User profile for user: KrishnaMohan
KrishnaMohan Author
User level: Level 1
145 points

Disabling Firewall logging

Snow Leopard is extremely fast & stable for me on my 3 Macs. One problem though - I was unable to find the option to disable firewall logging which was available in Leopard.

System Profiler says firewall logging: No. But in the same System Profiler, appfirewall.log file keeps growing (with Stealth Mode enabled).

Is there a way to disable firewall logging or is it a bug that will be addressed in the next update?

Thanks for any help.

Best - KrishnaMohan.

iMac 24 inch 3.06 GHz (Mac OS X 10.6), Mac OS X (10.6), iMac 24 inch 2.8 GHz (Mac OS X 10.6, MacBook Black 2.4 GHz Mac OS X (10.6)

Posted on Sep 10, 2009 6:27 AM

Reply
3 replies
User profile for user: lobitz
lobitz
User level: Level 1
35 points

Sep 18, 2009 1:51 AM in response to KrishnaMohan

I've found a way to disable logging while keeping stealth mode enabled. Unfortunately, it involves a little manual plist editing and converting from/to binary xml format. Here's what worked for me in a terminal session:
cd /Library/Preferences
sudo plutil -convert xml1 com.apple.alf.plist

Careful, that's a lower case 'L' and a number '1' above.
sudo nano com.apple.alf.plist

search (ctrl-W) for the key loggingenabled
change the integer value to 1
save the file (ctrl-O)
quit nano (ctrl-X)
sudo /usr/bin/plutil -convert binary1 com.apple.alf.plist

That should do it but to be safe you might want to log out and back in (or restart for overkill).

I don't know about others, but the volume of my denied connection attempts really taxed the appfirewall.log. Often there were several entries logged every second.
Reply
User profile for user: lobitz
lobitz
User level: Level 1
35 points

Sep 18, 2009 2:36 AM in response to KrishnaMohan

Another slightly related post prompted me to try an alternate approach to disabling firewall logging. I didn't try it at first thinking the permissions on the com.apple.alf.plist file would prevent it.

If you have access to the optional Developer install, the property list editor in /Developer/Utilities will easily allow you to change the loggingenabled key value on /Library/Preferences/com.apple.alf.plist.

I'm assuming one needs at least admin privileges.
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Disabling Firewall logging

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up