sshd LogLevel 不起作用

那里

有一天，我的 ubuntu(22.04) 机器写入 auth.log 太短。
以下 auth.log 无法从 fail2ban(sshd) 识别

Mar  6 17:52:03 laphs sshd[13792]: pam_unix(sshd:auth): check pass; user unknown
Mar  6 17:52:03 laphs sshd[13792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.107.69
Mar  6 17:54:52 laphs sshd[13958]: pam_unix(sshd:auth): check pass; user unknown
Mar  6 17:54:52 laphs sshd[13958]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.179.157.95
Mar  6 18:05:29 laphs sshd[15051]: pam_unix(sshd:auth): check pass; user unknown
Mar  6 18:05:29 laphs sshd[15051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.179.157.95
Mar  6 18:12:41 laphs sshd[15643]: pam_unix(sshd:auth): check pass; user unknown
Mar  6 18:12:41 laphs sshd[15643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.49.157
Mar  6 18:16:23 laphs sshd[15976]: pam_unix(sshd:auth): check pass; user unknown
Mar  6 18:16:23 laphs sshd[15976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=146.190.49.157
Mar  6 18:16:41 laphs sshd[16001]: pam_unix(sshd:auth): check pass; user unknown
Mar  6 18:16:41 laphs sshd[16001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.179.157.95
Mar  6 18:17:17 laphs sshd[16030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.34.151  user=root
Mar  6 18:20:11 laphs sshd[16343]: pam_unix(sshd:auth): check pass; user unknown
Mar  6 18:20:11 laphs sshd[16343]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.225.107.69
Mar  6 18:28:06 laphs sshd[16711]: pam_unix(sshd:auth): check pass; user unknown

上个月的 auth.log

Jan 15 21:54:58 laphs sshd[1555]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 21:54:58 laphs sshd[1555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.83.79.29
Jan 15 21:55:00 laphs sshd[1555]: Failed password for invalid user wangkun from 170.83.79.29 port 44724 ssh2
Jan 15 21:55:00 laphs sshd[1555]: Received disconnect from 170.83.79.29 port 44724:11: Bye Bye [preauth]
Jan 15 21:55:00 laphs sshd[1555]: Disconnected from invalid user wangkun 170.83.79.29 port 44724 [preauth]
Jan 15 21:55:03 laphs sshd[1557]: Invalid user huachen from 159.89.132.160 port 32798
Jan 15 21:55:03 laphs sshd[1557]: pam_unix(sshd:auth): check pass; user unknown
Jan 15 21:55:03 laphs sshd[1557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.132.160
Jan 15 21:55:05 laphs sshd[1557]: Failed password for invalid user huachen from 159.89.132.160 port 32798 ssh2
Jan 15 21:55:07 laphs sshd[1557]: Received disconnect from 159.89.132.160 port 32798:11: Bye Bye [preauth]
Jan 15 21:55:07 laphs sshd[1557]: Disconnected from invalid user huachen 159.89.132.160 port 32798 [preauth]
Jan 15 21:55:12 laphs sshd[1651]: Connection closed by authenticating user root 192.168.0.34 port 49550 [preauth]

更改 sshd 的 LogLevel。但不起作用 /etc/ssh/sshd_config

...
# Logging
#SyslogFacility AUTH
# LogLevel VERBOSE
LogLevel DEBUG3
...

找不到任何解决方案...有人能帮忙吗？

etc/rsyslog.d/50-默认.conf

...
auth,authpriv.*         /var/log/auth.log
*.*;auth,authpriv.none  -/var/log/syslog
...