Sftp logs - SSH

This is a discussion on Sftp logs - SSH ; Dear SSH lovers, I haven't been able to find out an answer in the present list :-(. If i'm just not good enough to find it, please drop me the link to it... I'm looking for sftp-server logs (mkdir, rmdir, ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Sftp logs

  1. Sftp logs

    Dear SSH lovers,

    I haven't been able to find out an answer in the present list :-(. If
    i'm just not good enough to find it, please drop me the link to it...
    I'm looking for sftp-server logs
    (mkdir, rmdir, etc...) !!

    My sshd log config look like this:
    # Logging
    SyslogFacility AUTH
    LogLevel INFO

    Looking to ssh source code version:
    cat version.h
    /* $OpenBSD: version.h,v 1.48 2006/11/07 10:31:31 markus Exp $ */
    #define SSH_VERSION "OpenSSH_4.5"

    I found out that using the default INFO log level, the "void
    logit(const char *fmt,...)" function was used (log.c file). If I'm
    right, all logit function call should appear in my AUTH facility log
    file which is (from syslog.conf):
    auth,authpriv.* /var/log/auth.log

    Using grep (grep -R logit * | sed -e
    's/\(.*.c\):.*logit(\"\(.*\)\".*/\1\t\2/') to find out logit function
    calls in source code, i find out some interesting log info but i'm not
    able to see them in my syslog (auth) file. Maybe those function are
    just not called by sftp-server !?

    I wanted to be able to see the following lines (mkdir, rmdir, etc..)
    which are given string to logit function:
    sftp-server.c opendir \"%s\"
    sftp-server.c remove name \"%s\"
    sftp-server.c mkdir name \"%s\" mode 0%o
    sftp-server.c rmdir name \"%s\"

    For example the "static void process_opendir(void)" function which
    seems to open a directory provide a nice logit line (logit("opendir
    \"%s\"", path) but i'm not able to get it into syslog...
    I did my testing with an older SSH version (OpenSSH_4.3p2 Debian-2,
    OpenSSL 0.9.8b 04 May 2006).

    Maybe someone have a tip for me ?

    Thanks a lot for your help,

    Regards,

    JoŽl


  2. Re: Sftp logs

    On 2006-12-12, joel.winteregg@gmail.com wrote:
    > I haven't been able to find out an answer in the present list :-(. If
    > i'm just not good enough to find it, please drop me the link to it...
    > I'm looking for sftp-server logs
    > (mkdir, rmdir, etc...) !!
    >
    > My sshd log config look like this:
    > # Logging
    > SyslogFacility AUTH
    > LogLevel INFO


    You need to enable logging in sftp-server as it's not enabled by default.

    Add the relevant options to the "Subsystem sftp" line in sshd_config
    and restart sshd. The sftp-server man page has details on the options
    (basically just "-f facility" and "-l loglevel").

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  3. Re: Sftp logs

    Hi Darren,

    Thanks a lot for the info. My sftp-server man page wasn't containing
    option details... I found one with the needed information:
    http://www.daemon-systems.org/man/sftp-server.8.html

    Unfortunately i'm not able to give options of the "Subsystem" call in
    my sshd_config file... I tryed many kind of escaping way but it doesn't
    work...

    Subsystem sftp /usr/lib/openssh/sftp-server -f AUTH -l INFO
    Subsystem sftp "/usr/lib/openssh/sftp-server -f AUTH -l INFO"
    Subsystem "sftp /usr/lib/openssh/sftp-server -f AUTH -l INFO"
    Subsystem sftp '/usr/lib/openssh/sftp-server -f AUTH -l INFO'
    etc...

    Here is sshd output:
    /etc/ssh/sshd_config line 75: garbage at end of line; "-f".

    Do you maybe have an idea ? My sshd version is:
    OpenSSH_4.3p2 Debian-2, OpenSSL 0.9.8b 04 May 2006

    Many thanks !

    JoŽl

    Darren Tucker wrote:
    > On 2006-12-12, joel.winteregg@gmail.com wrote:
    > > I haven't been able to find out an answer in the present list :-(. If
    > > i'm just not good enough to find it, please drop me the link to it...
    > > I'm looking for sftp-server logs
    > > (mkdir, rmdir, etc...) !!
    > >
    > > My sshd log config look like this:
    > > # Logging
    > > SyslogFacility AUTH
    > > LogLevel INFO

    >
    > You need to enable logging in sftp-server as it's not enabled by default.
    >
    > Add the relevant options to the "Subsystem sftp" line in sshd_config
    > and restart sshd. The sftp-server man page has details on the options
    > (basically just "-f facility" and "-l loglevel").
    >
    > --
    > Darren Tucker (dtucker at zip.com.au)
    > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    > Good judgement comes with experience. Unfortunately, the experience
    > usually comes from bad judgement.



  4. Re: Sftp logs

    On 2006-12-12, joel.winteregg@gmail.com wrote:
    > Thanks a lot for the info. My sftp-server man page wasn't containing
    > option details... I found one with the needed information:
    > http://www.daemon-systems.org/man/sftp-server.8.html
    >
    > Unfortunately i'm not able to give options of the "Subsystem" call in
    > my sshd_config file... I tryed many kind of escaping way but it doesn't
    > work...

    [...]
    > Do you maybe have an idea ? My sshd version is:
    > OpenSSH_4.3p2 Debian-2, OpenSSL 0.9.8b 04 May 2006


    sftp-server logging and the ability to pass command line options to
    subsystems were both added in version 4.4 (which is also why your
    man pages don't have it).

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  5. Re: Sftp logs

    Hi,

    Ok, thanks for the info !! I should have look to the changelog
    (http://www.openssh.com/txt/release-4.4) which says:
    * Extend sshd_config(5) "SubSystem" declarations to allow the
    specification of command-line arguments.


    Many thanks for the tip !

    JoŽl

    Darren Tucker wrote:
    > On 2006-12-12, joel.winteregg@gmail.com wrote:
    > > Thanks a lot for the info. My sftp-server man page wasn't containing
    > > option details... I found one with the needed information:
    > > http://www.daemon-systems.org/man/sftp-server.8.html
    > >
    > > Unfortunately i'm not able to give options of the "Subsystem" call in
    > > my sshd_config file... I tryed many kind of escaping way but it doesn't
    > > work...

    > [...]
    > > Do you maybe have an idea ? My sshd version is:
    > > OpenSSH_4.3p2 Debian-2, OpenSSL 0.9.8b 04 May 2006

    >
    > sftp-server logging and the ability to pass command line options to
    > subsystems were both added in version 4.4 (which is also why your
    > man pages don't have it).
    >
    > --
    > Darren Tucker (dtucker at zip.com.au)
    > GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    > Good judgement comes with experience. Unfortunately, the experience
    > usually comes from bad judgement.



+ Reply to Thread