Knowledgebase

possible to log SSH file transfer activity?

Posted by nocloud, 01-23-2011, 01:32 AM
I would like to have a log of which files are copied off of my server by which users. At the bare minimum, I would like to have a log of files transferred via ssh (ie with SCP and SFTP). Does anybody know of a utility I can use to do this? The servers are running Centos 5.5
Posted by YUPAPA, 01-23-2011, 12:19 PM
The easiest way, but not the most reliable, check users' histories (assuming they aren't smart enough to delete or stop the logging). The second method, use auditd. I've tried psacct for auditing, but the end result is very limited. You can see the commands the user has executed, but not the parameters behind.
Posted by nocloud, 01-23-2011, 06:50 PM
the problem with histories is that things that aren't explicitly typed into a terminal are not always logged. for instance, if they access through a client like WinSCP, that activity does not show up in the history.
Posted by khunj, 01-24-2011, 12:58 PM
It does not support transfer logging. You may find some patches here and there to enable it, but take into consideration that it would still be possible for an advanced user to bypass it.


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
PiWeb Hosting - Emergency Server Upgrade - 5am-6am EST (Views: 647)
Verizon Asburn VA and Verio Sterling VA problems (Views: 560)
Where have PowWeb.com gone!? (Views: 594)
Reseller Account (Views: 581)
layeredtech 72.232.125.x network issue? (Views: 605)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.