Firewall set to detailed logging but logs are empty

Originator:0xmachos
Number:rdar://47981615 Date Originated:February 11 2019
Status:Open Resolved:
Product:macOS + SDK Product Version:10.14
Classification:Bug Reproducible:Always
 
Summary:

Withe the application firewall turned on, logging enabled and set to detailed no firewall logs are produced. 

Steps to Reproduce:

$ sudo /usr/libexec/ApplicationFirewall/socketfilterfw  --getglobalstate
Firewall is enabled. (State = 1) 

$ sudo /usr/libexec/ApplicationFirewall/socketfilterfw  --getloggingmode
Log mode is on 

$ sudo /usr/libexec/ApplicationFirewall/socketfilterfw  --getloggingopt
Log Option is detail 

$ wc -l /var/log/appfirewall.log
       0 /var/log/appfirewall.log
$ wc -l /var/log/alf.log 
       0 /var/log/alf.log

Expected Results:

Either /var/log/appfirewall.log or /var/log/alf.log should contain firewall logs. 

Actual Results:

/var/log/appfirewall.log and /var/log/alf.log contain no logs. 

Version/Build:

      System Version: macOS 10.14.3 (18D109)
      Kernel Version: Darwin 18.2.0
      Boot Volume: ****
      Boot Mode: Normal
      Computer Name: ****
      User Name: ****
      Secure Virtual Memory: Enabled
      System Integrity Protection: Enabled
      Time since boot: 3 days ****

Configuration:

      Model Name: MacBook Pro
      Model Identifier: MacBookPro15,2
      Processor Name: Intel Core i7
      Processor Speed: 2.7 GHz
      Number of Processors: 1
      Total Number of Cores: 4
      L2 Cache (per Core): 256 KB
      L3 Cache: 8 MB
      Memory: 16 GB
      Boot ROM Version: 220.240.2.0.0 (iBridge: 16.16.3133.0.0,0)
      Serial Number (system): ****
      Hardware UUID: ****

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!