Log To Syslog

You can log to syslog, local or remote

NOTE: potential for huge amounts of data

disable local pflog via rc.conf.local

pflogd_flags="-f /dev/null"

define log in syslog.conf

local2.info                 @loghost.example.com

start it all (or put in rc.local)

$ sudo nohup tcpdump -lnettti pflog0 | logger -t pf -p local2.info &

Note: may need absolute paths depending on environment