Chroot SFTP Session Logging

noelpaul · February 21, 2013, 10:01am

Hi All,

I have configured my SLES 11 SP 1 server to perform chrooted SFTP session which works fine. I’m trying get internal-sftp to log the actual sftp session. Has anyone been able to do this or can anyone point me to a doc. that contains the info.

Currently my /etc/ssh/sshd_config looks has the following:

Subsystem sftp internal-sftp -f AUTH -l VERBOSE

Match group sftponly
ChrootDirectory /u01/sftp-chroot/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -f AUTH -l VERBOSE

Thanks.

noelpaul · February 22, 2013, 3:49am

After doing a bit more research, all I had to do was create a domain socket in each chroot user directory. I am using syslog-ng for system logging:

mkdir /u01/sftp-chroot//dev

syslog-ng -a /u01/sftp-chroot//dev/log

Then modify /etc/syslog-ng/syslog-ng.conf to channel the sftp session logs to wherever you want.

Topic		Replies	Views
sFTP setup, what's missing? SLES Configure-Administer	1	195	November 1, 2012
sshd configuration SLES Configure-Administer	4	177	August 27, 2015
Logging question SLES Configure-Administer	2	195	August 17, 2017
Need Assstnce Wth Syslog-NG Conf to Accept Remote syslg data SLES Configure-Administer	3	172	April 16, 2012
Syslog-ng SLES Configure-Administer	1	333	August 31, 2012

Chroot SFTP Session Logging

mkdir /u01/sftp-chroot//dev

syslog-ng -a /u01/sftp-chroot//dev/log

Related Topics