centos - sshd failed to update logs in /var/log/secure

     In this article i have provided the solution for sshd logs which are not updating or logging in /var/log/secure file. This is my personal experiance where one of my hosted server pre-installed with centos 7 failing to log the sshd logs in /var/log/secure file, also the /var/log/secure file is empty.

Issue:

    The ssh logs are not updating or logged into the /var/log/secure file, also the /var/log/secure file is empty. SSH failed attempts are not logged .

Environment:

    Centos 7 installed with default settings ,hosted servers with custom centos 7 iso image.

About SSH:

The SSH daemon, or SSHD, is a crucial service for remote access to a server running CentOS. One of the essential features of SSHD is its logging capabilities, which allows system administrators to monitor and troubleshoot SSH connections to the server. However, it's not uncommon for SSHD not to log logs in var/log/secure, leaving system administrators scratching their heads trying to figure out what's going on.

root cause:

    The journald service fail is the one of the root cause for failing to log the sshd logs in /var/log/secure

the command to check the journald service status

systemctl status systemd-journald.service

The journald service sometime fails due to empty machine id or /etc/machine-id was not being initialized.

type below command to check the machine id

cat /etc/machine-id

if it empty proceed next step to update the machine id

Solution

    Initialize the machine ID by running the machine id setup command as mentioned below

systemd-machine-id-setup

Followed to the machine id setup command restart the journald service

systemctl restart systemd-journald.service

Conclusion:

    There are other resons for not updating log files of ssh service, but this is something unique issue,where i didnt get proper soltuion in google.