PF Logs Not found

Murus
Post Reply
adamgoddard
Posts: 1
Joined: Sat Mar 24, 2018 11:47 pm

PF Logs Not found

Post by adamgoddard » Sat Mar 24, 2018 11:52 pm

Hi all,
Have a deployment with 20 Mac minis, running OSX 10.10.5 on most, 10.11.3 on others. After multiple attempts to install the boot scripts to enable logging, only a few hosts are working with Logs Visualiser, or simply opening logs from within Murus. Any ideas to get the logs working on all systems? Running Murus 1.4.16 and MurusLogsVisualiser 1.4.3 on all systems.
Thanks.

hany
Posts: 457
Joined: Wed Dec 10, 2014 5:20 pm

Re: PF Logs Not found

Post by hany » Wed Mar 28, 2018 3:04 pm

Hello Adam, that's strange as logging should work on both 10.10 and 10.11 with no issues. When you don't find any log file it's usually because pf does not match any "log" rule. Please review your Murus configuration and check if the "log" option is correctly set for managed services. If you still have problems then please contact us at info@murus.it , thanks.

pangolin
Posts: 1
Joined: Mon Apr 25, 2016 7:34 pm

Re: PF Logs Not found

Post by pangolin » Thu Apr 05, 2018 12:04 am

/private/var/log/pffirewall.log~, together with equally needful /private/var/log/mail.log~, has again been trashed by macOS 10.13.4 Update, as at least one previous macOS update similary did, due it seems both times to continuing growing pains of Apple's own still immature ASL replacement. Maybe "the team" will fix it this time too, as they considerately did in the previous instance—or maybe not. We can only hope their code-writing commitment isn't as dead as this forum seems to be! When's the funeral?
,,,^..^,,, pangolin

hany
Posts: 457
Joined: Wed Dec 10, 2014 5:20 pm

Re: PF Logs Not found

Post by hany » Thu Apr 05, 2018 1:58 pm

pangolin,
this forum isn't dead, don't worry :) And we are releasing new software almost every week.
We are aware that macOS 10.13.4 update may unexpectedly remove pf log files in some cases.
The update may also remove some necessary code lines from syslog configuration files (/etc/syslog.conf and /etc/newsyslog.conf), disabling pf log rotation. Restoring log rotation is easy, just reinstall Murus Boot Scripts from Murus "Firewall" -> "Boot Scripts" menu in macOS menu bar.
As you may guess, there is nothing that we can do to "fix" this, as this is a macOS issue, not a Murus issue. We don't find any related documentation about such macOS behavior, so we believe it's something Apple did by mistake. However we are still investigating the issue.
By the way, we are working at Murus 2 which will feature a totally different logging system, which hopefully will not be affected by this issue.

Post Reply