Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Michael Lake
Michael Lake Author
User level: Level 2
195 points

Excessive 'SecurityServer' log entries for ServerEventAgent after Adaptive Firewall

Hello all,

I'm running an OS X Server running 10.8.2. After enabling the Adaptive Firewall last night ( http://support.apple.com/kb/HT5519, http://support.apple.com/kb/TS4418 ), I started noticing a massive number of logs in /var/log/system.log that look like this:


Jan 11 17:44:59 <hostname> com.apple.SecurityServer[21]: Succeeded authorizing right 'system.privilege.admin' 
by client '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [131] for authorization 
created by '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [131] (2,0)


Jan 11 17:44:59 <hostname> com.apple.SecurityServer[21]: Succeeded authorizing right 'system.privilege.admin' 
by client '/Library/PrivilegedHelperTools/com.apple.serverd' [71] for authorization created by 
'/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [131] (100000,0)


Does anyone have thoughts on this? They generally come in pairs like above. I've seen other SecurityServer logs while managing the server, but the number of them (and ServerEventAgent string) have really jumped up after trying to enable the Adaptive Firewall. I'm not even sure the firewall is working at this point, as running hb_summary tells me there have been 0 blocks in the last 24 hours. Yesterday, before trying to enable the AF, the server was trying to block login bots every few minutes, so I'm not sure everything is hooked-up correctly.



It should be noted that I had some trouble with the second KB article linked above because I had previously tried using IceFloor to manage the new pffirewall. Apparently IceFloor removes some lines from /etc/pf.anchors/com.apple and doesn't put them back when you uninstall the program. I re-added the two missing lines at the end (with Apple's edits):


anchor "400.AdaptiveFirewall/*"
load anchor "400.AdaptiveFirewall" from "/Applications/Server.app/Contents/ServerRoot/private/etc/pf.anchors/400.AdaptiveFirewall"


Any help would be greatly appreciated!

Mac mini, OS X Server, Mid-2011 Server/Quad 2.0 GHz/16GB

Posted on Jan 11, 2013 5:57 PM

Reply

There are no replies.

Excessive 'SecurityServer' log entries for ServerEventAgent after Adaptive Firewall

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up