Enable Firewall Logging? ipfw.log is huge

Discussion in 'macOS' started by ksgant, Mar 12, 2007.

  1. ksgant macrumors 6502a

    ksgant

    Joined:
    Jan 12, 2006
    Location:
    Chicago
    #1
    Just wondering if anyone enables your firewall logging? I've noticed that I get HUGE ipfw.logs when this is enabled...usually after closing Azureus but not during it's use.

    Do you just let this log build and build and build? Or do you even have it enabled? I have the OS X firewall enabled with everything turned off except for timeserver and my port for Azureus. The OS X firewall is more of a backup as I am also running through a hardware router/firewall.
     
  2. Sherman Homan macrumors 6502

    Joined:
    Oct 27, 2006
    #2
    Do you need the log files? Are you looking for something in particular? Otherwise, I would turn off logging.
     
  3. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #3
    I would point out that not logging partially defeats the purpose of a firewall.

    A firewall isn't simply there to 'protect' you. It's also there to help you diagnose potential problem areas and attack vectors.
     
  4. Sherman Homan macrumors 6502

    Joined:
    Oct 27, 2006
    #4
    I agree completely! But it sounds like the files are too big to even diagnose. Sort of like trying to take a sip of water from a fire hose.
     
  5. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #5
    Well frankly, we don't know how the original poster defines HUGE.

    I define huge (in terms of log files) in the hundreds of MBs to GBs. That's huge. To him/her, it could be tnes of MB.
     
  6. ksgant thread starter macrumors 6502a

    ksgant

    Joined:
    Jan 12, 2006
    Location:
    Chicago
    #6
    In the 5 hours that I had it enabled, it grew to a size of nearly 10 megs. Granted, it may not always be that way, but it doesn't look good if I leave it running like this for a month before I run maintenance scripts.

    So for now, I'm keeping it off. As I said before, the OS X firewall is mainly just a backup for my hardware firewall.
     
  7. savar macrumors 68000

    savar

    Joined:
    Jun 6, 2003
    Location:
    District of Columbia
    #7
    Something might be wrong then...can you look at the log and see if there are any frequently recurring messages? Post the message here and maybe we can help diagnose the problem.

    In general, log files should be clean up by the system periodically. On unix systems, the standard is to tar old log files and compress them. Mac OS X does the same for most log files (don't know about ipfw) if your mac is on 24/7.
     
  8. ksgant thread starter macrumors 6502a

    ksgant

    Joined:
    Jan 12, 2006
    Location:
    Chicago
    #8
    It happens only when I had used Azureus, and that's it. After Azureus has been shut down, the messages start...when Azureus starts up again (and no downloading/uploading is going on), the messages stop.

    These are other bittorrent clients hitting port 43030 (the port I opened for Azureus) looking to hook up again. After a few hours of no Azureus being up, it calms down. The messages in ipfw.log are:

    "Stealth Mode connection attempt to UDP 1xx.xxx.x.xxx:43030 from xx.xxx.x.xxx"

    (notice, the "X's" are put in by me to hide all the numbers as they're all different IP's anyway)
     

Share This Page