Thursday, 4 July 2013

Configuring sftp to log filename, location and size of transfers

Question

How to log filename and size using sftp.

Answer

How to configure sftp to log the name, location and size of the files transferred

Configure the sshd_config to log information to syslog

#vi /etc/ssh/sshd_config
Locate the following line:
Subsystem sftp /usr/sbin/sftp-server
Add the following parameters "-l INFO -f AUTH" at the end:
Subsystem sftp /usr/sbin/sftp-server -l INFO -f AUTH
Save the /etc/ssh/sshd_config file.

Configure syslog to record information from sftp-server

#vi /etc/syslog.conf
Add the following line in syslog.conf
auth.info /tmp/sftp.log
Save the file /etc/syslog.conf, create the log file and refresh syslogd.
#touch /tmp/sftp.log
#refresh -s syslogd
Restart sshd daemon.
#stopsrc -s sshd
#startsrc -s sshd

NOTE: While stopping and starting sshd, users will not be able create new connections. Already existing connections will not get disconnected.
To test it out, try the following from an sftp client.
#sftp user@<server-name>
password: <Enter Password>
<sftp>cd /
<sftp>put motd
In syslog you should see logged information similar to the one below, it should include the file name and size.
Oct 8 11:29:07 surya auth|security:info sftp-server[372922]: open "/motd" flags WRITE,CREATE,TRUNCATE mode 0666
Oct 8 11:29:07 surya auth|security:info sftp-server[372922]: close "/motd" bytes read 0 written 880

0 blogger-disqus:

Post a comment