I am migrating our SUSE Linux SFTP server over to Oracle Linux. I have worked through some minor issues, password encryption, and almost ready to go live with this server. Only issue I am still trying to overcome is move the sftp entries from /var/log/messages to /var/log/sftp.log. I found these articles during a quick Google search - https://access.redhat.com/discussions/672633 and https://access.redhat.com/articles/1374633 but neither are working.
In my /etc/ssh/sshd_config I have the following:
Subsystem sftp /usr/lib/openssh/sftp-server -l VERBOSE -f LOCAL0
Match Group sftp
ChrootDirectory /chroot/%u
AllowTcpForwarding no
X11Forwarding no
ForceCommand internal-sftp -f LOCAL0 -l INFO
Then in the rsyslog.conf I have -
# Log sftp to different file
local0.* /var/log/sftp.log
I have restarted both sshd and rsyslog but still do not see this new sftp.log file. I also confirmed that the SFTP entries are still being written to /var/log/messages. How can I separate out the sftp activity into its separate log file?