diff --git a/sslsplit.1 b/sslsplit.1
index d1b2f2b..4a5d951 100644
--- a/sslsplit.1
+++ b/sslsplit.1
@@ -116,6 +116,14 @@ returned by \fB-E\fP.
 List all supported NAT engines available on the system and exit.  See
 NAT ENGINES for a list of NAT engines currently supported by SSLsplit.
 .TP
+.B \-F \fIlogspec\fP
+Log connection content to separate log files with the given path specification
+(see LOG SPECIFICATIONS below).  For each connection, a log file will be
+written, which will contain both directions of data as transmitted.
+Information about the connection will be contained in the filename only.
+If \fB-F\fP is used with \fB-j\fP, \fIlogspec\fP is relative to \fIjaildir\fP.
+If \fB-F\fP is used with \fB-u\fP, \fIlogspec\fP must be writable by \fIuser\fP.
+.TP
 .B \-g \fIpemfile\fP
 Use Diffie-Hellman group parameters from \fIpemfile\fP for Ephemereal
 Diffie-Hellman (EDH/DHE) cipher suites.  If \fB-g\fP is not given, SSLsplit
@@ -147,8 +155,8 @@ Display help on usage and exit.
 .TP
 .B \-j \fIjaildir\fP
 Change the root directory to \fIjaildir\fP using chroot(2) after opening files.
-Note that this has implications for both \fB-S\fP and for \fBsni\fP
-\fIproxyspecs\fP.  The directory given with \fB-S\fP will be relative to
+Note that this has implications for \fB-F\fP, \fB-S\fP, and for \fBsni\fP
+\fIproxyspecs\fP.  The path given with \fB-S\fP or \fB-F\fP will be relative to
 \fIjaildir\fP since the log files cannot be opened before calling chroot(2).
 Depending on your operating system, you will need to copy files such as
 \fB/etc/resolv.conf\fP to \fIjaildir\fP in order for name resolution to work.
@@ -347,6 +355,39 @@ than the NAT rules redirecting the actual connections.
 Note that when using \fB-j\fP with \fBsni\fP, you may need to prepare
 \fIjaildir\fP to make name resolution work from within the chroot directory.
 .LP
+.SH "LOG SPECIFICATIONS"
+Log specifications are composed of zero or more printf-style directives;
+ordinary characters are included directly in the output path.
+SSLsplit current supports the following directives:
+.TP
+.I %d
+The destination address and port.
+.TP
+.I %s
+The source address and port.
+.TP
+.I %x
+The name of the local process. If process information is unavailable,
+this directive will be omitted from the output path.
+.TP
+.I %X
+The full path of the local process. If process information is unavailable,
+this directive will be omitted from the output path.
+.TP
+.I %u
+The username or numeric uid of the local process. If process information is unavailable,
+this directive will be omitted from the output path.
+.TP
+.I %g
+The group name or numeric gid of the local process. If process information is unavailable,
+this directive will be omitted from the output path.
+.TP
+.I %T
+The initial connection time as an ISO 8601 UTC timestamp.
+.TP
+.I %%
+A literal '%' character.
+.LP
 .SH "NAT ENGINES"
 SSLsplit currently supports the following NAT engines:
 .TP