SFTP Gateway Support

3.0

Azure Audit Logging

Note: This page applies to SFTP Gateway version 2.x. Visit Here for documentation on version 3.x.

SFTP Gateway enables audit logging for SFTP by default.

These logs are contained within the file: /var/log/secure.

Here's a sample output:

Mar 20 21:07:32 ip-172-31-0-92 sshd[27990]: Accepted publickey for robtest from 71.179.98.86 port 56155 ssh2: RSA SHA256:4+Yc4RpsQuxF55NdRCGwCKHHcKqXfvKf/gm9Q89/aH8
Mar 20 21:07:32 ip-172-31-0-92 sshd[27990]: pam_unix(sshd:session): session opened for user robtest by (uid=0)
Mar 20 21:07:32 ip-172-31-0-92 sshd[27990]: session opened for local user robtest from [71.179.98.86] [postauth]
Mar 20 21:07:32 ip-172-31-0-92 sshd[27990]: opendir "/local" [postauth]
Mar 20 21:07:32 ip-172-31-0-92 sshd[27990]: closedir "/local" [postauth]
Mar 20 21:07:32 ip-172-31-0-92 sshd[27990]: open "/local/Installer.pkg" flags WRITE,CREATE,TRUNCATE mode 0100644 [postauth]
Mar 20 21:07:42 ip-172-31-0-92 sshd[27990]: close "/local/Installer.pkg" bytes read 0 written 17844019 [postauth]
Mar 20 21:07:43 ip-172-31-0-92 sshd[27990]: opendir "/local" [postauth]
Mar 20 21:07:43 ip-172-31-0-92 sshd[27990]: closedir "/local" [postauth]

Here, you can see that robtest logged in, and any actions logged by process 27990 are tied to this user.

sftp-gateway-azure/azure-release-notesSFTP Gateway does not support High Availability yet