/etc/ssh/sshd_config dosyası içerisinde aşağıdaki satır düzenlenmelidir. Bu işlem yapıldıktan sonra sftp bağlantısı kurularak yapılan tüm işlemler /var/log/messages altına kaydedilir.

Subsystem       sftp    /usr/libexec/openssh/sftp-server -l INFO

Aynı anda birden fazla oturum açmış kullanıcıların işlemleri logda yer alan oturum numarasına göre takip edilebilir.

Örnek loglar;

Nov 14 09:39:52 APPSRV1 sftp-server[31873]: opendir “/var/www/gate.test.gov.tr/public_html”
Nov 14 09:39:52 APPSRV1 sftp-server[31873]: closedir “/var/www/gate.test.gov.tr/public_html”
Nov 14 09:39:54 APPSRV1 sftp-server[31873]: open “/var/www/gate.test.gov.tr/public_html/_header.php” flags WRITE,CREATE,TRUNCATE mode 0666
Nov 14 09:39:55 APPSRV1 sftp-server[31873]: close “/var/www/gate.test.gov.tr/public_html/_header.php” bytes read 0 written 17532
Nov 14 09:39:55 APPSRV1 sftp-server[31873]: opendir “/var/www/gate.test.gov.tr/public_html”
Nov 14 09:39:56 APPSRV1 sftp-server[31873]: closedir “/var/www/gate.test.gov.tr/public_html”
Nov 14 09:40:08 APPSRV1 sftp-server[31840]: session closed for local user okan from [10.0.70.254]
Nov 14 09:40:09 APPSRV1 sftp-server[31873]: open “/var/www/gate.test.gov.tr/public_html/_lov.php” flags WRITE,CREATE,TRUNCATE mode 0666
Nov 14 09:40:10 APPSRV1 sftp-server[31873]: close “/var/www/gate.test.gov.tr/public_html/_lov.php” bytes read 0 written 60531
Nov 14 09:40:10 APPSRV1 sftp-server[31873]: opendir “/var/www/gate.test.gov.tr/public_html”
Nov 14 09:40:11 APPSRV1 sftp-server[31873]: closedir “/var/www/gate.test.gov.tr/public_html”
Nov 14 09:40:15 APPSRV1 sftp-server[31869]: opendir “/var/www/gate.test.gov.tr/public_html”
Nov 14 09:40:15 APPSRV1 sftp-server[31869]: closedir “/var/www/gate.test.gov.tr/public_html”
Nov 14 09:40:17 APPSRV1 sftp-server[31869]: opendir “/var/www/gate.test.gov.tr/public_html”
Nov 14 09:40:18 APPSRV1 sftp-server[31869]: closedir “/var/www/gate.test.gov.tr/public_html”
Nov 14 09:41:10 APPSRV1 sftp-server[31873]: session closed for local user hasan from [10.0.70.254]