sshd log是透過syslog來處理 ,參考 /etc/ssh/sshd_config設定
實際上記錄到哪一個檔案可查看rsyslog config /etc/rsyslog.conf
上面說明的是 *.info或是更高權限的log記錄到 /var/log/messages,但是mail, authpriv, cron當成no priority。
authpriv log到 /var/log/secure,所以sshd log在CentOS是記錄到 /var/log/secure
參考: https://www.rsyslog.com/doc/v8-stable/configuration/filters.html#selectors
The keyword none stands for no priority of the given facility.