Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
sftpd logs not appearing
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
ultrachrome
n00b
n00b


Joined: 16 Nov 2015
Posts: 2

PostPosted: Sun Nov 22, 2015 4:00 am    Post subject: sftpd logs not appearing Reply with quote

Found lots of sftpd logging how-tos for chrooted users but I'm just trying to enable it for normal users. I see sshd events in the log but no sftpd.

Thought issue might be metalog so I switched to syslog-ng. Same problem.

Code:
Subsystem       sftp    /usr/lib/misc/sftp-server -f AUTH -l INFO


Flailing at this point, I tried -f USER. I even commented out SyslogFacility and LogLevel lines but sshd events still appear in /var/log/messages while sftpd do not.

syslog-ng.conf
Code:
@version: 3.7
# $Id$
#
# Syslog-ng default configuration file for Gentoo Linux

# https://bugs.gentoo.org/show_bug.cgi?id=426814
@include "scl.conf"

options {
        threaded(yes);
        chain_hostnames(no);

        # The default action of syslog-ng is to log a STATS line
        # to the file every 10 minutes.  That's pretty ugly after a while.
        # Change it to every 12 hours so you get a nice daily update of
        # how many messages syslog-ng missed (0).
        stats_freq(43200);
        # The default action of syslog-ng is to log a MARK line
        # to the file every 20 minutes.  That's seems high for most
        # people so turn it down to once an hour.  Set it to zero
        # if you don't want the functionality at all.
        mark_freq(3600);
};

source src { system(); internal(); };

destination messages { file("/var/log/messages"); };

# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

log { source(src); destination(messages); };
log { source(src); destination(console_all); };
Back to top
View user's profile Send private message
miroR
l33t
l33t


Joined: 05 Mar 2008
Posts: 826

PostPosted: Sun Nov 22, 2015 7:17 am    Post subject: Re: sftpd logs not appearing Reply with quote

ultrachrome wrote:
Found lots of sftpd logging how-tos for chrooted users but I'm just trying to enable it for normal users. I see sshd events in the log but no sftpd.

Thought issue might be metalog so I switched to syslog-ng. Same problem.

Code:
Subsystem       sftp    /usr/lib/misc/sftp-server -f AUTH -l INFO


Flailing at this point, I tried -f USER. I even commented out SyslogFacility and LogLevel lines but sshd events still appear in /var/log/messages while sftpd do not.

syslog-ng.conf
Code:
@version: 3.7
# $Id$
#
# Syslog-ng default configuration file for Gentoo Linux

# https://bugs.gentoo.org/show_bug.cgi?id=426814
@include "scl.conf"

options {
        threaded(yes);
        chain_hostnames(no);

        # The default action of syslog-ng is to log a STATS line
        # to the file every 10 minutes.  That's pretty ugly after a while.
        # Change it to every 12 hours so you get a nice daily update of
        # how many messages syslog-ng missed (0).
        stats_freq(43200);
        # The default action of syslog-ng is to log a MARK line
        # to the file every 20 minutes.  That's seems high for most
        # people so turn it down to once an hour.  Set it to zero
        # if you don't want the functionality at all.
        mark_freq(3600);
};

source src { system(); internal(); };

destination messages { file("/var/log/messages"); };

# By default messages are logged to tty12...
destination console_all { file("/dev/tty12"); };
# ...if you intend to use /dev/console for programs like xconsole
# you can comment out the destination line above that references /dev/tty12
# and uncomment the line below.
#destination console_all { file("/dev/console"); };

log { source(src); destination(messages); };
log { source(src); destination(console_all); };

I use, from my syslog-ng, only basic functionality (and surely I don't deploy sftpd), and if you don't have a grsec-hardened kernel, maybe this has no relation with your issue, but still, you check up the stuff in my topic:
Syslog-ng from Delay Logging to BrokenPipe/no Logging
https://forums.gentoo.org/viewtopic-t-1001994-highlight-.html
as none, I repeat none version of syslog-ng has worked for me with my, also worth stressing grsec-hardened kernel machines, after:
Code:

app-admin/syslog-ng-3.4.8

See the topic backward, maybe best:
https://forums.gentoo.org/viewtopic-t-1001994.html#7838704
Cheers!
Back to top
View user's profile Send private message
ultrachrome
n00b
n00b


Joined: 16 Nov 2015
Posts: 2

PostPosted: Mon Nov 23, 2015 12:29 am    Post subject: Reply with quote

Thanks. Not sure what happened but it suddenly started working. Today, I got logging working for chrooted users as well. So all is good.
Back to top
View user's profile Send private message
kikko
Apprentice
Apprentice


Joined: 29 Apr 2014
Posts: 256
Location: Milan, IT

PostPosted: Tue Nov 24, 2015 10:23 pm    Post subject: Reply with quote

Hi ultrachrome
using default syslog-ng configuration, you can get messages from sftp-server subsystem

imho, INFO level is too low, that's why you don't get anything in your messages

I've set
Code:
Subsystem       sftp    /usr/lib64/misc/sftp-server -l DEBUG
(-f AUTH is the default value, thus it's redundant)
and something more verbose appear in /var/log/messages:
Code:
Nov 24 23:15:00 seireitei sshd[32385]: Accepted publickey for kikko from ::1 port 35642 ssh2: my key is not the point
Nov 24 23:15:00 seireitei sshd[32385]: pam_unix(sshd:session): session opened for user kikko by (uid=0)
Nov 24 23:15:00 seireitei sftp-server[32390]: session opened for local user kikko from [::1]
Nov 24 23:15:00 seireitei sftp-server[32390]: received client version 3
Nov 24 23:15:00 seireitei sftp-server[32390]: realpath "."
Nov 24 23:15:00 seireitei sftp-server[32390]: debug1: request 1: sent names count 1
Nov 24 23:15:12 seireitei sftp-server[32390]: opendir "/home/kikko"
Nov 24 23:15:12 seireitei sftp-server[32390]: debug1: request 2: sent handle handle 0
Nov 24 23:15:12 seireitei sftp-server[32390]: debug1: request 3: readdir "/home/kikko" (handle 0)
Nov 24 23:15:12 seireitei sftp-server[32390]: debug1: request 3: sent names count 54
Nov 24 23:15:12 seireitei sftp-server[32390]: debug1: request 4: readdir "/home/kikko" (handle 0)
Nov 24 23:15:12 seireitei sftp-server[32390]: sent status End of file
Nov 24 23:15:12 seireitei sftp-server[32390]: closedir "/home/kikko"
Nov 24 23:15:12 seireitei sftp-server[32390]: sent status Success


As you see, authentication is done by sshd (which binds the port 22, btw) and "hands over" sftp requests to the sftp-server process

Regards
_________________
Regards

root is the root of all evil
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum