I am setting up a Storage Account with SFTP enabled as a proof of concept to replace our on premise ssh/sftp servers.
I set up local accounts and am able to upload and delete files as per the permissions I set on the accounts.
However I am having issues reading the logs of these interactions in anticipation of troubleshooting 3rd party issues. I one-time copied the logs to Log Analytics to attempt to parse through them. I can see events like SftpConnect, SftpOpen etc. Not even sure if those are the right events to start with. Not much documentation on this that I can find. A tiny snippet of the logs returned have some of the detail.....
authentication_type_s: LocalUserPassword
owner_account_name_s: [storage account name]
The storage account name is correct obviously but that is not the local user name used in the event.
In the sftp-enabled storage account logs is there a way to know which local account is being used for a particular event?
