Cannot get sftp transfers to log in the systemd journal
Jakub Jelen
jjelen at redhat.com
Tue May 10 18:52:33 AEST 2016
On 05/09/2016 06:10 PM, John wrote:
> I'd like to have sshd write entries into the systemd journal logging sftp transfers. From googling, it seems that one needs to edit /etc/ssh/sshd_config adding this line:
>
> Subsystem sftp /usr/lib/ssh/sftp-server -f AUTH -l VERBOSE
>
>
> I can transfer files via filezilla (sftp) but I don't get anything in `journalctl -u sshd` that shows these transfers, just a few lines showing I connected. What am I doing wrong? I am using version 7.2p2 on Arch Linux. Thanks in advance!
These logs are logged under different "user" than sshd. It should be
logged under "sftp-server" process name. It certainly works on
Fedora/RHEL, unless:
* you are in chroot -- this requires a bit different approach
* your user is blocked from opening or writing to /dev/log or however
is syslog configured to accept logs
Note, that using above settings logs under the user logging in and not
under root so you need appropriate access.
Regards,
--
Jakub Jelen
Associate Software Engineer
Security Technologies
Red Hat
More information about the openssh-unix-dev
mailing list