| View previous topic :: View next topic |
| Author |
Message |
Ph0eniX
Guru
Joined: 24 Sep 2004
Posts: 502
Location: New York, U.S.
|
 Posted: Wed Dec 15, 2010 3:34 pm Post subject: SFTP transfer logging |
 |
|
I'm running OpenSSH 5.2p1. I have configured chroot'ed SFTP and set the logging level to VERBOSE and I'm getting a lot of useful info in the logs but file transfer info isn't being logged. I want to be able to track uploaded, downloaded files as well folder creations/deletions, etc. A client is telling me that they've been uploading files to my server but I can't find them so I want to be able to see exactly what they're doing. How do I accomplish this?
Thanks! 
J. |
|
| Back to top |
|
 |
ferreirafm
Guru
Joined: 28 Jul 2005
Posts: 487
Location: Sao Paulo, Brazil
|
| Posted: Wed Dec 15, 2010 7:12 pm Post subject: |
|
|
Hi Ph0eniX,
The sshd_config has several keywords for you to modify. For instance, LogLevel VERBOSE will give you things like IP, logging time, transfered files, file size and so on. Have a look at the sshd_config manual to see which keyword best fit your needs. Hope it helps.
G'Luck,
ferreirafm |
|
| Back to top |
|
|
Ph0eniX
Guru
Joined: 24 Sep 2004
Posts: 502
Location: New York, U.S.
|
| Posted: Thu Dec 16, 2010 3:38 pm Post subject: |
|
|
| ferreirafm wrote: | Hi Ph0eniX,
The sshd_config has several keywords for you to modify. For instance, LogLevel VERBOSE will give you things like IP, logging time, transfered files, file size and so on. Have a look at the sshd_config manual to see which keyword best fit your needs. Hope it helps.
G'Luck,
ferreirafm |
Hi ferreirafm,
Thank you for the suggestion. I had my logging level set to DEBUG3 (the most info) and I switched to VERBOSE per your recommendation but I can't figure out where the actual file transfers are getting logged. I don't see them in any of my log files. I must be doing something wrong. |
|
| Back to top |
|
|
ferreirafm
Guru
Joined: 28 Jul 2005
Posts: 487
Location: Sao Paulo, Brazil
|
| Posted: Fri Dec 17, 2010 1:42 pm Post subject: |
|
|
Hi Ph0eniX,
Have a look in your file /var/log/messages. There you should have sshd issues like this:
| Code: | Dec 14 02:50:50 mephistp sshd[21483]: Connection closed by 172.24.36.51
Dec 14 02:50:50 mephistp sshd[21483]: pam_unix(sshd:session): session closed for user root
Dec 14 02:50:50 mephistp sshd[21483]: Transferred: sent 1929636744, received 434144 bytes
Dec 14 02:50:50 mephistp sshd[21483]: Closing connection to 172.24.36.51 port 52092 |
You might want to use logrotate to manage your messages file. Take a look in the sshd manual to figure out how to redirect the sshd issues to a separate file. If you mean the name of each transferred file. Basically, you need to add the -l and -f options (verify!) to the sftp-server line in sshd_config to specify the appropriate syslog level and restart sshd to pick up the changes. See sftp-server man pages for details. Syslog will also need to be configured appropriately. I particularly don't track file transfers at this level.
G'Luck
ferreirafm |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
