Im considering programming a script to scan a system log in search for an entry indicative of a port scan, in doing so, potentially giving me a heads-up if anyone is taking interest in me.
I already have a program like this which alerts me through the notification centre on the event of an SSH Authentication failure, however im unsure specifically which system log i would be looking at and what exactly the entry for a detected port scan would look like.
There are also some other considerations i must take into account first, such as: does OS X even record port scans? and are port scans so common on the internet that such a program would be pointless?
In summary: Which System log would record a port scan and what would the entry syntax look like?
Thank you in advance.
Best Answer
Scanned my device using 3 seperate port scanners and 1
System.log
entry remains common between them:Kernal[0]: Limiting closed port RST response1