etc/ssh/sshd_config: -


Subsystem  sftp  internal-sftp -f LOCAL5 -l VERBOSE
And the addition to /etc/rsyslog.conf: -


local5.* /var/log/sftpd.log
Restarted both services with: -


service rsyslog restart
service sshd restart

I tested it by logging in and downloading a file. No /var/log/sftpd.log file is created and I get no logging.

It's running in an SFTP chroot jail, if it's makes a difference, but my gut instinct is that's not the problem. Any help please?

arashi256 04-13-2012 06:30 AM

Update - SFTP logging *does* appear to work with accounts outside the chrooted SFTP account environment. So it must be something to do with that. Any ideas from here? Thanks.

david1941 04-13-2012 06:48 AM

Sounds like a permissions problem. Selinux? Try creating the configured log file, /var/log/sftpd.log (touch /var/log/sftpd.log) and change the owner to whatever user is running in the chroot (chown user:user /var/log/sftpd.log). You might need to do all that as root.

arashi256 04-13-2012 07:15 AM

I think it means somehow that the chrooted user cannot write to the sftpd.log as it's outside the jail. I don't really understand this as it's supposed to be handled by rsyslog which is a system service. Whut? Is there a way to configure rsyslog to write a log to it's own jail while at the same time being invisible to the chrooted user? This is assuming I cannot write this chrooted user's activities to the normal /var/log/sftpd.log as it can for "normal" SFTP users who are not chrooted.

This stuff is good and secure but a right pain to set up. :-/

All times are GMT -5. The time now is 10:09 PM.