Hi guys, how can I monitor connection and file transfer process on my SFTP server?
My goal is to know who is connected (username) and if one or more file tranfer process are on execution (upload or download).
What do you do in this case or what tools do you usually use?
Thank you!
SFTP monitoring tools
Re: SFTP monitoring tools
You will find that sftp connections are logged in /var/log/secure as it's using openssh to do the connections. What is transferred is another question entirely.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 519
- Joined: 2012/06/26 14:20:47
Re: SFTP monitoring tools
Change the logging on the sftp subsystem in /etc/ssh/sshd_config e.g.
That then logs all file access to wherever you configure your rsyslog to log them, /var/log/secure by default.
Code: Select all
Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
Re: SFTP monitoring tools
Thank you!
Sounds good, so I can send log to my Loganalyzer server.
What is the differnce between:
and
Thanks!
Sounds good, so I can send log to my Loganalyzer server.
What is the differnce between:
Code: Select all
Subsystem sftp internal-sftp
Code: Select all
Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
-
- Posts: 135
- Joined: 2014/06/17 21:50:37
Re: SFTP monitoring tools
Not much. They are built from the same code and support the same options. The big difference is that sftp-server is an external process and internal-sftp is built into the sshd executable. This means that if you want to use chroot then internal-sftp is a lot easier.cerino wrote: ↑2019/06/10 08:08:29Thank you!
Sounds good, so I can send log to my Loganalyzer server.
What is the differnce between:andCode: Select all
Subsystem sftp internal-sftp
Thanks!Code: Select all
Subsystem sftp /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO