sftp 로그 설정
1. /etc/ssh/sshd_config 설정
sftp 서브시스템이 설정이 되어있지않다면 해당 부분의 주석을 제거 또는 추가
Subsystem sftp /usr/lib/openssh/sftp-server -f local2 -l INFO |
* sftp-server의 위치는 환경에 따라 다를수있다
/usr/lib/ssh/sftp-server
/usr/libexec/sftp-server
/usr/lib/openssh/sftp-server
/usr/libexec/openssh/sftp-server
sftp-server 의 옵션이 궁금하다면
man sftp-server 로 확인해보자
#man sftp-server
-p whitelisted_requests
Specify a comma-separated list of SFTP protocol requests that are permitted by the server. All
request types that are not on the whitelist will be logged and replied to with a failure message.
Care must be taken when using this feature to ensure that requests made implicitly by SFTP clients
are permitted.
-Q protocol_feature
Query protocol features supported by sftp-server. At present the only feature that may be queried
is “requests”, which may be used for black or whitelisting (flags -P and -p respectively).
-R Places this instance of sftp-server into a read-only mode. Attempts to open files for writing, as
well as other operations that change the state of the filesystem, will be denied.
-u umask
Sets an explicit umask(2) to be applied to newly-created files and directories, instead of the
user's default mask.
On some systems, sftp-server must be able to access /dev/log for logging to work, and use of sftp-server in
a chroot configuration therefore requires that syslogd(8) establish a logging socket inside the chroot
directory.
SEE ALSO
sftp(1), ssh(1), sshd_config(5), sshd(8)
T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-filexfer-02.txt, October 2001, work
in progress material.
HISTORY
sftp-server first appeared in OpenBSD 2.8.
AUTHORS
Markus Friedl <markus@openbsd.org>
2. /etc/syslog.conf 설정
* 환경에따라 /etc/rsyslog.conf
아래 내용 추가
sshd_config 에서 설정한 로그 퍼실리티 local2 와 동일하게 설정
#sftp log
local2.* /var/log/sftp.log
3. /etc/logrotate.d/syslog 설정
* 환경에따라 /etc/logrotate.d/rsyslog
로그 로테이션에 로그 경로를 추가
/var/log/sftp.log
4. ssh ,syslog 데몬 재실행
#systemctl restart sshd
#systemctl restart rsyslog
#service sshd restart
#service rsyslog restart
or
#service syslog restart
서버 환경에따라서 ssh, syslog 를 재시작한다
* ssh, syslog 둘중하나만 systemd, ini.d 따로 관리되어 아래와같이 해야 할 수도 있음
#systemctl restart sshd
#service rsyslog restart
출처
https://zetawiki.com/wiki/%EB%A6%AC%EB%88%85%EC%8A%A4_SFTP_%EC%84%9C%EB%B2%84_%EC%82%AC%EC%9A%A9
https://m.blog.naver.com/PostView.naver?isHttpsRedirect=true&blogId=haengro&logNo=220959529675