after some discussion with henning, document the various log options as

one section; some text was altered to make it read better;

ok henning

1 files changed, 34 insertions, 24 deletions

diff --git a/share/man/man5/pf.conf.5 b/share/man/man5/pf.conf.5
index d116ac2bde0..60692b3a3c2 100644
--- a/share/man/man5/pf.conf.5
+++ b/share/man/man5/pf.conf.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: pf.conf.5,v 1.544 2015/02/16 16:21:25 bentley Exp $
+.\"	$OpenBSD: pf.conf.5,v 1.545 2015/02/16 21:43:10 jmc Exp $
 .\"
 .\" Copyright (c) 2002, Daniel Hartmeier
 .\" Copyright (c) 2003 - 2013 Henning Brauer <henning@openbsd.org>
@@ -227,45 +227,55 @@ and
 apply to incoming and outgoing packets;
 if neither are specified,
 the rule will match packets in both directions.
-.It Ar log
-In addition to the action specified, a log message is generated.
+.It Ar log Pq Cm all | matches | to Ao Ar interface Ac | Cm user
+In addition to any action specified,
+log the packet.
 Only the packet that establishes the state is logged,
 unless the
 .Ar no state
 option is specified.
 The logged packets are sent to a
 .Xr pflog 4
-interface, by default
-.Ar pflog0 .
-This interface is monitored by the
+interface, by default pflog0;
+pflog0 is monitored by the
 .Xr pflogd 8
-logging daemon, which dumps the logged packets to the file
+logging daemon which logs to the file
 .Pa /var/log/pflog
 in
 .Xr pcap 3
 binary format.
-.It Ar log Pq Ar all
-Used to force logging of all packets for a connection.
+.Pp
+The keywords
+.Cm all , matches , to ,
+and
+.Cm user
+are all optional,
+and can be combined using commas.
+.Pp
+Use
+.Cm all
+to force logging of all packets for a connection.
 This is not necessary when
 .Ar no state
 is explicitly specified.
-As with
-.Ar log ,
-packets are logged to
-.Xr pflog 4 .
-.It Ar log Pq Ar matches
-Log this packet on all subsequent matching rules, using the log settings
-given here, in particular to the pflog interface specified here so that
-regular pflogs are not clobbered.
-.It Ar log Pq Ar user
-Logs the UID and PID of the
+.Pp
+If
+.Cm matches
+is specified,
+it logs the packet on all subsequent matching rules.
+It is often combined with
+.Cm to Aq Ar interface
+to avoid adding noise to the default log file.
+.Pp
+The keyword
+.Cm user
+logs the UID and PID of the
 socket on the local host used to send or receive a packet,
 in addition to the normal information.
-.It Ar log Pq Ar to Aq Ar interface
-Send logs to the specified
-.Xr pflog 4
-interface instead of
-.Ar pflog0 .
+.Pp
+To specify a logging interface other than pflog0,
+use the syntax
+.Cm to Aq Ar interface .
 .It Ar quick
 If a packet matches a rule which has the
 .Ar quick