macOS sierra logging system breaks sudo, nmap, and other system.log alerts

[sfakiana]

Hi all,

Running MacOS Sierra and using the terminal with some random sudo + nmap commands.
However, I get no notifications for these events. I use the latest Security Growler.app (dark mode).
Any idea why?

Cheers,
Andreas

[pirate]

Can you check your console while running nmap localhost and look for messages like this:

Limiting closed port RST response from 932 to 250 packets per second

[sfakiana]

Sure,

[pirate]

Ah shoot, it looks like this bug will be worse than I thought. macOS Sierra actually removed these messages from system.log, and now they are only accessible via log show --predicate 'process == "kernel"' | grep 'Limiting closed' as far as I can tell. I'll have to write a new source entirely for macOS Sierra and above. (feel free to submit a pr)

[adam-moss]

If you can point my in the right direction (not used python much) I'm happy to have a crack at this 👍

[Henrietta1989]

Does it work in High Sierra?

[pirate]

No, Development is temporarily on hold, check out these alternatives in the meantime:

• ⭐️ Little Snitch
• ⭐️ Radio Silence
• HandsOff
• Marus
• Private Eye
• TCPBlock