https://bugzilla.mindrot.org/show_bug.cgi?id=3662
Geert van de Kamp <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #12 from Geert van de Kamp <[email protected]> --- (In reply to Miranda from comment #11) > (In reply to Damien Miller from comment #3) > > you shouldn't need a /dev/log socket with internal-sftp, it logs via > > the privileged monitor sshd process that runs without chroot > > It would be a solution for the chroot log device problem, to use the > log from the privileged monitor sshd process that you mention here, > but only if each sftp user's session log line has a unique > identifiable log line prefix. > > My suggestion for a solution: > Change the current log prefix > > " internal-sftp[<PID>]: " > > to > > " internal-sftp[<PID>][<username>]: " > > E.g. change > " internal-sftp[12345]: " > to > " internal-sftp[12345][myusername]: " > > E.g. here an example of a session with file upload: > > Feb 13 14:37:30 10.1.2.3 internal-sftp[16066][myuser]: session > opened for local user myuser from [10.7.2.100] > Feb 13 14:37:30 10.1.2.3 internal-sftp[16066][myuser]: open > "/file.txt" flags WRITE,CREATE,TRUNCATE mode 0644 > Feb 13 14:37:30 10.1.2.3 internal-sftp[16066][myuser]: close > "/file.txt" bytes read 0 written 44 > Feb 13 14:37:30 10.1.2.3 internal-sftp[16066][myuser]: session > closed for local user myuser from [10.7.2.100] > > With that it would be possible to reliably filter out the session > log lines for each sftp user. > > Please check and comment if this could be a solution for you. I experience this exact issue and after Googling a bit, I bumped into this thread. For me, the workaround that Miranda has implemented, should be workable. I have to deal with about 20 accounts, so very much doable. I was just wondering, is it possible to let the internal-sftp add a syslog tag? Something like: ForceCommand internal-sftp -l INFO -t "my-tag" The tag could then be picked up by syslog-ng or rsyslog (in my case) -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
