I'm running an OS X Server running 10.8.2. After enabling the Adaptive Firewall last night ( http://support.apple.com/kb/HT5519, http://support.apple.com/kb/TS4418 ), I started noticing a massive number of logs in /var/log/system.log that look like this:
Jan 11 17:44:59 <hostname> com.apple.SecurityServer: Succeeded authorizing right 'system.privilege.admin' by client '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent'  for authorization created by '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent'  (2,0) Jan 11 17:44:59 <hostname> com.apple.SecurityServer: Succeeded authorizing right 'system.privilege.admin' by client '/Library/PrivilegedHelperTools/com.apple.serverd'  for authorization created by '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent'  (100000,0)
Does anyone have thoughts on this? They generally come in pairs like above. I've seen other SecurityServer logs while managing the server, but the number of them (and ServerEventAgent string) have really jumped up after trying to enable the Adaptive Firewall. I'm not even sure the firewall is working at this point, as running hb_summary tells me there have been 0 blocks in the last 24 hours. Yesterday, before trying to enable the AF, the server was trying to block login bots every few minutes, so I'm not sure everything is hooked-up correctly.
It should be noted that I had some trouble with the second KB article linked above because I had previously tried using IceFloor to manage the new pffirewall. Apparently IceFloor removes some lines from /etc/pf.anchors/com.apple and doesn't put them back when you uninstall the program. I re-added the two missing lines at the end (with Apple's edits):
anchor "400.AdaptiveFirewall/*" load anchor "400.AdaptiveFirewall" from "/Applications/Server.app/Contents/ServerRoot/private/etc/pf.anchors/400.AdaptiveFirewall"
Any help would be greatly appreciated!