How can I log the IP addresses of SMB login attempts?

macos logs smb

Solution 1:

You could fire up and configure the BSD packetfilter - create a rule that will match incoming 'rogue' SMB requests, and in that rule use the log keyword which will cause all packets matching that rule to be, er, logged.

Walkthough here: https://blog.neilsabol.site/post/quickly-easily-adding-pf-packet-filter-firewall-rules-macos-osx/

In-depth explanation here: http://marckerr.com/a-simple-guild-to-the-mac-pf-firewall/

Explanation of the pf logging function here:https://www.openbsd.org/faq/pf/logging.html

Setting up pfctl anchors for a protocol: https://ikawnoclast.com/systems/firewall/mac-os-x-pf-firewall/

Related

Safari SSH Tunneling Troubleshooting Diagnostics
Can I set a password on an existing dmg?
Mac mini not autobooting after "dirty" shutdown
Iphone 7 Blocking numbers mysteriously
How can I set up a system-wide key combination to toggle a specific System Preferences setting ("Tap to Click")?
How To Strip All Finder Attributes for Some Device
Watch Me Do or other method for exact pixel coordinate of mouse click (Automator)
Rule that applies to mails containing Outlook invitations
How to prevent displaying the total sum of A + B if columns A + B are empty
How many 1080p Monitors i can connect to MacBook pro 13 inch 2019 model with 4 thunderbolt port? [duplicate]
Send data to apple watch
Looking for a certain gender-neutral word [duplicate]