1 Reply Latest reply on Jun 15, 2016 9:58 AM by twuk

    Connector for OpenSSH SFTP file transfer logs

    pstorkey

      Hello,

       

      We are running LEM 6.2.1 and monitoring a sftp server running on a Linux box. The Linux box has the LEM agent installed and I have no problem receiving authentication events. We would like to also log file transfers. The sftp server is configured for chroot and uses syslog-ng to redirect sftp logs for each user to /var/log/sftp.log. This is working and I see entries in the log file as expected. The problem is getting those log entries normalized and sent to LEM.

       

      I have tried configuring syslog-ng to simply send the sftp log entries to LEM via syslog but never see any entries. I have also tried several of the FTP connectors, pointing them at /var/log/sftp.log but again, no joy. The log entries look like this:

       

      Jun  4 16:00:43 sftp internal-sftp[27707]: opendir "/"

      Jun  4 23:00:43 sftp internal-sftp[27707]: closedir "/"

       

      Is there a pre-made connector for this kind of log? If not, is it possible/advisable to make a custom connector? or should I submit a request to SolarWinds?

       

      Thanks,

      Pete