For When You Can't Have The Real Thing
[ start | index | login ]
start > Linux > rsyslog > chroot sftp logging

chroot sftp logging

Created by dave. Last edited by dave, 43 days ago. Viewed 41 times. #3
[diff] [history] [edit] [rdf]
labels
attachments
(2017-10-10)

Problem

Need to log sftp traffic in my chroot'd user directories.

Solution

in /etc/ssh/sshd_config:

# override default of no subsystems
Subsystem       sftp    internal-sftp -f LOCAL7 -l INFO

Be sure that all instances of your internal-sftp in sshd_config are similarly modified.

in rsyslogd.conf:

$AddUnixListenSocket /var/spool/rsyslog/rsyslog-sftp
# Parse the data logged at level INFO and facility LOCAL7 into /var/log/sftp.log
local7.info /var/log/sftp.log

# Report logins and logoffs :syslogtag,startswith,"sftp-server" /var/log/sftp.log

...and restart rsyslog

In each chroot home directory:

# ln /var/spool/rsyslog/rsyslog-sftp dev/log

(>>Source)

no comments | post comment

Virtual Dave Megaplex:

Internet Explorer 6 Users >>Click Here

(read this note about local search)

Logged in Users: (1)
… and 22 Guests.


Editing: snipsnap-help, Image Macro

(Et auditum est, et idcirco ego nunc simulare)

Installed 6 years and 314 days ago
Powered By >>SnipSnap Version 1.0b1-uttoxeter

This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt