CentOS下配置SFTP操作日志

摘自并修订:https://www.cnblogs.com/kgdxpr/p/7169333.html

参考SFTP-SERVER的man page:http://man.he.net/man8/sftp-server

0、man SFTP-SERVER

先了解sftp-server的参数用法

1、修改ssh的配置

vi /etc/ssh/sshd_config

在146行左右修改如下配置

Subsystem sftp /usr/libexec/openssh/sftp-server -l DEBUG3 -f local5
sftp-server的参数用法详情参考'man SFTP-SERVER'

注:如文件中已经存在如下配置,请先注释

2、修改rsyslog配置

vi /etc/rsyslog.conf

在最后增加如下配置

auth,authpriv.*,local5.* /var/log/sftp.log

3、重启服务

service rsyslog restart
service sshd restart

4、查看日志

tail -f /var/log/sftp.log

 

设置登陆后的目录为/root


// 打开xftp,连接192.168.25.72没有日志, 设置密码后的日志如下
Mar 10 11:42:58 localhost sshd[6189]: Accepted password for root from 192.168.25.24 port 59725 ssh2
Mar 10 11:42:59 localhost systemd-logind: New session 27 of user root.
Mar 10 11:42:59 localhost sshd[6189]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 10 11:42:59 localhost sftp-server[6193]: session opened for local user root from [192.168.25.24]
Mar 10 11:42:59 localhost sftp-server[6193]: received client version 4
Mar 10 11:42:59 localhost sftp-server[6193]: realpath "."
Mar 10 11:42:59 localhost sftp-server[6193]: debug1: request 0: sent names count 1
Mar 10 11:42:59 localhost sftp-server[6193]: opendir "/root"
Mar 10 11:42:59 localhost sftp-server[6193]: debug1: request 2: sent handle handle 0
Mar 10 11:42:59 localhost sftp-server[6193]: debug1: request 3: readdir "/root" (handle 0)
Mar 10 11:42:59 localhost sftp-server[6193]: debug1: request 3: sent names count 44
Mar 10 11:42:59 localhost sftp-server[6193]: debug1: request 4: readdir "/root" (handle 0)
Mar 10 11:42:59 localhost sftp-server[6193]: sent status End of file
Mar 10 11:42:59 localhost sftp-server[6193]: closedir "/root"
Mar 10 11:42:59 localhost sftp-server[6193]: sent status Success


// 不切换止步,直接关闭xftp窗口后的日志
Mar 10 11:43:10 localhost sftp-server[6193]: debug1: read eof
Mar 10 11:43:10 localhost sftp-server[6193]: session closed for local user root from [192.168.25.24]
Mar 10 11:43:10 localhost sshd[6189]: pam_unix(sshd:session): session closed for user root
Mar 10 11:43:10 localhost systemd-logind: Removed session 27.

 

posted @ 2020-03-10 11:55  LiuYanYGZ  阅读(1908)  评论(0编辑  收藏  举报