IBM Support

Configuring sftp to log filename, location and size of transfers.

Question & Answer


Question

How to configure sftp to log the name, location, and size of the transferred files

Answer

Configure the sshd_config file to log information to syslog.
#vi /etc/ssh/sshd_config

Locate the following line:

Subsystem sftp /usr/sbin/sftp-server

Add the following parameters "-l INFO -f AUTH" at the end:


Subsystem sftp /usr/sbin/sftp-server -l INFO -f AUTH


Save the /etc/ssh/sshd_config file.

Configure syslog to record information from sftp-server.

#vi /etc/syslog.conf

Add the following line in syslog.conf

auth.info /tmp/sftp.log


Save the file /etc/syslog.conf, create the log file, and refresh syslogd.


#touch /tmp/sftp.log
#refresh -s syslogd


Restart sshd daemon.


#stopsrc -s sshd
#startsrc -s sshd

NOTE: While stopping and starting sshd, users will not be able create new connections. Existing connections will not be disconnected.

Test the following from an sftp client.
#sftp user@<server-name>
password: <Enter Password>
<sftp>cd /
<sftp>put motd

In the syslog, you should see logged information similar to the following output, which includes the file name and size.
Oct 8 11:29:07 greybso auth|security:info sftp-server[372922]: open "/motd" flags WRITE,CREATE,TRUNCATE mode 0666
Oct 8 11:29:07 greybso auth|security:info sftp-server[372922]: close "/motd" bytes read 0 written 880

[{"Product":{"code":"SWG10","label":"AIX"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"}],"Version":"5.3;6.1;7.1","Edition":"Standard","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Product":{"code":"SWG10","label":"AIX"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"}],"Version":"Version Independent","Edition":"Standard","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]

Document Information

Modified date:
04 December 2019

UID

isg3T1012933