[linux] sftp log

목적 : sftp 프로토콜 사용시 사용자의 접속 시간, ip, 경로를 확인하기 위함

환경 : Ubuntu 20.04

man sftp-server

-f type = DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
-l type = QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, DEBUG3

vi /etc/ssh/sshd_config
# Logging
SyslogFacility local4
#LogLevel DEBUG1

# override default of no subsystems
# log_facility, log_level 설정
# add
Subsystem       sftp    /usr/lib/openssh/sftp-server -f local4 -l INFO

systemctl restart sshd

vi /etc/rsyslog.d/50-default.conf # rsyslog 설정 추가
local3.*                          /var/log/sftp.log

systemctl restart rsyslog

vi /etc/logrotate.d/rsyslog # logrotate 등록
/var/log/syslog
/var/log/cmd.log
{
        rotate 7
        daily
        missingok
        notifempty
        delaycompress
        compress
        postrotate
                /usr/lib/rsyslog/rsyslog-rotate
        endscript
}

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
# add
/var/log/sftp.log
{
        rotate 4
        weekly
        missingok
        notifempty
        compress
        delaycompress
        sharedscripts
        postrotate
                /usr/lib/rsyslog/rsyslog-rotate
        endscript
}

systemctl restart logrotate.service