log [logamount number]
If the kernel was compiled with IPFIREWALL_VERBOSE, then when a
packet matches a rule with the log keyword a message will be
logged to syslogd(8) with a LOG_SECURITY facility. Note: by
default, they are appended to the /var/log/security file (see
syslog.conf(5)). If the kernel was compiled with the
IPFIREWALL_VERBOSE_LIMIT option, then by default logging will
cease after the number of packets specified by the option are
received for that particular chain entry, and
net.inet.ip.fw.verbose_limit will be set to that number. How-
ever, if logamount number is used, that number will be the log-
ging limit rather than net.inet.ip.fw.verbose_limit, where the
value ``0'' removes the logging limit. Logging may then be re-
enabled by clearing the logging counter or the packet counter for
that entry.