Howto log multiple sftpd instances with their chroot shared via NFS

[David Newall]

Hi Hildegard,

On 29/9/21 6:54 pm, Hildegard Meier wrote:
>> Von: "Hildegard Meier"<daku8938 at gmx.de>
>> If one does not use the/dev/log in the chroot environment (that is /var/data/chroot/<username>/dev/log absolute), you have a global sftpd log (I think in /var/log/messages on the server or something like that).
> Sorry I think this is not true, I think I confused this with the first situation when I did not fetch each sftp chrooted user's /dev/log with a specific syslog-ng source config,
> but just the whole sftp session logs from all users wnet to facility LOCAL5 and I fetched facility LOCAL5 into one log file. But /dev/log in each sftp user's chroot dir was required for that, though.

I don't think it should be this hard to fix.  I'd like to help.

I'm sorry if the questions have already been asked; if so, I missed it.

What is /dev/log on each server (not the one in chroot).  I.e. output of 
ls -l /dev/log

As Peter Stuge said, if you're using internal-sftp, the log device would 
be opened at start of sshd.  For external sftp, what is /dev/log in each 
NFS chroot?  I.e. output of ls -l /var/data/chroot/dev/log

What OS are used on your sftp server (i.e. not the NFS server, and not 
the sftp client machine.)

Regards,

David