I want to automatically block IP addresses that try to log in to my file server unauthorized.
I can log SSH login attempts including IP address in macOS into a syslog format file for further processing with fail2ban as follows:
log stream --predicate '(process == "sshd")' --style syslog --level info --type=log >> /opt/local/var/log/logstreams/sshd.log
However, the smbd process does not appear to log IP by default. How can I achieve the above for smbd?