Package: rsyslog
Version: 8.4.2-1+deb8u2
Debian : 8.5
Bug: rsyslog does not log any sftp activity even when configured properly
/etc/rsyslog.d/sftp.conf
module(load="imuxsock")
input(type="imuxsock" Socket="/var/ftp/userA/dev/log" CreatePath="on")
input(type="imuxsock" Socket="/var/ftp/userB/dev/log" CreatePath="on")
if $programname == 'internal-sftp' then /var/log/sftp.log
& stop
sockets (same for userB):
ls /var/ftp/userA/dev/ -lha
total 8.0K
drwxr-xr-x 2 root root 4.0K May 31 16:08 .
drw-r-xr-x 4 root root 4.0K May 31 12:00 ..
srw-rw-rw- 1 root root 0 May 31 16:08 log
I put the log file in 777 to be sure it's not a permissions problem
ls /var/log/sftp.log -lha
-rwxrwxrwx 1 root root 0 May 31 14:50 /var/log/sftp.log
/etc/ssh/sshd_config
Subsystem sftp internal-sftp -l INFO -f AUTH
Match Group ftpusers
ChrootDirectory %h
ForceCommand internal-sftp -u 0002
AllowTcpForwarding no
PermitTunnel no
X11Forwarding no
then
$sudo /etc/init.d/ssh restart
[ ok ] Restarting ssh (via systemctl): ssh.service.
$sudo /etc/init.d/rsyslog restart
[ ok ] Restarting rsyslog (via systemctl): rsyslog.service.
I can't find anything usefull in /var/log/messages nor /var/log/syslog
