*** I wanted to share my experiences, especially since I'm basically an OSX n00b in case they may help anyone else. ***
I'm running OSX 10.11.5 on a ( MBP Retina, 15-inch, Mid 2014 ) if that matters at all.
I installed Murus Pro ( 1.4.2 ), Murus Logs Visualizer, and Murus Menulet.
For whatever reason the /var/log/pffirewall.log has NEVER been created.
PF seems to be running with no problems at all as I have checked via command line. ( sudo pfctl -sa ) - ( http://krypted.com/mac-security/a-cheat ... on-and-up/
I've read a zillion Google threads about Murus and PF, read ALL of the Murus documentation available to the very last page, purchased and started reading the No Starch Press book, "The Book of PF" to try and figure out why this log hasn't ever been created per the normal installation procedures for PF.
I tried various forum suggestions such as removing / replacing the Murus boot scripts, so I removed them, rebooted, reinstalled them, rebooted, but sigh, no /var/log/pffirewall.log file.
I checked the /etc/newsyslog.conf file and everything looks perfect, meaning my Murus ( 1.4.2 ) has been patched.
So - I just decided to manually create the file using the command " sudo touch pffirewall.log " after I cd /var/log and I finally have the file now.
After I created the file I carefully reviewed the permissions via the Murus forum comment on page 1 by hany, and the /var/log/pffirewall.log file permissions look perfect ( -rw-r--r--@ 1 root wheel 2542996 4 Gen 14:33 /var/log/pffirewall.log ) and the /etc/newsyslog.conf file entry for PF log rotation looks perfect ( via the parameters I entered via Murus.)
Grrrr - computers - we all love 'em and hate 'em depending on whether they're behaving at the moment.
I'll report back my results, but mostly I wanted to share my notes for the next poor guy who's killing himself because everything seems to be running perfectly - yet he's missing PF logs - and he's like any computer freak - and especially for something as important as a firewall - he wants everything setup and working as described in the manual - PF in this case.