Well, after the last mail, you should see
- where syslogd starts
- what the -s option to syslogd does
- what files messages get sent to

Now, if you want to know if someone is trying to access your computer say on
port 2049, and wonder why as you aren't serving nfs, you might want to stick
something like

block in log on ifx from any to www.xxx.yyy.zzz port 2049

into /etc/ipf.conf, where eg. ifx=ne0, the name of the interface, and
www.xxx.yyy.zzz is your ipnumber. (All this is off the top of my head, so
not guaranteed!) If ipfilter=YES in /etc/rc.conf, it will be loaded
automatically at startup, else

ipf -Fa -f /etc/ipf.conf
ipf -E

should -Fa flush all rules -f load the rules in /etc/ipf.conf and -E start
filtering. (If you get an error with the ipf -E, it probably means that it is
was already on) ipfstat -io lists all currently active rules.

If you have ipmon=YES with ipmon_flags containing at least "s" in /etc/rc.conf,
any packets matching your ipf.conf rules will be logged via ipmon to syslog.
(or just type ipmon -s)  Then if you have say

local0.*                                /var/log/ipmon

in /etc/syslog.conf, you can read the logged packets in the file /var/log/ipmon.

Cheers,

Patrick