https://bugzilla.mindrot.org/show_bug.cgi?id=3662
--- Comment #11 from Miranda <[email protected]> --- (In reply to Damien Miller from comment #3) > you shouldn't need a /dev/log socket with internal-sftp, it logs via > the privileged monitor sshd process that runs without chroot It would be a solution for the chroot log device problem, to use the log from the privileged monitor sshd process that you mention here, but only if each sftp user's session log line has a unique identifiable log line prefix. My suggestion for a solution: Change the current log prefix " internal-sftp[<PID>]: " to " internal-sftp[<PID>][<username>]: " E.g. change " internal-sftp[12345]: " to " internal-sftp[12345][myusername]: " E.g. here an example of a session with file upload: Feb 13 14:37:30 10.1.2.3 internal-sftp[16066][myuser]: session opened for local user myuser from [10.7.2.100] Feb 13 14:37:30 10.1.2.3 internal-sftp[16066][myuser]: open "/file.txt" flags WRITE,CREATE,TRUNCATE mode 0644 Feb 13 14:37:30 10.1.2.3 internal-sftp[16066][myuser]: close "/file.txt" bytes read 0 written 44 Feb 13 14:37:30 10.1.2.3 internal-sftp[16066][myuser]: session closed for local user myuser from [10.7.2.100] With that it would be possible to reliably filter out the session log lines for each sftp user. Please check and comment if this could be a solution for you. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
