OS X Mountain Lion has no /var/log/secure.log for sshguard to read

[essandess (Steve Smith)]

For some reason, Apple has rolled up a lot of logging into syslog, including all the ssh stuff. Consequently, there is no /var/log/secure.log for sshguard to read. The current sshguard defaults results in logs that look like:

Sep 23 03:39:01 foo com.apple.launchd[1] (org.macports.sshguard): Throttling respawn: Will start in 10 seconds
Sep 23 03:39:11 foo.bar.com sshguard[64933]: File '/var/log/secure.log' vanished while adding!
Sep 23 03:39:11 foo com.apple.launchd[1] (org.macports.sshguard): Throttling respawn: Will start in 10 seconds
Sep 23 03:39:21 foo.bar.com sshguard[65369]: File '/var/log/secure.log' vanished while adding!

The fix is to remove the line '-l /var/log/secure.log' from /opt/local/etc/sshguard/options, but I'm not sure if looking only at /var/log/system.log will capture all the stuff sshguard needs for filtering.

[nonstop.server@…]

Cc Me!

[frenchja@…]

Cc Me!

[frenchja@…]

What if /var/log/appfirewall.log is used?

[skymoo (Adam Mercer)]

Cc Me!

[catkfr@…]

Cc me

[larryv (Lawrence Velázquez)]

Replying to catkfr@…:

Cc me

You actually have to click the “CcMe!” button next to the Cc list in order to be Cc’d on emails. I have added you to the list.

[cooljeanius (Eric Gallager)]

Cc Me!

[pixilla (Bradley Giesbrecht)]

See r129577