SOCKS over OpenSSH Logging?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Is there any way (from the server standpoint) to log the usage of the
SOCKS via OpenSSH?  I've noticed that my server's bandwidth has gone
up considerably and a few of my users are idle (or running a minimal
task to avoid the timeout) and assume they are proxying, but I cannot
prove it.

Whether its in source/destination format, bandwidth used, time spent
or even IF someone is using it, I'd like to log it in some fashion.

I would prefer it logged via OpenSSH primarily, if not, a seperate
program can be installed for logging.

Re: SOCKS over OpenSSH Logging?

Quoted text here. Click to load it

If you set LogLevel DEBUG1 or higher in sshd_config (and restart sshd)
then you will get a server_request_direct_tcpip log entry with
destination address and port for each port forward request (I don't
think it logs the traffic volume, though).

Note that if your users have shell access, this isn't the only way of
relaying and this will not catch those.  See if your platform supports
a way of accounting for all users' traffic to catch those.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Site Timeline