On 05/09/2016 06:10 PM, John wrote:
I'd like to have sshd write entries into the systemd journal logging sftp transfers. From googling, it seems that one needs to edit /etc/ssh/sshd_config adding this line:
Subsystem sftp /usr/lib/ssh/sftp-server -f AUTH -l VERBOSE
I can transfer files via filezilla (sftp) but I don't get anything in `journalctl -u sshd` that shows these transfers, just a few lines showing I connected. What am I doing wrong? I am using version 7.2p2 on Arch Linux. Thanks in advance!
These logs are logged under different "user" than sshd. It should be
logged under "sftp-server" process name. It certainly works on
Fedora/RHEL, unless:
* you are in chroot -- this requires a bit different approach
* your user is blocked from opening or writing to /dev/log or however
is syslog configured to accept logs
Note, that using above settings logs under the user logging in and not
under root so you need appropriate access.
Regards,
--
Jakub Jelen
Associate Software Engineer
Security Technologies
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev