Overview
Firewall Monitor
The firewall system on MacOS X keeps a 'traffic counter' for each service filter you install. These counters show the amount of traffic and number of matches each rule has had since you started your Mac or the counter was cleared.
Firewall Log
The firewall can also generate a system log entry that includes detailed information about the filter match, including the source and destination addresses and the exact time of the match. These can be turned on and off for any filter, once system-wide firewall logging has been enabled. By default Deny rules have logging enabled, and Allow rules have logging disabled.