Project: Have to know my openwrt access point a little better. I.e. gather logs from the access point and point these logs to a central location and somehow display and search the logs. Possible even an alert, when something bad is happening. On the backburner is adding other devices and adding some fancy displays.
What this is about: Export AP logs for successful logins to a txt file. Use the txt file to compare each following login from the same AP: Is new login on the list or not. So, 1) Find and export the relevant data 2) Create a Pipeline and test new logins against this data. I am no docker/Graylog expert. This is more like 'note-to-self" kind of thing. Please check with Docker or Graylog documentation.
Beginning to receive logs from pfSense/Suricata and noticed something was off. When trying to parse the JSON messages, very few messages would actually pass. Nothing wrong with Graylog JSON parser, but simply that pfSense syslog daemon will automatically truncate exported messages to 480 bytes max. 480 bytes is a fair bit, but not enough when outputting in JSON format from Suricata. So this is a bit marginal use case; exporting JSON formatted logs from Suricata in pfSense :)