Log To Syslog

you can log to syslog, local or remote

NOTE: potential for huge amounts of data

disable local pflog via rc.conf.local

pflogd_flags="-f /dev/null"

define log in syslog.conf

pflogd_flags="-f /dev/null"

start it all (or put in rc.local)

$ sudo nohup tcpdump -lnettti pflog0 | logger -t pf -p local2.info &