Sftp logs
joel.wi...@gmail.com
I haven't been able to find out an answer in the present list :-(. If
i'm just not good enough to find it, please drop me the link to it...
I'm looking for sftp-server logs
(mkdir, rmdir, etc...) !!
My sshd log config look like this:
# Logging
SyslogFacility AUTH
LogLevel INFO
Looking to ssh source code version:
cat version.h
/* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */
#define SSH_VERSION "OpenSSH_4.5"
I found out that using the default INFO log level, the "void
logit(const char *fmt,...)" function was used (log.c file). If I'm
right, all logit function call should appear in my AUTH facility log
file which is (from syslog.conf):
auth,authpriv.* /var/log/auth.log
Using grep (grep -R logit * | sed -e
's/\(.*.c\):.*logit(\"\(.*\)\".*/\1\t\2/') to find out logit function
calls in source code, i find out some interesting log info but i'm not
able to see them in my syslog (auth) file. Maybe those function are
just not called by sftp-server !?
I wanted to be able to see the following lines (mkdir, rmdir, etc..)
which are given string to logit function:
sftp-server.c opendir \"%s\"
sftp-server.c remove name \"%s\"
sftp-server.c mkdir name \"%s\" mode 0%o
sftp-server.c rmdir name \"%s\"
For example the "static void process_opendir(void)" function which
seems to open a directory provide a nice logit line (logit("opendir
\"%s\"", path);) but i'm not able to get it into syslog...
I did my testing with an older SSH version (OpenSSH_4.3p2 Debian-2,
OpenSSL 0.9.8b 04 May 2006).
Maybe someone have a tip for me ?
Thanks a lot for your help,
Regards,
Joël
Darren Tucker
> I haven't been able to find out an answer in the present list :-(. If
> i'm just not good enough to find it, please drop me the link to it...
> I'm looking for sftp-server logs
> (mkdir, rmdir, etc...) !!
>
> My sshd log config look like this:
> # Logging
> SyslogFacility AUTH
> LogLevel INFO
You need to enable logging in sftp-server as it's not enabled by default.
Add the relevant options to the "Subsystem sftp" line in sshd_config
and restart sshd. The sftp-server man page has details on the options
(basically just "-f facility" and "-l loglevel").
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
joel.wi...@gmail.com
Thanks a lot for the info. My sftp-server man page wasn't containing
option details... I found one with the needed information:
http://www.daemon-systems.org/man/sftp-server.8.html
Unfortunately i'm not able to give options of the "Subsystem" call in
my sshd_config file... I tryed many kind of escaping way but it doesn't
work...
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTH -l INFO
Subsystem sftp "/usr/lib/openssh/sftp-server -f AUTH -l INFO"
Subsystem "sftp /usr/lib/openssh/sftp-server -f AUTH -l INFO"
Subsystem sftp '/usr/lib/openssh/sftp-server -f AUTH -l INFO'
etc...
Here is sshd output:
/etc/ssh/sshd_config line 75: garbage at end of line; "-f".
Do you maybe have an idea ? My sshd version is:
OpenSSH_4.3p2 Debian-2, OpenSSL 0.9.8b 04 May 2006
Many thanks !
Joël
Darren Tucker
> Thanks a lot for the info. My sftp-server man page wasn't containing
> option details... I found one with the needed information:
> http://www.daemon-systems.org/man/sftp-server.8.html
>
> Unfortunately i'm not able to give options of the "Subsystem" call in
> my sshd_config file... I tryed many kind of escaping way but it doesn't
> work...
> Do you maybe have an idea ? My sshd version is:
> OpenSSH_4.3p2 Debian-2, OpenSSL 0.9.8b 04 May 2006
sftp-server logging and the ability to pass command line options to
subsystems were both added in version 4.4 (which is also why your
man pages don't have it).
joel.wi...@gmail.com
Ok, thanks for the info !! I should have look to the changelog
(http://www.openssh.com/txt/release-4.4) which says:
* Extend sshd_config(5) "SubSystem" declarations to allow the
specification of command-line arguments.
Many thanks for the tip !
Joël