diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 88a4434a9..f2945a92f 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -92,25 +92,6 @@ function filter_rules_sort()
     }
 }
 
-function filter_pflog_start($verbose = false)
-{
-    if ($verbose) {
-        echo 'Starting PFLOG...';
-        flush();
-    }
-
-    killbypid('/var/run/filterlog.pid', 'TERM', true);
-
-    /* enable permanent promiscuous mode to avoid dmesg noise */
-    mwexec('/sbin/ifconfig pflog0 promisc');
-
-    mwexec('/usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid');
-
-    if ($verbose) {
-        echo "done.\n";
-    }
-}
-
 function filter_configure()
 {
     /*
@@ -282,12 +263,13 @@ function filter_configure_sync($verbose = false, $load_aliases = true)
             if (substr($ifcfg['if'], 0, 4) != 'ovpn' && !empty($ifcfg['gateway'])) {
                 foreach (array(500, null) as $dstport) {
                     $rule = array(
-                        "interface" => $intf,
-                        "dstport" => $dstport,
-                        "staticnatport" => !empty($dstport),
-                        "destination" => array("any" => true),
-                        "ipprotocol" => 'inet',
-                        "descr" => "Automatic outbound rule"
+                        'descr' => 'Automatic outbound rule',
+                        'destination' => array('any' => true),
+                        'dstport' => $dstport,
+                        'interface' => $intf,
+                        'ipprotocol' => 'inet',
+                        'log' => !empty($config['syslog']['logoutboundnat']),
+                        'staticnatport' => !empty($dstport),
                     );
                     foreach ($intfv4 as $network) {
                         $rule['source'] = array("network" => $network);
@@ -544,10 +526,20 @@ function filter_configure_sync($verbose = false, $load_aliases = true)
     }
 
     if ($verbose) {
-        echo "done.\n";
+        echo '.';
+        flush();
     }
 
-    filter_pflog_start($verbose);
+    /* enable permanent promiscuous mode to avoid dmesg noise */
+    mwexec('/sbin/ifconfig pflog0 promisc');
+
+    /* bring up new instance of filterlog to load new rules */
+    killbypid('/var/run/filterlog.pid', 'TERM', true);
+    mwexec('/usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid');
+
+    if ($verbose) {
+        echo "done.\n";
+    }
 
     unlock($filterlck);
 }
diff --git a/src/www/diag_logs_settings.php b/src/www/diag_logs_settings.php
index 9df516a08..866f8c1da 100644
--- a/src/www/diag_logs_settings.php
+++ b/src/www/diag_logs_settings.php
@@ -65,6 +65,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     $pconfig['logdefaultpass'] = empty($config['syslog']['nologdefaultpass']);
     $pconfig['logbogons'] = empty($config['syslog']['nologbogons']);
     $pconfig['logprivatenets'] = empty($config['syslog']['nologprivatenets']);
+    $pconfig['logoutboundnat'] = !empty($config['syslog']['logoutboundnat']);
     $pconfig['loglighttpd'] = empty($config['syslog']['nologlighttpd']);
     $pconfig['disablelocallogging'] = isset($config['syslog']['disablelocallogging']);
 } elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
@@ -110,10 +111,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             $oldnologbogons = isset($config['syslog']['nologbogons']);
             $oldnologprivatenets = isset($config['syslog']['nologprivatenets']);
             $oldnologlighttpd = isset($config['syslog']['nologlighttpd']);
+            $oldlogoutboundnat = isset($config['syslog']['logoutboundnat']);
             $config['syslog']['nologdefaultblock'] = empty($pconfig['logdefaultblock']);
             $config['syslog']['nologdefaultpass'] = empty($pconfig['logdefaultpass']);
             $config['syslog']['nologbogons'] = empty($pconfig['logbogons']);
             $config['syslog']['nologprivatenets'] = empty($pconfig['logprivatenets']);
+            $config['syslog']['logoutboundnat'] = !empty($pconfig['logoutboundnat']);
             $config['syslog']['nologlighttpd'] = empty($pconfig['loglighttpd']);
 
             write_config();
@@ -123,6 +126,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             if (($oldnologdefaultblock !== isset($config['syslog']['nologdefaultblock']))
               || ($oldnologdefaultpass !== isset($config['syslog']['nologdefaultpass']))
               || ($oldnologbogons !== isset($config['syslog']['nologbogons']))
+              || ($oldlogoutboundnat !== isset($config['syslog']['logoutboundnat']))
               || ($oldnologprivatenets !== isset($config['syslog']['nologprivatenets']))) {
               filter_configure();
             }
@@ -134,8 +138,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
                 configd_run('webgui restart 2', true);
                 $savemsg .= "<br />" . gettext("WebGUI process is restarting.");
             }
-
-            filter_pflog_start();
         }
     }
 }
@@ -261,6 +263,13 @@ $(document).ready(function() {
                       </div>
                     </td>
                   </tr>
+                  <tr>
+                    <td></td>
+                    <td>
+                      <input name="logoutboundnat" type="checkbox" id="logoutboundnat" value="yes" <?php if ($pconfig['logoutboundnat']) echo "checked=\"checked\""; ?> />
+                      <?= gettext('Log packets processed by automatic outbound NAT rules') ?>
+                    </td>
+                  </tr>
                   <tr>
                     <td></td>
                     <td>