SFTP monitoring tools

Issues related to configuring your network
Post Reply
cerino
Posts: 2
Joined: 2019/06/07 13:02:37

SFTP monitoring tools

Post by cerino » 2019/06/07 13:15:31

Hi guys, how can I monitor connection and file transfer process on my SFTP server?
My goal is to know who is connected (username) and if one or more file tranfer process are on execution (upload or download).
What do you do in this case or what tools do you usually use?

Thank you!

User avatar
TrevorH
Forum Moderator
Posts: 25816
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: SFTP monitoring tools

Post by TrevorH » 2019/06/07 14:55:10

You will find that sftp connections are logged in /var/log/secure as it's using openssh to do the connections. What is transferred is another question entirely.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

stevemowbray
Posts: 469
Joined: 2012/06/26 14:20:47

Re: SFTP monitoring tools

Post by stevemowbray » 2019/06/07 14:58:52

Change the logging on the sftp subsystem in /etc/ssh/sshd_config e.g.

Code: Select all

Subsystem       sftp    /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
That then logs all file access to wherever you configure your rsyslog to log them, /var/log/secure by default.

cerino
Posts: 2
Joined: 2019/06/07 13:02:37

Re: SFTP monitoring tools

Post by cerino » 2019/06/10 08:08:29

Thank you!
Sounds good, so I can send log to my Loganalyzer server.

What is the differnce between:

Code: Select all

Subsystem sftp internal-sftp
and

Code: Select all

Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
Thanks!

jscarville
Posts: 120
Joined: 2014/06/17 21:50:37

Re: SFTP monitoring tools

Post by jscarville » 2019/07/01 23:33:07

cerino wrote:
2019/06/10 08:08:29
Thank you!
Sounds good, so I can send log to my Loganalyzer server.

What is the differnce between:

Code: Select all

Subsystem sftp internal-sftp
and

Code: Select all

Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
Thanks!
Not much. They are built from the same code and support the same options. The big difference is that sftp-server is an external process and internal-sftp is built into the sshd executable. This means that if you want to use chroot then internal-sftp is a lot easier.

Post Reply