cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
brinkn
Level 9
Report Inappropriate Content
Message 1 of 1

Enable Firewall Logs on EPM2.2

Hello everyone.

I am posting this here so that others who are working with the McAfee firewall may benefit from my experience.

Troubleshooting firewall blocks on a Mac is not a trivial task.  You can use adaptive move to help determine what rules you need, but the logging leaves something to be desired.  The first step is to enable logging for the Firewall product on Mac.

There is a McAfee KB that explains how to do this.

McAfee KnowledgeBase - How to enable Firewall debug logging for Endpoint Protection for Mac 2.x

Basically you want to change the debug level from ERROR to INFO(or DEBUG if necessary).   At the error log level, it does not appear that any firewall denies or allows are logged.

From a terminal window type the following:

     sudo sysctl kern.com_mcafee_firewall_log=4

This will dump all the mcafee firewall related logs to /var/log/system.log.  After a while I found this was less then desirable and made it difficult to troubleshoot firewall problems.   I realized the best thing to do is to segregate these into their own file so we can use log rotation, compression, etc.  To do this edit the ASL config file.  This file is located in /etc/asl.conf.  It is best to edit this from the terminal using nano or someone text editor.

Add the following 4 lines directly above the line that says  "# Rules for /var/log/system.log"

#McAfee firewall log rules

> mfefw.log mode=0640 format=bsd coalesce=0 rotate=seq compress file_max=5M all_max=50M

? [= Sender kernel] [A= Message MFE]  file mfefw.log

? [= Sender kernel] [A= Message MFE] ignore

<<<<SCREENSHOT ATTACHED>>>>>>>

This will send the firewall related logs to their own files in the /var/log directory and prevent them from being placed in the system.log.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community