Stop logging

I’ve never used the log file so it’s no use to me. I don’t see any way to stop writing it.
Nor do I see any human readable ini file.

If you absolutely must turn it off you can do so in “More”, “Settings”, “logging”.

However, that’s really a bad idea to disable logging; best practices from a security professional perspective is to regularly review logs of abherent behaviour. Of course that requires familiarity with normal behaviour.

It was the logs that alerted me to a recent UDP port scan attack.

It was the logs that alerted me to the fact that the ADSL modem is initiating UDP traffic to the system on port 137 which in turn generated an ICMP protocol type 3 code 3 message (Destination Unreachable - port unreachable) because NetBIOS over TCP/IP is disabled on my system.

Its not really a good idea to have logging disabled; it can be a powerful diagnostic tool for problems. If the logs are too voluminous one should look into what is being logged. As a matter of course normal traffic shouldn’t be logged, e.g., that which is defined as “accept” or “allow”. However, all my “ask” rules are configured to be logged. This is important to lookup for determining IP addresses and what network zone they should go in. For example: SVCHOST.exe doesn’t get blanket permissions to acess the net. But review of the log after alerts yields defite groups of IP addresses, rages and masks that continuously are updated as time goes on. After a while a sufficently large number of internet zones have been defined where normal system processing no longer results in alerts of any type.

Moreover the logs are circular in that when they gow larger than what is definted, the oldest entrries drop off the end.