The problem is that pfSense is calling tcpdump with the -v option, which now includes a newline in the output, when formerly it did not (!!). You can probably see the same results by running tcpdump on your local machine with -v.
More info about this seemingly unwanted line break: http://seclists.org/tcpdump/2010/q1/16
There was some discussion of reverting this change, but that was two years ago 😕 The info provided by -v is nice, just not the line break... some pfSense folk are now simply filtering the line break before handing off to syslog, e.g. with sed.
Details on filtering the line break in pfSense: http://redmine.pfsense.org/issues/1938
Personally I think I'd rather patch tcpdump to get rid of the line break that wasn't there to begin with for -v mode, as Apple did. To see this simple change, search the following page for the string: gflag
http://opensource.apple.com/source/tcpdump/tcpdump-32/tcpdump/print-ip.c
Cheers,
-dre
... View more