sftp logging, filenames with strange characters and parsing the logfile
Kurt Jaeger
pi at nepustil.net
Thu Aug 22 01:21:13 EST 2013
Hi!
The OpenSSH sshd sftp function can be configured to send logging to syslog.
When a file is open'ed or closed with unexpected characters, those
characters are send directly to syslog, e.g. a file with a '"' in it:
Aug 21 17:09:11 test internal-sftp[10128]: open "/usr/home/test/te"st" flags WRITE,CREATE,TRUNCATE mode 0664
This makes is difficult and error-prone to parse the logfile. Would it
be possible to mask those characters in filenames, e.g. like the quotemeta
function in perl does or the %xx escapes used in apache ?
Alternativly, if the logging is changed so that the filename comes at
the end, then the parser can just read until end-of-line (if the filename
does not contain a newline...)
Something like this:
Aug 21 17:09:11 test internal-sftp[10128]: open flags WRITE,CREATE,TRUNCATE mode 0664 name /usr/home/test/te"st
--
MfG/Best regards, Kurt Jaeger 7 years to go !
Dr.-Ing. Nepustil & Co. GmbH fon +49 7123 93006-0 pi at nepustil.net
Rathausstr. 3 fax +49 7123 93006-99
72658 Bempflingen mob +49 171 3101372
More information about the openssh-unix-dev
mailing list