PATCH: sftp-server logging.
Jason A. Dour
jason at dour.org
Mon Mar 18 10:24:24 EST 2002
On Sun, Mar 17, 2002 at 09:18:16PM +0100, Markus Friedl wrote:
> On Fri, Mar 15, 2002 at 12:20:47PM -0500, Jason A. Dour wrote:
> > This is another take on logging for sftp-server. Given the number
> > of private email requests I've received for this patch, I assume
> > there is signifigant enough interest to request it be reviewed for
> > inclusion into the release.
> >
>
> you can make sftp-server log if you modify this define.
>
> #define TRACE debug
Yes, you COULD do that. And the logging one would receive from
doing that would be excessive, cryptic, and worst of all --
worthless.
While the TRACE commands are useful for debugging, they are useless
as a means of auditing your server. They provide no information as
to the process chain, the userid of the user, or anything else one
might want in an administrative setting, and they provide TOO MUCH
useless information. Trying to use that tool to do anything other
than debug a single instance of sftp-server for purposes of fixing a
problem would be an exercise in madness and futility.
OpenSSH is a wonderful product, but you're shooting yourself in the
foot by not logging SFTP. Debugging and logging are two separate
things, needed by two entirely different portions of your userbase.
And given the repeated requests one sees for it on this and other
forums, one would think this patch or ones like it would deserve
more attention and discussion.
Cheers,
Jason
# "Jason A. Dour" <jason at dour.org> http://dour.org/
# Founder / Executive Producer - PJ Harvey Online - http://pjh.org/
More information about the openssh-unix-dev
mailing list