Currently Being ModeratedJul 30, 2012 4:37 PM (in response to Gnarlodious)
I'm missing secure.log, too, as I'm using Geektool to display several system files on my desktop.
Bizarre that this change has not been reported more widely. I'd be interested in the cause that lead Apple to change this also.
Currently Being ModeratedJul 31, 2012 12:04 PM (in response to Gnarlodious)
All logging has been rolled into asl - the Apple System Log which is built on top of syslog but includes more options for filtering and querying the logs.
man syslog has a lot of the details for querying the logs.
Currently Being ModeratedJul 31, 2012 2:22 PM (in response to Camelot)
Thanks for the info.
By using a shell command (syslog -C | tail -n 50) in Geektool I have my information back now.
With an additional grep command I should be able to only show specific information.
Currently Being ModeratedJul 31, 2012 6:19 PM (in response to Gnarlodious)
Thanks, Camelot. I am having success with:
The command lists all failed authentication attempts within the last 24 hours. There may be a regex solution for better extraction so if someone knows it then please post. Truth be told, the old log was much easier to read.
Currently Being ModeratedAug 29, 2012 11:37 AM (in response to Gnarlodious)
Is there a way to query for local logins, especially for the number of failed attempts to log in?
I used the Console.app to view the logs, but only found some strange Kerberos-messages (that don't seem to depend on whether you got your password right on the first attempt).
Currently Being ModeratedMar 19, 2013 11:28 AM (in response to Gnarlodious)
I've also noticied this and have found NO workaround which give me the information that secure.log did. Perhaps there is a third party security logging program that might work around this obvious screwup? I've heard of security through obscurity, but it's usually your security you're trying to make obscure for someone else, not for the sysetm operator.
Apple, please put secure.log back, the replacements for it you've created may tell me that someone is attacking me. but they won't tell me WHO.
I use OS X because I didn't NEED an intermediate firewall between my switch and the network connection, are you now telling me I have to buy an entire new MacPro just to monitor the traffic along the line to my router for breakin attempts because the tools on individual consoles that would give this information have been removed to further promulate the myth that Mac's are immune to attack?
Currently Being ModeratedJun 10, 2013 2:10 AM (in response to Gnarlodious)
There is an easy workaround.
You will need to add these lines to your syslog.conf in /etc/syslog.conf
I have no idea why apple changed it... annoying though.