How to track the SFTP activity of a particular Linux server ?
In ubuntu, we can track the SFTP activity by editing /etc/ssh/sshd_config file and changing the line:
Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp /usr/lib/openssh/sftp-server -l INFO
NOTE :- we can set the log level according to our need as QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3
Now restart the ssh service :
service ssh restart
Logs can be tracked in auth.log file located at /var/log/auth.log .