Has anyone discovered whether the built-in firewall still logs? If so, please share how to read them!
Firewall logs
- Thread starter fivenotrump
- Start date
- Sort by reaction score
According to someone who writes a book about it, since i couldn't find more about it than this, haha.
https://books.google.nl/books?id=xE...nepage&q=macos sierra appfirewall.log&f=false
It seems Applications>utilities>console>firewall
https://books.google.nl/books?id=xE...nepage&q=macos sierra appfirewall.log&f=false
It seems Applications>utilities>console>firewall
There is no such tab or menu item in Console.app. There is an empty /var/log/appfirewall.log – this is where firewall events were logged pre-Sierra.
Comment
check logging is on (should be):
/usr/libexec/ApplicationFirewall/socketfilterfw --getloggingmode
check logging option:
/usr/libexec/ApplicationFirewall/socketfilterfw --getloggingopt
mine said 'throttled', so:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingopt detail
check logging config for subsystem:
sudo log config --status --subsystem com.apple.alf
likely says "Mode for 'com.apple.alf' INFO PERSIST_DEFAULT" so:
sudo log config --mode "persist:info" --subsystem com.apple.alf
now use log(1) like
log show --predicate 'subsystem == "com.apple.alf"' --info --last 1h
I do get some log entries when expected but they all have the same useful message "<private>"
/usr/libexec/ApplicationFirewall/socketfilterfw --getloggingmode
check logging option:
/usr/libexec/ApplicationFirewall/socketfilterfw --getloggingopt
mine said 'throttled', so:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingopt detail
check logging config for subsystem:
sudo log config --status --subsystem com.apple.alf
likely says "Mode for 'com.apple.alf' INFO PERSIST_DEFAULT" so:
sudo log config --mode "persist:info" --subsystem com.apple.alf
now use log(1) like
log show --predicate 'subsystem == "com.apple.alf"' --info --last 1h
I do get some log entries when expected but they all have the same useful message "<private>"
Comment
Has there been any further updates / progress on how to enable firewall logging in Sierra?
Comment
I wasn't aware of "open radar" before, thanks for the information!
Care to share the link for your radar ?
Last edited:
Comment
Sorry for the ambiguity: I have a radar open with Apple, not entered in to OpenRadar. It would be helpful if others with similar problems were to open radars with Apple as this lends weight when they are considering priorities.
Comment