Mac OS X Sierra (10.12 and 10.13) Firewall Logs Empty / Not Showing?

Mac OS X Sierra (10.12 and 10.13) Firewall Logs Empty / Not Showing?

There is growing concern online about Mac OS X built-in firewall logs not showing up if you enabled the Mac OS X built-in firewall (System Preferences -> Security & Privacy -> Firewall). The Mac OS X firewall log is located in Utilities -> Console in /var/log/appfirewall.log.

 

You can confirm firewall logging is enabled on your Mac OS X system by running the following commands in Terminal sequentially.

 

Ensure Mac OS X Firewall Logging is Enabled:

/usr/libexec/ApplicationFirewall/socketfilterfw –getloggingmode

Check Mac OS X Firewall Current Logging Options:

/usr/libexec/ApplicationFirewall/socketfilterfw –getloggingopt

 

The above command showed our firewall logging is “throttled”. You can set Mac OS X firewall logging levels between throttled, brief, and detailed. Let’s change our logging level to detail per below.

 

Change Mac OS X Firewall Logging Option to Detailed:

sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingopt detail

 

Reboot your Mac. Check to see if the firewall log is capturing events. Utilities -> Console in /var/log/appfirewall.log.

 

As a further test, we installed Murus Lite to see if this application would pull another firewall log or help to force logging, but in the same case when we opened the firewall log from Murus, it opened the same firewall Console log blank.

 

There are several posts online covering this at the moment including MacRumors and Apple Discussions.

 

If you are currently experiencing this issue, please use the comment form below to let us know. This appears to be happening on Mac OS X 10.12 and 10.13 at this time.





Other useful Mac OS X firewall Terminal commands.

 

Stop Mac OS X Firewall:

/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off

Start Mac OS X Firewall:

/usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on

Delete Mac OS X Firewall Rule:

rm /Library/Preferences/com.apple.alf.plist

Add Application to Mac OS X Firewall:

/usr/libexec/ApplicationFirewall/socketfilterfw --add /Applications/MyApp.app/Contents/MacOS/myapp

 


* Please use the comment form below. Comments are moderated.*



Related Posts

 

Comments 3

Guest - Bob on Thursday, 30 July 2020 12:58

Because the options you see on the web page is a big dash that was replaced by some html translator. It is suppose to be 2 dashes for all options. Like this : --

Because the options you see on the web page is a big dash that was replaced by some html translator. It is suppose to be 2 dashes for all options. Like this : --
Guest - joanne on Saturday, 27 July 2019 10:25

Experiencing the same thing here. I am using Mojave 10.14.4.

Experiencing the same thing here. I am using Mojave 10.14.4.
Guest - Karen on Thursday, 26 July 2018 16:29

I have the same problem and I am running 10.13.6. I tried the terminal for getloggingmode and an Invalid argument reply. Same with the getloggingopt.

I have the same problem and I am running 10.13.6. I tried the terminal for getloggingmode and an Invalid argument reply. Same with the getloggingopt.
Wednesday, 25 December 2024