pflog


pflogX interfaces

pcap format
compact
plenty of tools available
tcpdump in base: powerful filters for free

tcpdump -i pflogX for live debugging

pflogd to keep logs
still in pcap format
tcpdump -r /var/log/pflog