Search for Recent Authentication Failure in SFTP

TLDR - Quick Summary

What: Search for SFTP authentication failures in GCP Cloud Logging

Location: GCP Console > Operations > Logging > Logs Explorer

Query: jsonPayload.message:"Authentication failed"

Filter by User: Add AND jsonPayload.user:"username_here"

Overview

Monitoring authentication failures in SFTP can help identify security risks, misconfigurations, and unauthorized access attempts. This guide explains how to search for authentication failures using AWS CloudWatch.

GCP Cloud Logging

Steps to Search for Authentication Failures

Access Cloud Logging:

Open Google Cloud Console > Operations > Logging > Logs Explorer.

Run the Query:

jsonPayload.message:"Authentication failed"

Filter by User (Optional):

jsonPayload.message:"Authentication failed" AND 
jsonPayload.user:"username_here"

Replace username_here with the actual username.

SFTP Gateway Support

3.0

Search for Recent Authentication Failure in SFTP

Overview

GCP Cloud Logging