Enable SFTP Logs

Secure FTPSSH File Transfer Protocol (also Secure File Transfer Protocol, Secure FTP, or SFTP) is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols. The IETF Internet Draft states that even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over Transport Layer Security (TLS) and transfer of management information in VPN applications.

SFTP logs are not enabled on CentOS, RedHAT or other linux servers. If someone uploads/downloads using SFTP then there is not way to track it. We can enable the logs by making few changes in ssh configuration file and syslog configuration file.

Replace the Subsystem entry in /etc/ssh/sshd_config with the below

Subsystem    sftp    /usr/libexec/openssh/sftp-server -f LOCAL8 -l INFO

Add below lines to to /etc/syslog.conf

#sftp logging
local8.*                        /var/log/sftpd.log

Now all SFTP transactions will be logged in /var/log/sftpd.log file