Information
The socketfilter firewall is what is used when the firewall is turned on in the Security Preference Pane. In order to appropriately monitor what access is allowed and denied logging must be enabled. The logging level must be set to 'detailed' to be useful in monitoring connection attempts that the firewall detects. Throttled login is not sufficient for examine firewall connection attempts.
Rationale:
In order to troubleshoot the successes and failures of a firewall, logging should be enabled.
Impact:
Detailed logging may result in excessive storage.
Solution
Run the following command to enable logging of the firewall:
$ sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingmode on
Turning on log mode
$ sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setloggingopt detail
Setting detail log option
Additional Information:
More info http://krypted.com/tag/socketfilterfw/