Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Enable Firewall Logging? ipfw.log is huge

ksgant

ksgant

macrumors 6502a
Original poster
Jan 12, 2006
804
722
Chicago
Just wondering if anyone enables your firewall logging? I've noticed that I get HUGE ipfw.logs when this is enabled...usually after closing Azureus but not during it's use.

Do you just let this log build and build and build? Or do you even have it enabled? I have the OS X firewall enabled with everything turned off except for timeserver and my port for Azureus. The OS X firewall is more of a backup as I am also running through a hardware router/firewall.
 
Do you need the log files? Are you looking for something in particular? Otherwise, I would turn off logging.
 
I would point out that not logging partially defeats the purpose of a firewall.

A firewall isn't simply there to 'protect' you. It's also there to help you diagnose potential problem areas and attack vectors.
 
I agree completely! But it sounds like the files are too big to even diagnose. Sort of like trying to take a sip of water from a fire hose.
 
Well frankly, we don't know how the original poster defines HUGE.

I define huge (in terms of log files) in the hundreds of MBs to GBs. That's huge. To him/her, it could be tnes of MB.
 
yellow said:
Well frankly, we don't know how the original poster defines HUGE.

I define huge (in terms of log files) in the hundreds of MBs to GBs. That's huge. To him/her, it could be tnes of MB.
Click to expand...

In the 5 hours that I had it enabled, it grew to a size of nearly 10 megs. Granted, it may not always be that way, but it doesn't look good if I leave it running like this for a month before I run maintenance scripts.

So for now, I'm keeping it off. As I said before, the OS X firewall is mainly just a backup for my hardware firewall.
 
ksgant said:
In the 5 hours that I had it enabled, it grew to a size of nearly 10 megs. Granted, it may not always be that way, but it doesn't look good if I leave it running like this for a month before I run maintenance scripts.

So for now, I'm keeping it off. As I said before, the OS X firewall is mainly just a backup for my hardware firewall.
Click to expand...

Something might be wrong then...can you look at the log and see if there are any frequently recurring messages? Post the message here and maybe we can help diagnose the problem.

In general, log files should be clean up by the system periodically. On unix systems, the standard is to tar old log files and compress them. Mac OS X does the same for most log files (don't know about ipfw) if your mac is on 24/7.
 
It happens only when I had used Azureus, and that's it. After Azureus has been shut down, the messages start...when Azureus starts up again (and no downloading/uploading is going on), the messages stop.

These are other bittorrent clients hitting port 43030 (the port I opened for Azureus) looking to hook up again. After a few hours of no Azureus being up, it calms down. The messages in ipfw.log are:

"Stealth Mode connection attempt to UDP 1xx.xxx.x.xxx:43030 from xx.xxx.x.xxx"

(notice, the "X's" are put in by me to hide all the numbers as they're all different IP's anyway)
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back