Tell PF to log packets with the
log keyword in a rule.
pass out log on egress from lan:network to any
Without additional setup, however, those logs just go to the PF log device
pflog0. To successfully log PF messages, you must run the packet filter logger
pflogd(8). If you start PF at boot,
pflogd is automatically started with it. Otherwise, you must start it on the command line.
One thing to remember is that if you’re using stateful inspection, only the first packet that triggers a rule is logged. Other packets that are part of the same state are not logged. To log all packets in a stateful connection, give the
all modifier to the
log keyword, but beware because this can generate very large logs.
pass out log (all) on egress from ...