For When You Can't Have The Real Thing
[ start | index | login ]
start > Linux > rsyslog > chroot sftp logging

chroot sftp logging

Created by dave. Last edited by dave, 197 days ago. Viewed 240 times. #3
[diff] [history] [edit] [rdf]


Need to log sftp traffic in my chroot'd user directories.


in /etc/ssh/sshd_config:

# override default of no subsystems
Subsystem       sftp    internal-sftp -f LOCAL7 -l INFO

Be sure that all instances of your internal-sftp in sshd_config are similarly modified.

in rsyslogd.conf:

$AddUnixListenSocket /var/spool/rsyslog/rsyslog-sftp
# Parse the data logged at level INFO and facility LOCAL7 into /var/log/sftp.log /var/log/sftp.log

# Report logins and logoffs :syslogtag,startswith,"sftp-server" /var/log/sftp.log

...and restart rsyslog

In each chroot home directory:

# ln /var/spool/rsyslog/rsyslog-sftp dev/log


no comments | post comment

Virtual Dave Megaplex:

Internet Explorer 6 Users >>Click Here

(read this note about local search)

Logged in Users: (0)
… and 18 Guests.

Editing: snipsnap-help, Image Macro

(Et auditum est, et idcirco ego nunc simulare)

Installed 7 years and 102 days ago
Powered By >>SnipSnap Version 1.0b1-uttoxeter

This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful: | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt