Where would you find SCP logs?

server ssh logging scp
23,440

Solution 1

scp is executed internally just as ssh command and transferred files are not logged. You have only authentication logs in /var/log/auth.log or somewhere like this.

Solution 2

I studied this once when I had to come up with a way to monitor SCP transfers. The OpenSSH scp utility doesn't log anything. It supports debugging output for the underlying SSH session, but that won't log the actual file transfers which are taking place.

Similarly, the OpenSSH server can be set to log detail about what it's doing, and it can be set to log the fact that a user connected and ran scp, but it won't log the actual file transfers which are taking place.

If you can't get these users to use SFTP instead, there are three approaches available to you:

  1. Investigate commercial SSH/SFTP/SCP servers. They should generally support logging file transfers.

  2. Replace the scp utility on the server with one that logs the data you want. OpenSSH is open source. Someone who knows how to program in C for Unix could download the source and modify it.

  3. Replace the scp utility with a "wrapper" that launches the original scp program and monitors what it does. There are debugging tools for Unix which can monitor what another process is doing.

We took the third approach. We wrote a Perl script which launched the original scp program under strace. Strace would output the names of files being opened and closed by the scp process. The Perl script read the strace output and converted it to log entries.

Share:
23,440

Related videos on Youtube

rew
Author by

rew

Updated on September 18, 2022

Comments

  • rew
    rew over 1 year

    I can't seem to get SCP logs (on the server) to show up anywhere. I've searched through quite a few pages, including:

    scp / ssh log on ssh-server

    http://ubuntuforums.org/showthread.php?t=1789437

    http://ubuntuforums.org/showthread.php?t=851891

    I've tried on 10.04 (yes, EOL, etc.) with OpenSSH 5.3 and 12.04 with OpenSSH 5.9, I've enabled all levels of logging including DEBUG3 in /etc/ssh/sshd_config, and tried regular users and root, but nothing about the file that was transferred (or even that a file was transferred) shows up in any log for SCP. SFTP logs show up in auth.log even without cranking up the LogLevel to VERBOSE.

    Is there anything I'm missing? Can anyone confirm they are able to get SCP logs to show up somewhere?

    Thanks

  • Rinzwind
    Rinzwind over 8 years
    "incron" would be #4 and probably easier than your 3 ;)
  • Kenster
    Kenster over 8 years
    @Rinzwind I don't see a way to limit incron to trigger on events from a specific program (like scp), or to tell what process triggered an event.
  • Fabby
    Fabby over 8 years
    I would have upvoted if 1 and 3 were reversed...
  • Scott Prive
    Scott Prive about 5 years
    This was downvoted to zero, and not only is it 100% correct -- it's the simplest answer.
  • CoolKoon
    CoolKoon almost 3 years
    @ScottPrive I think the reason it was downvoted is because simply saying "there are no logs" isn't really useful to someone who stumbles upon this answer after feverishly searching for ways of logging such traffic.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I copy files with SCP to /var/www?
Unable to access the server via SSH?
Disable all Logging in Ubuntu Server
How do I set up SFTP file access logging for OpenSSH?
Using scp to copy files from remote to home machine
SSH scp between Ubuntu Server 12.04 and Windows failing - (prob syntax)
Using packer to copy file from host to generated image without password
Using a filename with spaces with scp and chmod in bash
Corrupted MAC on input. ssh_dispatch_run_fatal:message authentication code incorrect unable to ssh jupyter notebook on remote server
Is it possible to copy files from local windows directory to remote linux directory?