There is growing concern online about Mac OS X built-in firewall logs not showing up if you enabled the Mac OS X built-in firewall (System Preferences -> Security & Privacy -> Firewall). The Mac OS X firewall log is located in Utilities -> Console in /var/log/appfirewall.log.
You can confirm firewall logging is enabled on your Mac OS X system by running the following commands in Terminal sequentially.
Ensure Mac OS X Firewall Logging is Enabled:
Check Mac OS X Firewall Current Logging Options:
The above command showed our firewall logging is “throttled”. You can set Mac OS X firewall logging levels between throttled, brief, and detailed. Let’s change our logging level to detail per below.
Change Mac OS X Firewall Logging Option to Detailed:
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingopt detail
Reboot your Mac. Check to see if the firewall log is capturing events. Utilities -> Console in /var/log/appfirewall.log.
As a further test, we installed Murus Lite to see if this application would pull another firewall log or help to force logging, but in the same case when we opened the firewall log from Murus, it opened the same firewall Console log blank.
There are several posts online covering this at the moment including MacRumors and Apple Discussions.
If you are currently experiencing this issue, please use the comment form below to let us know. This appears to be happening on Mac OS X 10.12 and 10.13 at this time.
Other useful Mac OS X firewall Terminal commands.
Stop Mac OS X Firewall:
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off
Start Mac OS X Firewall:
/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on
Delete Mac OS X Firewall Rule:
Add Application to Mac OS X Firewall:
/usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/MyApp.app/Contents/MacOS/myapp