centos - sshd failed to update logs in /var/log/secure
In this article i have provided the solution for sshd logs which are not updating or logging in /var/log/secure file. This is my personal experiance where one of my hosted server pre-installed with centos 7 failing to log the sshd logs in /var/log/secure file, also the /var/log/secure file is empty.
Issue:
The ssh logs are not updating or logged into the /var/log/secure file, also the /var/log/secure file is empty. SSH failed attempts are not logged .
Environment:
Centos 7 installed with default settings ,hosted servers with custom centos 7 iso image.
About SSH:
The SSH daemon, or SSHD, is a crucial service for remote access to a server running CentOS. One of the essential features of SSHD is its logging capabilities, which allows system administrators to monitor and troubleshoot SSH connections to the server. However, it's not uncommon for SSHD not to log logs in var/log/secure, leaving system administrators scratching their heads trying to figure out what's going on.
root cause:
The journald service fail is the one of the root cause for failing to log the sshd logs in /var/log/secure
the command to check the journald service status
systemctl status systemd-journald.service
The journald service sometime fails due to empty machine id or /etc/machine-id was not being initialized.
type below command to check the machine id
cat /etc/machine-id
if it empty proceed next step to update the machine id
Solution
Initialize the machine ID by running the machine id setup command as mentioned below
systemd-machine-id-setup
Followed to the machine id setup command restart the journald service
systemctl restart systemd-journald.service
Conclusion:
There are other resons for not updating log files of ssh service, but this is something unique issue,where i didnt get proper soltuion in google.