Logging sftp activity

Logging SFTP activity can be done (on most Linux systems) by editing /etc/ssh/sshd_config . Simply find:

Subsystem sftp /usr/libexec/openssh/sftp-server

And change to:

Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO

Then restart the ssh daemon:

systemctl restart sshd

The info log level is just one of many, there are others, like VERBOSE, DEBUG etc, but usually INFO is a good compromise. To see the logs simply tail /var/log/messages:

tail -f /var/log/messages | grep /the/directory/i/care/about

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s