PFlog
PF, by means of the /etc/pf.conf file, indicates which packets should be logged. pflogdhandles those logging requests.
Normally, the pflog file used is /var/log/pflog. It’s in tcpdump readable format. It is synced every minute with the pflog0 interface.
To view the pflog file:
tcpdump -n -e -ttt -r /var/log/pflog
To view packets being logged in realtime:
tcpdump -n -e -ttt pflog0
Tags: PFlog