SFTP user activity logging on Ubuntu 16.04.4 LTSI'm using Ubuntu Server 16.04.4 LTS to set up a SFTP server via openssh-sftp-server 1:7.2p2-4ubuntu2.8 from my Server I would like to log user activity (change dir, upload/download file etc). So, I am using the below configuration. But, I don't see any information getting logged on /var/log/sftp.log
I have tried a few tutorials on this, but cant seem to get it to work
I am not sure what I am missing.
root:root /var/log/sftp.log root:root /cbop
/etc/rsyslog.d/60-sftp-server.conf
$AddUnixListenSocket /cbop/dev/log
$AddUnixListenSocket /home/occusr/dev/log
# create additional sockets for the sftp chrooted users
#module(load="imuxsock")
input(type="imuxsock" Socket="/cbop" CreatePath="on")
input(type="imuxsock" Socket="/home/occusr/dev/log" CreatePath="on")
# log internal-sftp activity to sftp.log
if $programname == 'internal-sftp' then /var/log/sftp.log
& stop
local0.* /var/log/sftp.log
#LOCAL0.* /var/log/sftp.log
# Report logins and logoffs
#:syslogtag,startswith,"sftp-server" /var/log/sftp.log
/etc/ssh/sshd_config
UsePrivilegeSeparation no
Subsystem sftp internal-sftp -f LOCAL0 -l DEBUG3
Match Group sftponly User *,!ops-user-grp
ChrootDirectory /cbop
AllowTcpForwarding no
X11Forwarding no
ForceCommand internal-sftp -f LOCAL0 -l DEBUG3
ACCEPTED]
Please cross check the permission ( chown and chmod ) /var/log/syslog apply the same to /var/log/sftp.log.
Also check SyslogFacility AUTHPRIV in sshd_config file. you are almost near to see the logs. take a look on 60-sftp-server.conf
which should be holding entry like Auth,Authpriv.*
refer : https://www.the-art-of-web.com/system/rsyslog-config/
local0.* /var/log/sftp.logstatement, and make sure to restart both the SSH & rsyslogd daemons. Then see if you're getting any log output. - Haxiel