Firewall Log

The only purpose of logging in current Vallum 4 version is debugging Vallum rulesets.
Future Vallum versions may include a more sophisticated log subsystem and analysys tools. This decision will be based on users feedbacks.

Flows that match a "log" rule generate a log entry for each matched flow. Logs are not saved to disk, their persistence is managed by macOS. Use Apple Console.app found in /Applications/Utility/Console.app to display Vallum logs.

Configure Console.app

Apple Console.app offers a convenient way to display Vallum logs. To simplify your debug procedures you should follow these steps in order to create a Console.app "saved search". This allows you to display Vallum log easily and quickly.

- Open Console.app
- locate the search field on the right-top of Console.app window
- type "flow" in the search field, hit Enter to create the search token
- click on the "ANY" token next to the "flow" token you just created to display the drop-down menu
- select "Category" from the drop-down menu

Click "Start Streaming" in the middle of Console.app window to start displaying Vallum logs.
Now, to create the new "saved search":

- click the "Save" button below the search field
- choose an appropriate name such as "Vallum Log" then click "Save"

The new saved search "Vallum Log" tag will appear in Console.app window, next to already existing saved searches.
Now every time you run Console.app you can click this "Vallum Log" tag to immediately apply the necessary filters to display Vallum Log in Apple Console.app

You can create as many saved searches as you need, simply add more search criteria to the search field and click "Save".
To remove a saved search from Console.app keep the COMMAND key pressed while dragging a saved search tag away from the window.

PLEASE NOTE

When Console.app is running, streaming logs using Console.app can be a resource-intensive task.
Use this feature only for debugging purposes.