Could someone explain to me the process that sftp makes when creating a connection and transferring data, on a control/data level? I know the basics about the ssh authentication and such, but for example, if I have the following in a log file:

Sep 16 15:31:34 localhost sshd[4274]: Postponed publickey for sftp1 from 172.16.221.1 port 56069 ssh2
Sep 16 15:31:34 localhost sshd[4273]: Accepted publickey for sftp1 from 172.16.221.1 port 56069 ssh2
Sep 16 15:31:34 localhost sshd[4273]: pam_unix(sshd:session): session opened for user sftp1 by (uid=0)
Sep 16 15:31:34 localhost sshd[4276]: subsystem request for sftp
Sep 16 15:31:36 localhost sshd[4276]: Received disconnect from 172.16.221.1: 11: disconnected by user
Sep 16 15:31:36 localhost sshd[4273]: pam_unix(sshd:session): session closed for user sftp1

Usually with regular ftp I would know that all these connections are related to one another by the process ID, how would you follow something like this when looking through a log file for sftp? The above example has three different process ids, gets confusing trying to follow it when there are other sftp connections going on at the same time. I have searched google and there are plenty of documents about how to set up an sftp server and such but nothing about understand how to interpret the flow of the data.

Thanks in advance.