Question Log chroot SFTP file transfers

mserra_manxa · Apr 8, 2024

Hi, I'm trying to log SFTP file transfers for a chrooted users.

My /etc/ssh/sshd_config:

Code:

# override default of no subsystems
# Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp /usr/lib/openssh/sftp-server -f LOCAL7 -l INFO
##### I tried other options, but not works...
#Subsystem sftp /usr/lib/openssh/sftp-server -l INFO
#Subsystem sftp /usr/lib/openssh/sftp-server -f AUTH -l INFO

##### I tried for a specific user override, but not works ...
#Match User mydomain
#       ForceCommand internal-sftp -f LOCAL7 -l INFO

My /etc/rsyslog.d/60-sftp.conf:

Code:

$AddUnixListenSocket /var/www/vhosts/mydomain/dev/log

# Parse the data logged at level INFO and facility LOCAL7 into /var/log/sftp.log
LOCAL7.* /var/log/sftp.log

# Report logins and logoffs
:syslogtag,startswith,"sftp-server" /var/log/sftp.log

Restarted services...

Code:

service ssh restart; service rsyslog restart

I have a log socket in /var/www/vhosts/mydomain/dev/:

Code:

srw-rw-rw- 1 root root    0 Apr  8 12:49 log

But both files (/var/log/sftp.log and /var/www/vhosts/mydomain/dev/log) are empty

What I'm missing?

mserra_manxa · Apr 8, 2024

Well, seems my config works (in part). The SFTP file transfers are logged, but on /var/log/syslog, not in /var/log/sftp.log.

I don't know why, but by now it's ok for me.

Question Log chroot SFTP file transfers

mserra_manxa

New Pleskian

mserra_manxa

New Pleskian

Similar threads