Log all SFTP transactions in one log file


1. Add the below line in /etc/ssh/sshd_config

Subsystem sftp /usr/libexec/openssh/sftp-server -l VERBOSE -f LOCAL3


2. Add the below line in /etc/rsyslog.conf

local3.* /var/log/sftp.log


3. Restart SSH Service

service sshd restart


4. Restart rsyslog service

service rsyslog restart


5. Now all the SFTP transactions should be logged in, you can view them by running any one of the following commands

tail -f /var/log/sftp.log
cat /var/log/sftp.log