security-growler icon indicating copy to clipboard operation
security-growler copied to clipboard
verified publisher icon pirate

macOS sierra logging system breaks sudo, nmap, and other system.log alerts

Open sfakiana opened this issue 9 years ago • 6 comments

Hi all,

Running MacOS Sierra and using the terminal with some random sudo + nmap commands. However, I get no notifications for these events. I use the latest Security Growler.app (dark mode). Any idea why?

Cheers, Andreas

sfakiana avatar Nov 25 '16 10:11 sfakiana

Can you check your console while running nmap localhost and look for messages like this:

Limiting closed port RST response from 932 to 250 packets per second
screen shot 2016-11-29 at 4 32 07 am

pirate avatar Nov 29 '16 09:11 pirate

Sure,

screen shot 2016-11-29 at 09 40 29

sfakiana avatar Nov 29 '16 09:11 sfakiana

Ah shoot, it looks like this bug will be worse than I thought. macOS Sierra actually removed these messages from system.log, and now they are only accessible via log show --predicate 'process == "kernel"' | grep 'Limiting closed' as far as I can tell. I'll have to write a new source entirely for macOS Sierra and above. (feel free to submit a pr)

pirate avatar Nov 29 '16 09:11 pirate

If you can point my in the right direction (not used python much) I'm happy to have a crack at this 👍

adam-moss avatar Jul 31 '17 10:07 adam-moss

Does it work in High Sierra?

Henrietta1989 avatar Nov 01 '17 04:11 Henrietta1989

No, Development is temporarily on hold, check out these alternatives in the meantime:

pirate avatar Nov 01 '17 06:11 pirate