I'm trying to enable logging for SFTP file transfer (without help of any opentools) on solaris 10 using "internal-sftp" but couldn't see any info about file transfers. Please help.
**#Argument in SSHD_CONFIG**
Subsystem sftp internal-sftp -f AUTH -l DEBUG
All I can see in /var/log/sftplogging is as below
Nov 15 15:15:17 test-server sshd[6032]: [ID 800047 auth.debug] debug1: open id 8 name /home/.sh_history flags 26 mode 0600
Nov 15 15:15:17 test-server sshd[6032]: [ID 800047 auth.debug] debug1: sent handle id 8 handle 0
Nov 15 15:15:17 test-server sshd[6032]: [ID 800047 auth.debug] debug1: write id 9 handle 0 off 0 len 948
Nov 15 15:15:17 test-server sshd[6032]: [ID 800047 auth.debug] debug1: sent status id 9 error 0
Nov 15 15:15:17 test-server sshd[6032]: [ID 800047 auth.debug] debug1: close id 9 handle 0 Nov 15 15:15:17 test-server sshd[6032]: [ID 800047 auth.debug] debug1: sent status id 9 error 0
What I Need:
I need to have loggers in below format
May 27 05:58:16 test-server internal-sftp[20050]: session opened for local user test-user from [192.168.1.1]
May 27 05:58:16 test-server internal-sftp[20050]: received client version 3
May 27 05:58:16 test-server internal-sftp[20050]: realpath "."
May 27 05:58:21 test-server internal-sftp[20050]: opendir "/home/test-user/"
May 27 05:58:21 test-server internal-sftp[20050]: closedir "/home/test-user/"
May 27 05:58:21 test-server internal-sftp[20050]: lstat name "/home/test-user/upload"
May 27 05:58:21 test-server internal-sftp[20050]: realpath "/home/test-user/upload/"
May 27 05:58:21 test-server internal-sftp[20050]: stat name "/home/test-user/upload"
May 27 05:58:24 test-server internal-sftp[20050]: open "/home/test-user/upload/test-file.pdf" flags WRITE,CREATE,TRUNCATE mode 0664
May 27 05:58:25 test-server internal-sftp[20050]: close "/home/test-user/upload/test
Link for Old Question : SFTP logging: is there a way?
Best Answer
SOLVED
1) Created a parent directory (virtual) and created log, conslog, null and zero files using mknod as per my system configuration (check ls -ltr /dev/log .. for all above files to get major and minor numbers).
2) Once it's done create "dev" folder for every jailed user "/chroot/dev/" and create hardlink for all files present in "/virtual/" as ln -f /virtual/* /chroot/dev/.
3) Create soft link for "/dev/log" to "/virutal/log" as ln -sf /virtual/log /dev/log
Restart the syslogd daemon and you can see all SFTP transfer logs for Jailed Users in choosen directory.