Anyone here know where the SSH Secure File transfer Program keeps it's logs (if it creates any?) A recently fired employee had this program installed on his machine and had access to almost all the company's manufacturing processes. The Big shots are worried about what he might have sent and to whom. So is there anyway to tell.
It probably does keep a log, but I do not know where. Perhaps the software maker can tell you.
You could probably also write a script to do a search on which files were accessed by a specific
program. At least then you would know what he accessed with that program. You would still need
to find out where he sent the files. The Router Logs may tell you IF you know or can find out what
port the program used.
I don't believe the client keeps any logs... you would want to check the logs on any server running sshd (default log location is /var/log/secure on RedHat/Fedora machines) for accesses by the individual, which might help you eliminate some machines from contention (unless he had root privileges, in which case all bets are off). However, even the server just logs connections by default, not files accessed, from what I've seen.
I figured it was a long shot anyway. Thanks for the replies. I'll run some file recovery software and see if any deleted files might be of interest.