Hello,
We are running LEM 6.2.1 and monitoring a sftp server running on a Linux box. The Linux box has the LEM agent installed and I have no problem receiving authentication events. We would like to also log file transfers. The sftp server is configured for chroot and uses syslog-ng to redirect sftp logs for each user to /var/log/sftp.log. This is working and I see entries in the log file as expected. The problem is getting those log entries normalized and sent to LEM.
I have tried configuring syslog-ng to simply send the sftp log entries to LEM via syslog but never see any entries. I have also tried several of the FTP connectors, pointing them at /var/log/sftp.log but again, no joy. The log entries look like this:
Jun 4 16:00:43 sftp internal-sftp[27707]: opendir "/"
Jun 4 23:00:43 sftp internal-sftp[27707]: closedir "/"
Is there a pre-made connector for this kind of log? If not, is it possible/advisable to make a custom connector? or should I submit a request to SolarWinds?
Thanks,
Pete