On Linux systems, /var/log/secure
(or similar, depending on distro) shows all SSH login activity. Is there a similar log for SCP? If not, what's a good approach to enabling logging of scp activity on my servers? Is it SELinux through /var/log/audit/audit.log?
Asked
Active
Viewed 6.0k times
10
![](../../users/profiles/618.webp)
Scott Pack
- 15,167
- 5
- 61
- 91
![](../../users/profiles/8146.webp)
JJC
- 471
- 1
- 3
- 8
3 Answers
0
SCP uses SSH connections to transfer files, so SCP logins should appear in the same logs alongside SSH logins. From the man pages:
scp copies files between hosts on a network. It uses ssh(1) for data transfer, and uses the same authentication and provides the same security as ssh(1).
![](../../users/profiles/1363.webp)
Andy Smith
- 2,742
- 18
- 24
-
2I know it uses SSH and I thought logs would also go to the same place, but it actually doesn't show up in /var/log/secure nor /var/log/messages. The only evidence of SCP is when I have SELinux and auditd running... in which case it gets logged in /var/log/audit/audit.log. – JJC May 09 '12 at 11:13
-4
scp -o LogLevel=DEBUG <rest of parameters>
eg:
$ scp -o LogLevel=DEBUG origfile.txt userfoo@serverbar:/home/userfoo/
![](../../users/profiles/6253.webp)
schroeder
- 123,438
- 55
- 284
- 319
-
3This is already in the top-voted answer. Note that this does *not* show you the scp activity for the server but the log for that connection. Please make sure that you document your code/commands instead of just posting raw syntax without explanation. – schroeder Oct 23 '20 at 11:13