Read the rest of the hint to see how I accomplished this...
What I did is add a line to /etc/syslogd.conf which reads:
authpriv,remoteauth,ftp.none;kern.debug /var/log/Firewall.logThat will redirect any ipfw hits to output to Firewall.log. Note that you can name the file whatever you like; just make sure the filenames match in all entries. I then did:
% sudo touch /var/log/Firewall.logThat creates a blank logfile which syslogd will write its entries to. You will need to kill -HUP the syslogd process for this to take effect. Remember to add some firewall rules, with logging enabled, if you want to see anything appear.
Now download DesktopConsole, which is an old app, but allows you to view logfiles right on top of your Desktop! Tell DesktopConsole to read /var/log/Firewall.log and voila, you can see possible intruders, SSH logins, etc., in realtime! While you're working on your Mac, you can see right away if anyone is trying to access your computer's services or if you're being portscanned. Example of my logfile:
Jun 26 13:57:42 47ronin mach_kernel: ipfw: 52040 Deny UDP 17.254.0.27:123 68.8.39.46:123 in via en0Here is a portion of a screenshot showing what the hack and DesktopConsole can do for you. Notice the messages; they appear whenever someone triggers the firewall. Note: The logfile will grow in size over time, so you may need to delete it, and recreate it (using touch, see above). When you do so, you also need to restart syslogd for it to keep logging entries.
Jul 1 15:39:24 47ronin mach_kernel: ipfw: 2008 Accept TCP 66.192.2.55:51353 68.8.39.46:22 in via en0
Jul 1 23:50:08 47ronin mach_kernel: ipfw: 52040 Deny TCP 205.158.183.111:36964 68.8.39.46:21 in via en0
[Editor's note: With some work, you could probably create a cron task that rotates the logs automatically. Use the "daily" script in /etc as a starting point, as that's where the normal system logs are rotated.]

