Log COPSSH

7 posts / 0 new
Last post
epaillot
Offline
Last seen: 1 month 5 days ago
Joined: 16.04.2014 - 10:19
Log COPSSH

Hello,

 

I have install the last copssh Copssh_5.0.4_x64_Installer on windows 2008 R2 SP2.

 

I have a question, can we configure a log file ?

When i lunch COPSSH Control Panel, i can select event log or stderr, but if i select stderr i don't know where the log is write.

 

Thank for your help

Best regards

itefix
Online
Last seen: 2 min 44 sec ago
Joined: 01.05.2008 - 21:33
We can confirm that there are

We can confirm that there are some problems with SFTP logging. It seems that a syslog backend is needed for proper handling of logging. We are working on it.

epaillot
Offline
Last seen: 1 month 5 days ago
Joined: 16.04.2014 - 10:19
Hi,   Have you progress to

Hi,

 

Have you progress to the SFTP Logging ?

Is it possible to log on a specific file if i upgrade on copssh 5.1.1 ?

Best regards

Emmanuel

 

 

itefix
Online
Last seen: 2 min 44 sec ago
Joined: 01.05.2008 - 21:33
We have created a syslog

We have created a syslog bundle and a related FAQ to activate syslog for a Copssh installation. Hope it helps.

epaillot
Offline
Last seen: 1 month 5 days ago
Joined: 16.04.2014 - 10:19
Hi,   Thanks for the

Hi,

 

Thanks for the information. I have install this bundle, and I have set to eventlog via Copssh Control Paneln abd the SFTP Log level is set to verbose.

I have restart the openssh service.

The file messages is create in var\log directorie, but I haven't the information of the transfert good, remove files.

I have set the SFTP Log level is set toINFO, and I haven't the information of the transfert good, remove files.

I have check the configuration file syslog.conf and it's set to :

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
#*.info;mail.none;authpriv.none        /var/log/messages
# The authpriv file has restricted access.
#authpriv.*                /var/log/secure
# Log all the mail messages in one place.
#mail.*                    /var/log/maillog
#For a start, use this simplifed approach.
*.*                    /var/log/messages

Can you help me ?

I want just log all the SFTP connection, transfert.

 

Thanks

Best regards

 

itefix
Online
Last seen: 2 min 44 sec ago
Joined: 01.05.2008 - 21:33
When I select SFTP logtype as

When I select SFTP logtype as eventlog and loglevel as INFO, I get following log information for each file:

Jun  2 08:29:03 TW1201 internal-sftp: PID 3284: open "/cygdrive/c/users/tev/Documents/cwgit_x86/doc/RelNotes/1.5.3.4.txt" flags WRITE,CREATE,TRUNCATE,EXCL mode 0666

Jun  2 08:29:03 TW1201 internal-sftp: PID 3284: debug1: request 795651: sent handle handle 0

Jun  2 08:29:03 TW1201 internal-sftp: PID 3284: debug1: request 796166: write "/cygdrive/c/users/tev/Documents/cwgit_x86/doc/RelNotes/1.5.3.4.txt" (handle 0) off 0 len 1208

Jun  2 08:29:03 TW1201 internal-sftp: PID 3284: sent status Success

Jun  2 08:29:03 TW1201 internal-sftp: PID 3284: close "/cygdrive/c/users/tev/Documents/cwgit_x86/doc/RelNotes/1.5.3.4.txt" bytes read 0 written 1208

 
What more exactly do you need ?
epaillot
Offline
Last seen: 1 month 5 days ago
Joined: 16.04.2014 - 10:19
Hi,   I want exactly that

Hi,

 

I want exactly that youhave, me i have only :

Jun  3 12:12:01 COMPUTERNAME sshd: PID 5064: Address 192.169.162.80 maps to mypc, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Jun  3 12:12:01 COMPUTERNAME sshd: PID 5064: Accepted password for user from 192.169.162.56 port 61410 ssh2

The file copsshcp.config is :

[Server]
Port=22
Compression=delayed
LogLevel=INFO
TCPKeepAlive=yes
LoginGraceTime=120
Protocol=2
MaxAuthTries=6
MaxSessions=10

[Sftp]
Enabled=yes
SftpMode=internal-sftp
ReadOnly=no
LogLevel=VERBOSE
LogDestination=eventlog

[Options]
EventsTimeWindow=2 days

[Commands]
Linux shell and Sftp=-
Sftp=internal-sftp
SftpNoShell=internal-sftp
Linux shell=/bin/bash --login -i
Windows shell=/cygdrive/c/windows/system32/cmd.exe
No shell access=/bin/false

[Default]

[User computer\user]
Command=SftpNoShell
PasswordAuthentication=yes
PubkeyAuthentication=yes
AllowTcpForwarding=no
HomeDirectory=e:\home\user

I want approch this type of log :

(000003) 03/06/2015 12:24:02 - (not logged in) (192.169.162.56)> USER epaillot
(000003) 03/06/2015 12:24:02 - (not logged in) (192.169.162.56)> 331 Password required for epaillot
(000003) 03/06/2015 12:24:02 - (not logged in) (192.169.162.56)> PASS *********
(000003) 03/06/2015 12:24:02 - epaillot (192.169.162.56)> 230 Logged on
(000003) 03/06/2015 12:24:02 - epaillot (192.169.162.56)> STOR test_file_20150603.txt
(000003) 03/06/2015 12:24:02 - epaillot (192.169.162.56)> 550 Permission denied
.....
(000004) 03/06/2015 12:25:05 - epaillot (192.169.162.56)> STOR test_file_20150603.txt
(000004) 03/06/2015 12:25:06 - epaillot (192.169.162.56)> 226 Successfully transferred "/install/test_file_20150603.txt"

thanks for your help

Best regards