SFTP and syslog-ng custom logging format

Question

I have modified sshd_config and syslog-ng configs to log sftp connections into separate files. Now I would like to create custom logging like:

[date] [source_ip] has downloaded the [filename] [size]

for the config I have used: SFTP: log to a separate file for chrooted user

score 1 · Answer 1 · answered Mar 12 '15 at 08:18

1

With syslog-ng, you can reformat a log message, and even do more complex things, but it depends on what SSHD actually logs about the connections. Can you post some sample logs about the SFTP downloads to see what information is available?

Robert

answered Mar 12 '15 at 08:18

Robert Fekete

552
1
3
6

I use either INFO or DEBUG for the logs. Regarding reformating - tha'ts my exact question, how do I reformat the logs so it stores information in the following format: [date] [source_ip] has downloaded the [filename] [size] – meso_2600 Mar 12 '15 at 09:32
ok I think I got it: http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/csv-parser.html – meso_2600 Mar 12 '15 at 09:45

SFTP and syslog-ng custom logging format

1 Answers1