Where can I find logs for failed sudo attempts on macOS Sierra?

macos security administrator sudo logs

The sudo logs now go to the new unified logging system in macOS 10.12, which can be searched using the log command.

For example, to show all sudo logs from the last 3 hours:

log show --style syslog --predicate 'process == "sudo"' --last 3h

To search all sudo logs for messages containing the string "user NOT in sudoers":

log show --style syslog --predicate 'process == "sudo" and eventMessage contains "user NOT in sudoers"'

Use man log or log help show to learn more about how to use the command.

Related

Enable/disable Time Machine depending on network connection type
mapping external keyboard keys to mac keys
Time Machine failing to complete backup
How can I stop iCloud downloading files to my Mac
How do I disable text antialias (font smoothing) in Terminal and globally for all apps?
Importing/Exporting Preview Signatures on OS X 10.10 (Yosemite)
How to remove null values in list of objects using Circe
jQuery .serialize() not a function
React Redux props is always udefined
Automatically populate SQL column based on foreign key constraint
How to read Evaluate Script timings in Chrome profiling/performance tab
Error when combining sass-loader with css-modules